#!/usr/bin/env bash

URL="download.docker.com"
# Install docker
set -x 
#echo '#bash -c "apt-key adv --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys 58118E89F3A912897C070ADBF76221572C52609D"' >  /etc/apt/sources.list.d/docker.list
#echo "deb http://apt.dockerproject.org/repo debian-stretch main" >> /etc/apt/sources.list.d/docker.list 

echo '#bash -c "curl -fsSL https://${URL}/linux/debian/gpg | apt-key add -"' >  /etc/apt/sources.list-available/docker.list
echo "deb [arch=amd64] https://${URL}/linux/debian buster stable" >> /etc/apt/sources.list-available/docker.list

ln -sf /etc/apt/sources.list-available/docker.list /etc/apt/sources.list.d/docker.list

#bash -c "apt-key adv --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys 58118E89F3A912897C070ADBF76221572C52609D"
bash -c "curl -fsSL https://${URL}/linux/debian/gpg | apt-key add -"

# Bypass apt-proxy for brave packages
if [ -d /etc/apt/apt.conf.d/02proxy ]; then
	if [ ! -z $(grep ${URL}) ]; then
		echo "Acquire::http::Proxy { \"${URL}\" DIRECT; };" >> /etc/apt/apt.conf.d/02proxy
	fi
else
		echo "Acquire::http::Proxy { \"${URL}\" DIRECT; };" >> /etc/apt/apt.conf.d/02proxy
fi

apt-get update
apt-get -y install --force-yes jq
apt-get remove docker docker-engine docker.io containerd runc
apt-get install -y \
    apt-transport-https \
    ca-certificates \
    curl \
    gnupg2 \
    software-properties-common
apt-get install -y docker-ce docker-ce-cli containerd.io
#apt-get install -y --force-yes docker-engine=1.9.1-0~jessie

#mkdir -p /var/lib/docker
#umount /dev/mapper/vg_prime-varLibDockerLV 
#mount /dev/mapper/vg_prime-varLibDockerLV /var/lib/docker

bash -c 'perl -p -i -e "s/#DOCKER_OPTS=\"\"/DOCKER_OPTS=\"--restart=true\"/g"  /etc/default/docker'
bash -c 'sed -i "s|DOCKER_OPTS=\"\(.*\)\"|DOCKER_OPTS=\"\1 --storage-driver=zfs\"|" /etc/default/docker'
bash -c 'sed -i "s|DOCKER_OPTS=\"\(.*\)\"|DOCKER_OPTS=\"\1 --dns 52.174.55.168 --dns 188.165.200.156\"|" /etc/default/docker'
bash -c 'sed -i "s|DOCKER_OPTS=\"\(.*\)\"|DOCKER_OPTS=\"\1 zfs.fsname=rpool/docker\"|" /etc/default/docker'

# i2p container requires ipv6 
bash -c 'sed -i "s|DOCKER_OPTS=\"\(.*\)\"|DOCKER_OPTS=\"\1 --ipv6\"|" /etc/default/docker'

# The above can also be passed in /etc/docker/daemon.json
# For other options:
# https://github.com/moby/moby/pull/23657/files?short_path=ca4f406
# https://gist.github.com/lvdh/1f2d50ad49274413d3e501b71a59e819
mkdir -p /etc/docker
if [ ! -f /etc/docker/daemon.json ]
then
	touch /etc/docker/daemon.json
	echo "{}" > /etc/docker/daemon.json
else
	echo "/etc/docker/daemon.json exists."
fi

# https://docs.docker.com/engine/security/https/
# FIXME: Should be on the same dataset as the docker rpool (/var/lib/docker)
TLS_HOME=/var/docker

#DOCKER_OPT[0]='.["dns"] = ["52.174.55.168","188.165.200.156"]'
#DOCKER_OPT[1]='.["live-restore"] = true'
#DOCKER_OPT[2]='.["storage-driver"] = "zfs"'
#DOCKER_OPT[3]='.["storage-opts"] = ["zfs.fsname=rpool/docker"]'
#DOCKER_OPT[4]='.["insecure-registries"] = ["soleine.lan:5000"]'
#DOCKER_OPT[5]='.["hosts"] = ["fd://","unix:///var/run/docker.sock","tcp://0.0.0.0:2376"]'

