#!/bin/sh
#
# vm-data/jenkins.customize - customize disk image for jenkins master node
#
# Copyright 2012  Lars Wirzenius
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program.  If not, see <http://www.gnu.org/licenses/>.

set -eux

export LC_ALL=C

rootdir="$1"

# Create a policy-rc.d so that nothing starts during the install.
cat <<EOF > "$rootdir/usr/sbin/policy-rc.d"
#!/bin/sh
exit 101
EOF
chmod a+x "$rootdir/usr/sbin/policy-rc.d"

# Add the Jenkins apt repository to sources.list.
cat <<EOF >> "$rootdir/etc/apt/sources.list"
deb http://pkg.jenkins-ci.org/debian binary/
EOF

# Add extra signing keys into apt's keyring.
wget -q -O - http://pkg.jenkins-ci.org/debian/jenkins-ci.org.key |
    chroot "$rootdir" apt-key add -
wget -q -O - http://code.liw.fi/apt.asc |
    chroot "$rootdir" apt-key add -

# Update apt's package lists.
chroot "$rootdir" apt-get update

# Create a user for Jenkins, with home directory, and then install Jenkins.
# We mount /proc while doing this, because otherwise some packages fail
# to install correctly.
mount -t proc proc "$rootdir/proc"
chroot "$rootdir" adduser --gecos 'Jenkins' \
    --disabled-password --home=/var/lib/jenkins jenkins
chroot "$rootdir" install -d -o jenkins -g jenkins /var/lib/jenkins
chroot "$rootdir" apt-get install -y --no-remove jenkins
umount "$rootdir/proc"

# Install the Bazaar and Git plugins for Jenkins.
chroot "$rootdir" install -d -o jenkins -g jenkins "/var/lib/jenkins/plugins"
for plugin in bazaar git-client git depgraph-view
do
    wget --no-check-certificate \
        -O "$rootdir/var/lib/jenkins/plugins/$plugin.hpi" \
        "http://updates.jenkins-ci.org/latest/$plugin.hpi"
done

# Remove the policy-rc.d so that things do start when we boot into the system.
rm "$rootdir/usr/sbin/policy-rc.d"

# Install ssh host keys.
install -m 0600 vm-data/jenkins.host-key "$rootdir/etc/ssh/ssh_host_rsa_key"
install -m 0644 vm-data/jenkins.host-key.pub \
    "$rootdir/etc/ssh/ssh_host_rsa_key.pub"

# Install the Jenkins user ssh key.
mkdir -m 0700 "$rootdir/var/lib/jenkins/.ssh"
install -m 0600 vm-data/jenkins.user-key \
    "$rootdir/var/lib/jenkins/.ssh/id_rsa"
install -m 0644 vm-data/jenkins.user-key.pub \
    "$rootdir/var/lib/jenkins/.ssh/id_rsa.pub"

# Install the worker user key into Jenkins's allowed_keys file.
install -m 0600 vm-data/worker.user-key.pub \
    "$rootdir/var/lib/jenkins/.ssh/authorized_keys"

# Disable ssh host key checking.
echo "StrictHostKeyChecking no" >> "$rootdir/etc/ssh/ssh_config"

# Make sure the Jenkins .ssh directory, with contents, is all owned by Jenkins.
chroot "$rootdir" chown -R jenkins:jenkins /var/lib/jenkins/.ssh/.

# Create the web-accessible artifact repository for the CI system.
chroot "$rootdir" install -d -o jenkins -g jenkins /var/www/jenkins

# Append addresses to /etc/hosts.
cat vm-data/hosts >> "$rootdir/etc/hosts"