#!/bin/bash
#
# generate a new docker-compose.yml
#
# Copyright 2019 Luigi Santivetti <luigi.santivetti@gmail.com>

# Permission is hereby granted, free of charge, to any person obtaining a
# copy of this software and associated documentation files (the "Software"),
# to deal in the Software without restriction, including without limitation
# the rights to use, copy, modify, merge, publish, distribute, sublicense,
# and/or sell copies of the Software, and to permit persons to whom the
# Software is furnished to do so, subject to the following conditions:

# The above copyright notice and this permission notice (including the next
# paragraph) shall be included in all copies or substantial portions of the
# Software.

# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
# ITS SUPPLIERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
# IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

if [ "${_APACHE_HAS_MEDIA_}" -eq 1 ]; then
	declare -r compose_has_mount_media="\
      - ${_APACHE_HTML_PHOTOS_D_}:/var/www/html/photos
      - ${_APACHE_HTML_VIDEOS_D_}:/var/www/html/videos"
	declare -r compose_openssh_has_mount_media="\
      - ${_APACHE_HTML_PHOTOS_D_}:${_APACHE_HTML_PHOTOS_D_}
      - ${_APACHE_HTML_VIDEOS_D_}:${_APACHE_HTML_VIDEOS_D_}"
else
	declare -r compose_has_mount_media=""
	declare -r compose_openssh_has_mount_media=""
fi

if [ "${_GERRIT_HAS_HTTPS_}" -eq 1 ]; then
	declare -r compose_has_secure_store="\
      - ${_GERRIT_DKRC_KEYSTORE_F_}:${_GERRIT_KEYSTORE_}:ro
      - ${_GERRIT_DKRC_SSLIB_F_}:${_GERRIT_SSLIB_}"
else
	declare -r compose_has_secure_store=""
fi

