#!/bin/bash
set -e
# Update-ovanje i upgrade-ovanje servera
sudo apt update # && sudo apt upgrade -y


# Kreiranje novog korisnika i dodavanje tog korisnika u sudo grupu
adduser worker
usermod -aG sudo worker

# Obezbjedjivanje SSH-a
sudo sed -i 's/#Port 22/Port 9022/g' /etc/ssh/sshd_config
sudo sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin prohibit-password/g' /etc/ssh/sshd_config
sudo sed -i 's/#PasswordAuthentication yes/PasswordAuthentication no/g' /etc/ssh/sshd_config
sudo sed -i 's/#PermitEmptyPasswords no/PermitEmptyPasswords no/g' /etc/ssh/sshd_config
sudo systemctl restart ssh.service

# Podesavanje UFW
sudo ufw disable
sudo ufw default allow outgoing
sudo ufw default deny incoming
sudo ufw allow 9022
sudo ufw enable

sudo apt install apt-transport-https ca-certificates curl software-properties-common -y

curl -sSL https://get.docker.com | sh

sudo usermod -aG docker worker

##  This should be executed on Worker user ###

#mkdir -p ~/.docker/cli-plugins/

#curl -SL https://github.com/docker/compose/releases/download/v2.3.3/docker-compose-linux-x86_64 -o ~/.docker/cli-plugins/docker-compose

sudo curl -SL https://github.com/docker/compose/releases/download/v2.24.6/docker-compose-linux-x86_64 -o /usr/local/bin/docker-compose

sudo chmod +x /usr/local/bin/docker-compose

#chmod +x ~/.docker/cli-plugins/docker-compose

sudo sysctl -w vm.max_map_count=262144

echo "worker ALL= NOPASSWD:/usr/bin/rsync" >> /etc/sudoers
echo "worker ALL= NOPASSWD:/usr/bin/touch" >> /etc/sudoers
echo "worker ALL= NOPASSWD:/usr/bin/du" >> /etc/sudoers
echo "worker ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers


mkdir -p /home/worker/.ssh

wget https://gist.github.com/kolosek/88ca9d6834c2b2ac43cdf64ef2ef7938/raw/3cd7855107f597821cd13107a614ca4d39130ce8/rubyci-public-ssh 

touch /home/worker/.ssh/authorized_keys

cat rubyci-public-ssh >> /home/worker//.ssh/authorized_keys

chmod 700 /home/worker/.ssh && chmod 600 /home/worker/.ssh/authorized_keys

sudo chown -v -R worker:worker /home/worker/.ssh/

su - worker