#!/bin/sh

set -eu

addr="$1"

rsync_hrun_to_addr()
{
    local owner="$1"
    local from="$2"
    local to="$3"
    shift 3

    echo
    echo "$from --> $to"
    ssh -A -i $HOME/.ssh/liw-openpgp.pub \
        debian@"$addr" \
        sudo env 'SSH_AUTH_SOCK=$SSH_AUTH_SOCK' \
        rsync -e '"ssh -o StrictHostKeyChecking=no "' -xahHSsP --delete-before --numeric-ids \
        root@pieni.net:"$from" "$to" "$@"
    ssh -i $HOME/.ssh/liw-openpgp.pub debian@"$addr" sudo chown -R "$owner" "$to"
}

ssh -i $HOME/.ssh/liw-openpgp.pub debian@"$addr" sudo install -d -o root -g root -m 0755 /srv/hrun

rsync_hrun_to_addr git:git /home/git/repos/. /home/git/repos/. --exclude gitano-admin.git
rsync_hrun_to_addr liw:liw /home/liw/wedding.docstory.fi/. /srv/http/wedding.docstory.fi/.
rsync_hrun_to_addr liw:liw /home/liw/www.docstory.fi/. /srv/http/www.docstory.fi/.

ssh -i $HOME/.ssh/liw-openpgp.pub debian@"$addr" sudo install -d -o liw -g liw -m 0755 /home/liw/bin
rsync_hrun_to_addr liw:liw /home/liw/bin/. /home/liw/bin/.

rsync_hrun_to_addr liw:liw /home/liw/files.liw.fi/. /srv/http/files.liw.fi/.
rsync_hrun_to_addr liw:liw /home/liw/code.liw.fi/. /srv/http/code.liw.fi/.
rsync_hrun_to_addr distix:distix /home/distix/bugs-liw-fi-html/. /srv/http/bugs.liw.fi/.
rsync_hrun_to_addr distix:distix /home/distix/distix-html/. /srv/http/distix.obnam.org/.
rsync_hrun_to_addr liw:liw /home/liw/liw.iki.fi/. /srv/http/liw.iki.fi/.
rsync_hrun_to_addr liw:liw /home/liw/noir.liw.fi/. /srv/http/noir.liw.fi/.

rsync_hrun_to_addr liw:liw /home/liw/.procmailrc /home/liw/.procmailrc
rsync_hrun_to_addr liw:liw /home/liw/procmailrc /home/liw/procmailrc
rsync_hrun_to_addr liw:liw /home/liw/.crontab /home/liw/.crontab
rsync_hrun_to_addr liw:liw /home/liw/.bogofilter /home/liw/.bogofilter
rsync_hrun_to_addr liw:liw /home/liw/.irssi /home/liw/.irssi
rsync_hrun_to_addr liw:liw /home/liw/whitelist /home/liw/whitelist
rsync_hrun_to_addr liw:liw /home/liw/killfile /home/liw/killfile
rsync_hrun_to_addr yakking:yakking /home/yakking/bin /home/yakking/bin
rsync_hrun_to_addr yakking:yakking /home/yakking/fracking /home/yakking/fracking
rsync_hrun_to_addr yakking:yakking /home/yakking/publish-yakking /home/yakking/publish-yakkina
rsync_hrun_to_addr yakking:yakking /home/yakking/yakking /home/yakking/yakking
rsync_hrun_to_addr yakking:yakking /home/yakking/.ssh/id_rsa /home/yakking/.ssh/id_rsa
rsync_hrun_to_addr yakking:yakking /home/yakking/.ssh/id_rsa.pub /home/yakking/.ssh/id_rsa.pub
rsync_hrun_to_addr yakking:yakking /home/yakking/.ssh/known_hosts /home/yakking/.ssh/known_hosts

ssh -i $HOME/.ssh/liw-openpgp.pub debian@"$addr" sudo install -d -o root -g root -m 0755 /srv/hrun/etc
rsync_hrun_to_addr root:root /etc /srv/hrun/etc

rm -rf /home/liw/tmp/gitano-admin
GIT_SSH_COMMAND='ssh -o IdentitiesOnly=yes -i /home/liw/.ssh/gitano-admin-key' \
               git clone "ssh://git@$addr/gitano-admin" /home/liw/tmp/gitano-admin
(cd /home/liw/tmp/gitano-admin
 cat <<'EOF' >> rules/project.lace
define repo_is_public config/public exact yes
allow "Everyone can read a public repo" op_read repo_is_public

define user_is_repo_reader group exact ${config/readers}
allow "Readers may read" op_read user_is_repo_reader

define user_is_repo_writer group exact ${config/writers}
allow "Writers may read and write" op_is_basic user_is_repo_writer
allow "Writers may update any branch" op_is_normal user_is_repo_writer

define user_is_repo_guest group exact ${config/guests}
define branch_is_for_user ref prefix refs/heads/${user}/
define tag_is_for_user ref prefix refs/tags/${user}/
allow "Guests may read and write" op_is_basic user_is_repo_guest
allow "Guests may update their own branches" op_is_normal user_is_repo_guest branch_is_for_user
allow "Guests may update their own tags" op_is_normal user_is_repo_guest tag_is_for_user
EOF
git commit -am foo
 GIT_SSH_COMMAND='ssh -o IdentitiesOnly=yes -i /home/liw/.ssh/gitano-admin-key' \
                git push -u origin HEAD
)

gitano()
{
    ssh -o IdentitiesOnly=yes -i /home/liw/.ssh/gitano-admin-key \
        "git@$addr" "$@"
}

for repo in obnam bumper
do
    gitano create "$repo" || true
    gitano config "$repo" set public yes || true
done
gitano user add liw liw@liw.fi Lars Wirzenius || true
gitano as liw sshkey add openpgp < /home/liw/.ssh/liw-openpgp.pub  || true