declare -r docker_compose_t="\
version: '${_COMPOSE_API_VERSION_}'
networks:
  frontend:
    driver: bridge
    ipam:
      config:
        - subnet: ${_COMPOSE_SUBNET_FRONTEND_IP_}/${_COMPOSE_SUBNET_BIT_}
  backend:
    driver: bridge
    ipam:
      config:
        - subnet: ${_COMPOSE_SUBNET_BACKEND_IP_}/${_COMPOSE_SUBNET_BIT_}
services:
  ${_GERRIT_DKRC_SERVICE_}:
    image: ${_GERRIT_DKRC_IMAGE_}
    build:
      context: ${_GERRIT_DKRC_CONTEXT_}
      dockerfile: ${_GERRIT_DKRC_DOCKERFILE_}
    container_name: ${_GERRIT_DKRC_CONTAINER_}
    expose:
      - \"${_GERRIT_PROXY_PORT_}\"
      - \"${_GERRIT_SSH_PORT_}\"
    ports:
      - \"${_COMPOSE_HOST_SSH_PORT_}:${_GERRIT_SSH_PORT_}\"
    volumes:
      - ${_GERRIT_DKRC_ROOTFS_}/index:/var/gerrit/index
      - ${_GERRIT_DKRC_ROOTFS_}/cache:/var/gerrit/cache
      - ${_GERRIT_DKRC_ROOTFS_}/git:/var/gerrit/git
      - ${_GERRIT_DKRC_HOOKS_D_}:${_GERRIT_HOOKS_CON_D_}
      - ${_GERRIT_DKRC_ETC_D_}:/var/gerrit/etc
      - ${_GERRIT_LOGS_D_}:/var/gerrit/logs
${compose_has_secure_store}
    environment:
      - CANONICAL_WEB_URL=${_GERRIT_CANON_URL_}
      - LISTEN_URL=${_GERRIT_LISTEN_URL_}
      - HOOKS_REMOTE_ALIAS=${_GERRIT_HOOKS_REMOTE_NAME_}
      - HOOKS_REMOTE_RSAID=${_GERRIT_SSH_RSA_ID_F_}
      - HOOKS_REMOTE_HOST=${_OPENSSH_IP_}
      - HOOKS_REMOTE_PATH=${_OPENSSH_MIRROR_CON_D_}
      - HOOKS_REMOTE_PORT=${_OPENSSH_PORT_}
      - HOOKS_REMOTE_USER=${_OPENSSH_GIT_USER_}
      - HOOKS_GERRIT_HOST=${host_name}
      - HOOKS_GERRIT_PORT=${_GERRIT_SSH_PORT_}
      - HOOKS_DEPLOY_EXEC=${_OPENSSH_TOD_EXEC_}
      - HOOKS_LOG_DIR=${_GERRIT_HOOKS_LOG_CON_D_}
    depends_on:
      - ${_APACHE_DKRC_SERVICE_}
    networks:
      frontend:
        ipv4_address: ${_GERRIT_DKRC_FRONTEND_IP_}
    entrypoint: /bin/bash -c \"/${_GERRIT_DKRC_ENTRYPOINT_} \${GERRIT_ENTRYPOINT_ARGS}\"
  ${_APACHE_DKRC_SERVICE_}:
    environment:
      - HOST_PEPPER=\${_PASSWD_APACHE_HASH_HMAC_PEPPER_}
      - MYSQL_PASSWORD=\${_PASSWD_MYSQL_DB_PASSWORD_}
      - MYSQL_USER=\${_PASSWD_MYSQL_DB_USERNAME_}
    env_file:
      - ${_COMPOSE_ENVIRONMENT_}
    image: ${_APACHE_DKRC_IMAGE_}
    build:
      context: ${_APACHE_DKRC_CONTEXT_}
      dockerfile: ${_APACHE_DKRC_DOCKERFILE_}
    container_name: ${_APACHE_DKRC_CONTAINER_}
    ports:
      - \"${_COMPOSE_HOST_HTTP_PORT_}:${_APACHE_HTTP_PORT_}\"
      - \"${_COMPOSE_HOST_HTTPS_PORT_}:${_APACHE_HTTPS_PORT_}\"
    volumes:
      - ${_APACHE_DKRC_PORTS_F_}:/etc/apache2/ports.conf:ro
      - ${_APACHE_DKRC_CONF_F_}:/etc/apache2/apache2.conf:ro
      - ${_APACHE_DKRC_AVAILABLE_D_}:/etc/apache2/sites-available:ro
      - ${_APACHE_DKRC_ENABLED_D_}:/etc/apache2/sites-enabled:ro
      - ${_MYSQL_ROOTFS_SSL_D_}:${_APACHE_CON_SSL_MYSQL_D_}:ro
      - ${_APACHE_DKRC_CERT_L_}:${_APACHE_CON_SSL_D_}:ro
      - ${_APACHE_EXT_AUTH_F_}:${_APACHE_CON_EXT_AUTH_F_}:ro
      - ${_APACHE_DKRC_LOG_D_}:/var/log/apache2
      - ${_APACHE_DKRC_WWW_D_}:/var/www
${compose_has_mount_media}
    depends_on:
      - ${_MYSQL_DKRC_SERVICE_}
    networks:
      frontend:
        ipv4_address: ${_APACHE_DKRC_FRONTEND_IP_}
      backend:
        ipv4_address: ${_APACHE_DKRC_BACKEND_IP_}
  ${_MYSQL_DKRC_SERVICE_}:
    environment:
      - MYSQL_ROOT_PASSWORD=\${_PASSWD_MYSQL_DB_PASSWORD_ROOT_}
      - MYSQL_PASSWORD=\${_PASSWD_MYSQL_DB_PASSWORD_}
      - MYSQL_USER=\${_PASSWD_MYSQL_DB_USERNAME_}
    env_file:
      - ${_COMPOSE_ENVIRONMENT_}
    image: ${_MYSQL_DKRC_IMAGE_}
    build:
      context: ${_MYSQL_DKRC_CONTEXT_}
      dockerfile: ${_MYSQL_DKRC_DOCKERFILE_}
    container_name: ${_MYSQL_DKRC_CONTAINER_}
    restart: always
    networks:
      backend:
        ipv4_address: ${_MYSQL_DKRC_BACKEND_IP_}
    expose:
      - \"${_MYSQL_DB_PORT_}\"
    volumes:
      - ${_MYSQL_ROOTFS_SSL_D_}:${_MYSQL_CON_SSL_D_}
      - ${_MYSQL_INITDB_F_}:/docker-entrypoint-initdb.d/initdb.sql
      - ${_MYSQL_MYCONF_F_}:/etc/mysql/my.cnf:ro
      - ${_MYSQL_MYSQL_D_}:/var/lib/mysql
      - ${_MYSQL_LOG_D_}:${_MYSQL_CON_LOG_D_}
  ${_OPENSSH_DKRC_SERVICE_}:
    environment:
      - PUID=${_OPENSSH_GIT_UID_}
      - PGID=${_OPENSSH_GIT_GID_}
      - TZ=Europe/London
      - SUDO_ACCESS=true
      - PASSWORD_ACCESS=false
      - USER_NAME=${_OPENSSH_GIT_USER_}
      - PUBLIC_KEY_FILE=${_OPENSSH_CLIENT_PUBKEY_}
    image: ${_OPENSSH_DKRC_IMAGE_}
    build:
      context: ${_OPENSSH_DKRC_CONTEXT_}
      dockerfile: ${_OPENSSH_DKRC_DOCKERFILE_}
    container_name: ${_OPENSSH_DKRC_CONTAINER_}
    restart: unless-stopped
    networks:
      frontend:
        ipv4_address: ${_OPENSSH_IP_}
    expose:
      - ${_OPENSSH_PORT_}
    volumes:
      - ${_GERRIT_HOST_RSA_ID_F_}.pub:${_OPENSSH_CLIENT_PUBKEY_}
      - ${_OPENSSH_MIRROR_D_}:${_OPENSSH_MIRROR_CON_D_}
      - ${_OPENSSH_TOD_D_}:${_OPENSSH_TOD_CON_D_}
      - ${_OPENSSH_LOG_D_}:/config/logs
      - ${_APACHE_DKRC_WWW_D_}:/rootfs/var/www
      - ${_GERRIT_DKRC_HOOKS_D_}:/rootfs/hooks
      - ${_GERRIT_DKRC_ETC_D_}:/rootfs/etc
${compose_openssh_has_mount_media}
  ${_LOGROTATE_DKRC_SERVICE_}:
    environment:
      - LOGROTATE_CRON=${_LOGROTATE_CRON_}
      - LOGROTATE_CROND_LEVEL=${_LOGROTATE_CROND_LEVEL_}
    image: ${_LOGROTATE_DKRC_IMAGE_}
    build:
      context: ${_LOGROTATE_DKRC_CONTEXT_}
      dockerfile: ${_LOGROTATE_DKRC_DOCKERFILE_}
    container_name: ${_LOGROTATE_DKRC_CONTAINER_}
    volumes:
      - ${_LOGROTATE_LOG_D_}:${_LOGROTATE_LOG_CON_D_}
      - ${_LOGROTATE_CONF_F_}:${_LOGROTATE_CONF_CON_F_}:ro"