#DOCKER_OPT[6]='.["dns-opts"] = []'
#DOCKER_OPT[7]='.["dns-search"] = []'
#DOCKER_OPT[8]='.["userland-proxy"] = false'
#DOCKER_OPT[9]='.["userns-remap"] = ""'
#DOCKER_OPT[10]='.["api-cors-header"] = ""'
#DOCKER_OPT[11]='.["authorization-plugins" = []'
#DOCKER_OPT[12]='.["bip"] = ""'
#DOCKER_OPT[13]='.["bridge"] = ""'
#DOCKER_OPT[14]='.["cgroup-parent"] = ""'
#DOCKER_OPT[15]='.["cluster-store"] = ""'
#DOCKER_OPT[16]='.["cluster-store-opts"] = {}'
#DOCKER_OPT[17]='.["cluster-advertise"] = ""'
#DOCKER_OPT[18]='.["debug"] = true'
#DOCKER_OPT[19]='.["default-gateway"] = ""'
#DOCKER_OPT[20]='.["default-gateway-v6"] = ""'
#DOCKER_OPT[21]='.["default-runtime"] = "runc"'
#DOCKER_OPT[22]='.["disable-legacy-registry"] = false'
#DOCKER_OPT[23]='.["exec-opts"] = []'
#DOCKER_OPT[24]='.["exec-root"] = ""'
#DOCKER_OPT[25]='.["fixed-cidr"] = ""'
#DOCKER_OPT[26]='.["fixed-cidr-v6"] = ""'
#DOCKER_OPT[27]='.["graph"] = ""'
#DOCKER_OPT[28]='.["group"] = ""'
#DOCKER_OPT[29]='.["hosts"] = ["tcp://192.168.59.3:2376"]'
#DOCKER_OPT[30]='.["icc"] = true'
#DOCKER_OPT[31]='.["ip"] = "0.0.0.0"'
#DOCKER_OPT[32]='.["iptables"] = true'
#DOCKER_OPT[33]='.["ipv6"] = false'
#DOCKER_OPT[34]='.["ip-forward"] = false'
#DOCKER_OPT[35]='.["ip-masq"] = false'
#DOCKER_OPT[36]='.["labels"] = []'
#DOCKER_OPT[37]='.["log-driver"] = ""'
#DOCKER_OPT[38]='.["log-level"] = ""'
#DOCKER_OPT[39]='.["log-opts"] = {}'
#DOCKER_OPT[40]='.["max-concurrent-downloads"] = 3'
#DOCKER_OPT[41]='.["max-concurrent-uploads"] = 5'
#DOCKER_OPT[42]='.["mtu"] = 0'
#DOCKER_OPT[43]='.["oom-score-adjust"] = -500'
#DOCKER_OPT[44]='.["pidfile"] = ""'
#DOCKER_OPT[45]='.["raw-logs"] = false'
#DOCKER_OPT[46]='.["registry-mirrors"] = []'
#DOCKER_OPT[47]='.["runtimes"] = {}'
#DOCKER_OPT[48]='.["selinux-enabled"] = false'
#DOCKER_OPT[49]='.["swarm-default-advertise-addr"] = ""'
#DOCKER_OPT[50]='.["debug"] = true'
#DOCKER_OPT[51]='.["tls"] = true'
#DOCKER_OPT[52]='.["tlscacert"] = "/etc/docker/tls/ca.pem"'
#DOCKER_OPT[53]='.["tlscert"] = "/etc/docker/tls/server.pem"'
#DOCKER_OPT[54]='.["tlskey"] = "/etc/docker/tls/serverkey.pem"'
#DOCKER_OPT[55]='.["tlsverify"] = true'
#DOCKER_OPT[56]='.["shutdown-timeout"] = 15'

mkdir -p ${TLS_HOME}
## Change the subj line to reflect you details for key generation and uncomment above to turn tls on.
#openssl req -newkey rsa:2048 -new -nodes -x509 -days 3650 \
#	-subj "/C=US/ST=Denial/L=Springfield/O=Dis/CN=www.example.com" \
#	-keyout ${TLS_HOME}/serverkey.pem \
#	-out ${TLS_HOME}/server.pem


