#!/bin/sh

PREFIX=

. "$PREFIX/lib/libalpine.sh"

usage() {
	cat <<-__EOF__
		usage: setup-sshd [-h] [-c choice of SSH daemon] [-k authorized key]

		Setup sshd daemon

		options:
		 -h  Show this help
		 -c  Choice of SSH daemon: openssh dropbear none
		 -k  Authorized key for root (HTTP(S)/FTP URL, the public key itself or 'none')
	__EOF__
	exit 1
}

authorized_key="$SSH_KEY"
while getopts "hc:k:" opt; do
	case $opt in
		h) usage;;
		c) sshdchoice="$OPTARG";;
		k) authorized_key="$OPTARG";;
	esac
done

while ! isin "$sshdchoice" openssh dropbear none; do
	ask "Which SSH server? ('openssh', 'dropbear' or 'none')" openssh
	sshdchoice="$resp"
done

if [ "$sshdchoice" = "none" ]; then
	exit 0
fi

pkgs="$sshdchoice"
if [ "$sshdchoice" = "openssh" ] && apk info --quiet --installed acf-core; then
	pkgs="$pkgs acf-openssh"
fi

apk add --quiet $pkgs

svc=
case "$sshdchoice" in
	openssh) svc=sshd;;
	dropbear) svc=dropbear;;
esac

if [ -n "$svc" ]; then
	rc-update add $svc default
	rc-service $svc start
fi

if [ -n "$authorized_key" -a "$authorized_key" != "none" ]; then
	# if the argument is an HTTP(S)/FTP URL, try to fetch the file contents
	case "$authorized_key" in
		http*://*|ftp://)
			key_url="$authorized_key"
			authorized_key="$(wget -qO- "$key_url")" || die "Could not fetch key from '$key_url'"
			;;
	esac
	mkdir -p ${ROOT}/root/.ssh
	echo "$authorized_key" >> ${ROOT}/root/.ssh/authorized_keys
fi