declare -r environment_t="\
MYSQL_DATABASE=${_MYSQL_DB_NAME_}
MYSQL_HOSTNAME=${_MYSQL_DKRC_BACKEND_IP_}
MYSQL_SSL_CAPATH=${_APACHE_CON_SSL_MYSQL_D_}
MYSQL_SSL_CERT=${_APACHE_CON_SSL_MYSQL_CERT_F_}
MYSQL_SSL_KEY=${_APACHE_CON_SSL_MYSQL_KEY_F_}
MYSQL_SSL_CA=${_APACHE_CON_SSL_MYSQL_CA_F_}
HOST_NAME=${_APACHE_SERVER_NAME_}"

declare -r compose_cli_bang_t="\
#!/bin/bash

if (return 0 2>/dev/null); then
	echo \"You must run this script\" >&2
	return 1
fi

function __help
{
	cat <<EOF; exit 0
`printf \"\\033[1m%s\\033[0m\\n\" \"NAME\"`

  \${BASH_SOURCE[0]//.\//} - docker-compose CLI for ${host_name}

`printf \"\\033[1m%s\\033[0m\\n\" \"USAGE\"`

  \$ \${BASH_SOURCE[0]} [ OPTION ] [ ARGS ... ]

`printf \"\\033[1m%s\\033[0m\\n\" \"ENVIRONMENT\"`

  PASSWD_F                    path to file containing runtime credentials

`printf \"\\033[1m%s\\033[0m\\n\" \"OPTION\"`

      --start [init]          start instance. If \\\`init\\\` is passed,
                              then do entrypoint.sh initialization steps
                              and run in the foreground not as a daemon
      --stop                  stop instance
  -pc|--prune-containers      delete all services container
  -pn|--prune-networks        delete all services network
  -ps|--prune-system          delete all images, containers, cache,
                              networks and volumes
  -bs|--build-services        build all services and networks
   -h|--help                  show this help

