#!/bin/bash
# I, Ian Kelling, follow the GNU license recommendations at
# https://www.gnu.org/licenses/license-recommendations.en.html. They
# recommend that small programs, < 300 lines, be licensed under the
# Apache License 2.0. This file contains or is part of one or more small
# programs. If a small program grows beyond 300 lines, I plan to switch
# its license to GPL.

# Copyright 2024 Ian Kelling

# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at

#     http://www.apache.org/licenses/LICENSE-2.0

# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.


# assumes we've partitioned /dev/xvda1

if ! test "$BASH_VERSION"; then echo "error: shell is not bash" >&2; exit 1; fi
shopt -s inherit_errexit 2>/dev/null ||: # ignore fail in bash < 4.4
set -eE -o pipefail
trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" exit status: $?, PIPESTATUS: ${PIPESTATUS[*]}" >&2' ERR

# already did this to ssh in
#apt update
apt install -y mmdebstrap

wipefs -a /dev/xvda1

mkfs.ext4 /dev/xvda1


#apt-key export B138CA450C05112F
cat  >trisquel.key <<'EOF'
-----BEGIN PGP PUBLIC KEY BLOCK-----

mQINBFhxcQMBEADaT9jTxXNbmjx7kZdTK7JCFx2OAeSS0+XltJnGOPnd6Vj4W1u2
QLReYD1rVVYA8kneT3VjvZpKO/Ho3TbQZ4E8hNDEwaVmKnTfrmptIzv44cHJexsZ
eTol74rac/pC/oXCHGINWLflfyQt8iB0dGSEPjtDXvYNFTwBYrQDI9apO5JVWvCB
qLaQdXU+MCsTaD5OZ4bJ2dQleI34UGea+NrrnAZP68d5hsLL+WTa65fhB3Bws8zc
1v+JhVJhLYNQOcTHRXU7ieUN2zy+JzbD/10XV64YZQseEkhXG8LMRvfbTDD/SigD
wKViVFkDa7NFfmpOE9kaF6Nh/XrWmMJjG49KtYUln/G2XCV4TpJrbrWW0OxGqki+
HH/36N63CZR4lj0EENFQduikTq1LeyQBXQSccwH9FJEI/4Uz5uuVM+tviScmgWEC
YXo7PdCoUUJDiR6Uma4COAYOTHM/7C5wVofkH1mq5fSz6rbBNIDIoy/W6GrN41s0
WOl+z9ZgNlY1qtvpwSDenY9WERLajUAJKVTAwI2mvIETo+q8b2J8iIlfI8KkW/+q
qt87BkFmo2Acgh9l0O1j/Ysp5p7OtCjz8uuO+WzbBo6RlXafx/9e6QoatbtwSBUp
4W3w2/VANRYtL5DyDCbcuwMk77r9jXp1913sTFlin4xIs840gcVahetA+QARAQAB
tDFUcmlzcXVlbCBHTlUvTGludXggPHRyaXNxdWVsLWRldmVsQHRyaXNxdWVsLmlu
Zm8+iQI2BBMBCgAhBQJYcXEDAhsDBQsJCAcDBRUKCQgLBRYDAgEAAh4BAheAAAoJ
ELE4ykUMBREv6NUP9jTl1CZKHqL3NmF2Df/ID+za7YO5IebxbzRC9vkjrWSuoMpw
xJ/U5pBCsz0bDewJXMx0XeSNgo/WAzWoPmh3PTUXKhLjlGS2DII96XXbMy2zi+3r
+apIY3wedYkC/BiK9w8pGXGGlTXTo9zitWZC2/yWC4I9W2818mMJPXpQjvkzqdwU
