#!/bin/sh -eux
set -o pipefail

pkg upgrade -yr FreeBSD
pkg install -Uyr FreeBSD devel/git@lite ftp/curl textproc/jq devel/py-awscli net/dual-dhclient

sysrc ifconfig_DEFAULT="SYNCDHCP accept_rtadv"
sysrc ipv6_activate_all_interfaces=YES
sysrc dhclient_program=/usr/local/sbin/dual-dhclient

curl -d ec2-up https://ntfy.sh/eurojails

# https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instancedata-data-retrieval.html
TOKEN=`curl -sXPUT http://169.254.169.254/latest/api/token -Hx-aws-ec2-metadata-token-ttl-seconds:600`
curl -Hx-aws-ec2-metadata-token:\ $TOKEN \
	http://169.254.169.254/latest/dynamic/instance-identity/document \
	-o /var/run/meta.json

sed -EI -e 's/#*PermitRootLogin.*/PermitRootLogin prohibit-password/' /etc/ssh/sshd_config
service sshd restart

export GIT_BRANCH=main
export GIT_REPO=https://git.sr.ht/~dch/diy-jails-tutorial
export GIT_RUNNER=deploy.sh

git clone --branch ${GIT_BRANCH} ${GIT_REPO} /var/run/diy
cd /var/run/diy
sh ./${GIT_RUNNER}