#for ((i = 0; i < ${#DOCKER_OPT[@]}; ++i)); do
#	OPTION="${DOCKER_OPT[$i]}"
#	jq "${OPTION}" /etc/docker/daemon.json > /tmp/daemon.json.new && \
#		mv -b /tmp/daemon.json.new /etc/docker/daemon.json
#done

# General options
## Adding a personal registry.
#DOCKER_OPT[0]='.["insecure-registries"] = ["mydocker-registry.net:5000"]'
## Allow live restore, keep containers alive when the daemon becomes unavailable.
## Not compatible with swarm mode.
#DOCKER_OPT[1]='.["live-restore"] = ["true"]'
## Debugging on
#DOCKER_OPT[2]='.["debug"] = ["true"]'
## IPv6 for i2p container
#DOCKER_OPT[3]='.["ipv6"] = ["true"]'
## Logging options
#DOCKER_OPT[4]='.["log-driver"] = ["syslog"]'
##DOCKER_OPT[4]='.["log-opts"] = ["syslog-address","udp://1.2.3.4:1111"]'
#
#for ((i = 0; i < ${#DOCKER_OPT[@]}; ++i)); do
#	OPTION="${DOCKER_OPT[$i]}"
#	jq "${OPTION}" /etc/docker/daemon.json > /tmp/daemon.json.new && \
#		mv -b /tmp/daemon.json.new /etc/docker/daemon.json
#done

# Add tls - we keep the keys on the docker zfs dataset not /etc/docker/tls
#DOCKER_OPT[0]='.["tls"] = ["true"]'
#DOCKER_OPT[1]='.["tlscacert"] = ["/var/lib/docker/ca.pem"]'
#DOCKER_OPT[2]='.["tlscert"] = ["/var/lib/docker/server.pem"]'
#DOCKER_OPT[3]='.["tlskey"] = ["/var/lib/docker/serverkey.pem"]'
#DOCKER_OPT[4]='.["tlsverify"] = ["true"]'
#DOCKER_OPT[5]='.["hosts"] = ["tcp://192.168.59.3:2376"]' 

#for ((i = 0; i < ${#DOCKER_OPT[@]}; ++i)); do
#	OPTION="${DOCKER_OPT[$i]}"
#	jq "${OPTION}" /etc/docker/daemon.json > /tmp/daemon.json.new && \
#		mv -b /tmp/daemon.json.new /etc/docker/daemon.json
#done

## Something similar to set up a swarm
#DOCKER_OPT[0]='.["cluster-advertise"] = "192.168.1.116:12376"'
#DOCKER_OPT[1]='.["cluster-store"] = "etcd://192.168.1.116:12379"'
#DOCKER_OPT[2]='.["cluster-store-opts"] = { "kv.cacertfile" : "/var/lib/docker/discovery_certs/ca.pem", "kv.certfile" : "/var/lib/docker/discovery_certs/cert.pem", "kv.keyfile" : "/var/lib/docker/discovery_certs/key.pem" }'
#for ((i = 0; i < ${#DOCKER_OPT[@]}; ++i)); do
#	OPTION="${DOCKER_OPT[$i]}"
#	jq "${OPTION}" /etc/docker/daemon.json > /tmp/daemon.json.new && \
#		mv -b /tmp/daemon.json.new /etc/docker/daemon.json
#done

#groupadd docker
#usermod -aG docker $USER
#gpasswd -a "$USER_NAME" docker
#newgrp docker

#/etc/init.d/docker restart