#!/bin/sh
#
# vm-data/worker.customize - customize disk image for jenkins worker node
#
# Copyright 2012-2013  Lars Wirzenius
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program.  If not, see <http://www.gnu.org/licenses/>.

set -eux

export LC_ALL=C

rootdir="$1"

# Configure dpkg to prefer the old version of a conffile, so upgrades
# (especially of sid) will work without prompting.
mkdir -p "$rootdir/etc/dpkg"
cat <<EOF >> "$rootdir/etc/dpkg/dpkg.cfg"
force-confold
EOF

# Install signing key for the code.liw.fi repository.
wget -q -O - http://code.liw.fi/apt.asc |
    chroot "$rootdir" apt-key add -

# Create a user for Jenkins, with home directory, but don't install Jenkins,
# since we don't need it on the worker.
chroot "$rootdir" adduser --gecos 'Jenkins' \
    --disabled-password --home=/var/lib/jenkins jenkins
chroot "$rootdir" install -d -o jenkins -g jenkins /var/lib/jenkins

# Install ssh host keys.
install -m 0600 vm-data/worker.host-key "$rootdir/etc/ssh/ssh_host_rsa_key"
install -m 0644 vm-data/worker.host-key.pub \
    "$rootdir/etc/ssh/ssh_host_rsa_key.pub"

# Install the worker's user key.
mkdir -m 0700 "$rootdir/var/lib/jenkins/.ssh"
install -m 0600 vm-data/worker.user-key \
    "$rootdir/var/lib/jenkins/.ssh/id_rsa"
install -m 0644 vm-data/worker.user-key.pub \
    "$rootdir/var/lib/jenkins/.ssh/id_rsa.pub"

# Install an authorized_keys files to allow jenkins on the master node,
# and on the worker itself, to log in with ssh.
cat vm-data/jenkins.user-key.pub vm-data/worker.user-key.pub \
    > "$rootdir/var/lib/jenkins/.ssh/authorized_keys"
chmod 0600 "$rootdir/var/lib/jenkins/.ssh/authorized_keys"

# Disable ssh host key checking.
echo "StrictHostKeyChecking no" >> "$rootdir/etc/ssh/ssh_config"

# Make sure the Jenkins .ssh directory, with contents, is all owned by Jenkins.
chroot "$rootdir" chown -R jenkins:jenkins /var/lib/jenkins/.ssh/.

# Add jenkins to sudoers.
cat <<EOF >> "$rootdir/etc/sudoers"
jenkins ALL=(ALL:ALL) NOPASSWD: ALL
EOF

# Append addresses to /etc/hosts.
cat vm-data/hosts >> "$rootdir/etc/hosts"

# Force loading of the fuse kernel module.
echo fuse >> "$rootdir/etc/modules"

# Add the jenkins user to the fuse group.
chroot "$rootdir" adduser jenkins fuse