`printf \"\\033[1m%s\\033[0m\\n\" \"END\"`
EOF
}

function source_passwd_file
{
	if [ ! -f \"\${PASSWD_F}\" ]; then
		echo \"error: PASSWD file not found\" >&2
		exit 1
	fi

	if ! source \"\${PASSWD_F}\"; then
		echo \"error: PASSWD file not sourced\" >&2
		exit 1
	fi
}

function __dkrc_start
{
	local -i error

	source_passwd_file
	pushd \"${instance_d}\" >/dev/null || exit 1

	if sudo systemctl is-active --quiet service apache2.service; then
		echo \"warning: shutting down apache2.service\" >&2
		sudo systemctl stop apache2.service
	fi

	case \"\$1\" in
		init )
			GERRIT_ENTRYPOINT_ARGS=init \\
				_PASSWD_APACHE_HASH_HMAC_PEPPER_=\${_PASSWD_APACHE_HASH_HMAC_PEPPER_} \\
				_PASSWD_MYSQL_DB_USERNAME_=\${_PASSWD_MYSQL_DB_USERNAME_} \\
				_PASSWD_MYSQL_DB_PASSWORD_=\${_PASSWD_MYSQL_DB_PASSWORD_} \\
				_PASSWD_MYSQL_DB_PASSWORD_ROOT_=\${_PASSWD_MYSQL_DB_PASSWORD_ROOT_} \\
				sudo -E docker-compose up ;;
		*     )
			[ -z \"\$1\" ] || echo \"warning: input ignored: \$1\" >&2

			_PASSWD_APACHE_HASH_HMAC_PEPPER_=\${_PASSWD_APACHE_HASH_HMAC_PEPPER_} \\
				_PASSWD_MYSQL_DB_USERNAME_=\${_PASSWD_MYSQL_DB_USERNAME_} \\
				_PASSWD_MYSQL_DB_PASSWORD_=\${_PASSWD_MYSQL_DB_PASSWORD_} \\
				_PASSWD_MYSQL_DB_PASSWORD_ROOT_=\${_PASSWD_MYSQL_DB_PASSWORD_ROOT_} \\
				sudo -E docker-compose up -d ;;
	esac

	error=\"\$?\"
	popd >/dev/null

	return \$error
}

function __dkrc_stop
{
	sudo docker stop \$(sudo docker ps -a -q)
}

function __dkrc_prune_containers
{
	sudo docker rm \$(sudo docker ps -a -q)
}

function __dkrc_prune_networks
{
	sudo docker network prune -f
}

function __dkrc_prune_system
{
	sudo docker system prune --all
}

function __dkrc_build_services
{
	local -i error

	source_passwd_file
	pushd \"${instance_d}\" >/dev/null || exit 1

	_PASSWD_APACHE_HASH_HMAC_PEPPER_=\${_PASSWD_APACHE_HASH_HMAC_PEPPER_} \\
		_PASSWD_MYSQL_DB_USERNAME_=\${_PASSWD_MYSQL_DB_USERNAME_} \\
		_PASSWD_MYSQL_DB_PASSWORD_=\${_PASSWD_MYSQL_DB_PASSWORD_} \\
		_PASSWD_MYSQL_DB_PASSWORD_ROOT_=\${_PASSWD_MYSQL_DB_PASSWORD_ROOT_} \\
		sudo -E docker-compose build --force-rm --no-cache \$@
	error=\"\$?\"
	popd >/dev/null

	return \$error
}

case \"\$1\" in
      --start            ) __dkrc_start \"\$2\"              ;;
      --stop             ) __dkrc_stop                    ;;
  -pc|--prune-containers ) __dkrc_prune_containers        ;;
  -pn|--prune-networks   ) __dkrc_prune_networks          ;;
  -ps|--prune-system     ) __dkrc_prune_system            ;;
  -bs|--build-services   ) __dkrc_build_services \"\${@:2}\" ;;
   -h|--help             ) __help                         ;;
esac"