UlV54fpnqoMNsLFEa1w1ahDerdCTe0Azrr+3YrKaQ287MpkWwO/Cf/yYg0UhbDih
FFMZ4Wa9aywvxQ86khghOafLLkIHcakMBdVRodym00bGeAjeNHnMffDi3k8tfejk
g6iLVrZf21+KsVfV+PLX4QQsPCR/dlneKKCAEPh+awserncssizx2/ujhvTd7z3l
tXGG7UcQP7fYTBWNkU7+ddMOWp26hOsINt0NyxhiGT2ZPEy1vpZ1H80rlaMkiISH
Z56SCfcHGuEHlkDKdz7ZsS8gU+zqMAnNEDb6UrqZZbhJcR3N7DsTQC/okoF8egDM
nHD9pUdDakPungnt6j7eLA6Ogca58mbIvwsQ+Qn9Urcd0m30to6WCTlj4jKsrMy/
QtbyVSc/G3PZXVqP8xWIpuZtu0eMx+NjCKWmOYvTgIjbjLp0z801Weexn9uva+1z
5nRy+00aOddoLhtXqNFxNS94gXvH3D6ZJ2ejADooEBiqk1M+KWFtOsW01QG5Ag0E
WHFxAwEQALAKjsSSREoYjswMG1/znBkoNz199DkKJ3DnOk5NulkZcAoHeQVLnv2M
/1qycG4ndoIkINdz37fKdFziEJd4cBSQ+3gNollaxM2x7KdF7M13Z4YgFgg40qxO
8id8CSLga2klnFU8aa5PtRPYd4XZ5azpxzCRF8u+1ojM+rLAO0hKLGDhBqjKFvG4
ASeX14F1R2yiGvZU2lQKQu2ZIk9IqN7M0IsCEh1O8+GNd7lCTFyvAYK0ai0dg9Q5
F6X2YvQVYDik7rOuP6D6oUmGXufi2vc0OxFX5dBHa4z7XR0BRzg9VtkUerHSbVPI
c+3mgG5+QmlD+3NKYqiTZvKOWQbgKD/Pg0E0hqw8IjSThmge8XQcTh6qhW8ww0Gz
ha6HN0At5kMGbQqsTARjfgjhJZdyjA09NGYu1KVKDrKMrN9le9tO05ztZeP3y5My
S9LaWDE6Flm0BBqkkrHDk+9ID/qDixe/3ZCppu3dJsCF8aaG+sIQjxlMAeXtKOLl
ZuQbPaVJbQXElwZo3Nz20N2RAZJLXycCev7EbC8Afpg6TYjlJyJX9uyKxDv+QORG
RJ5vFA4evNCmUrS0PpcodJxk5TMSuR9vRuvT1jVVMe18T1F74XRqTW6xizC7EEM8
X5QLDuVMRErSUPfcNYLTGJAvPTQ/EgU5aK+H1qv1EEbXeMiuksdvABEBAAGJAh8E
GAEKAAkFAlhxcQMCGwwACgkQsTjKRQwFES/C0A//aT9JDbwF4JYgyxQuPuxb8G/e
9thHNBhPmGL7gpyGzUW3q/c6HHnFxT7YPA37fsN/JD9Mcdx2rRFhz0XVR6cfdQZy
299s2/aX4Tu4FbMnmM+Du5uFFgStJA7LjaacHn6MxEohUeZAL7LMYiUovbwnsaiP
0sPhLaMrOQkRL/9mEKJiNbn6r/xX4xegzYNqoNdDKbcARaAzm5AH03Mmbc7Ss+OZ
4v/7vlcUnyEZ2c4jazP7W+pGWIw9f3SqnIxuCeDrCD35IFsUrE27dbtaNpkKw9zF
lfaEC+6PAI7M78gg2RNvaurCJR5B7bENrobf0lxbYGLGFcOIqTXkbuWjjO3eI/5Q
rmnO8Uy41Zos03Gsa6QkQ4p6OtVN4hHLxXkirs31cIocPqiJ7Vi+OH8stMNukvVT
dgnuw4dbPEhDnrFREDNSuRtV+2Lxl4JLr7gQUQDZKEf8cYZUAdN69dcW48Ugdvgu
6cRDVWakfim6kvZiQ0vxGxGM02V3RdhhZqrwXXYUPyyWMW230IjYc9cYQ+3C/1K4
MUUeMjKDMPQ/jlUiMjZeE+X0W/TaUj8uCOJ4M6+oYMqwUECPSFe9Of7VTKhB3+Ex
wGEtYWJUfhuYu8Tph2GZmud0vz4+ugpkliFVliGJfPPJ1EfgAAiUUvomoIXKsynV
McDbwCjFQn2iazszZsg=
=UAIm
-----END PGP PUBLIC KEY BLOCK-----
EOF

apt-key add trisquel.key

mount /dev/xvda1 /mnt

mmdebstrap nabia /mnt - <<'EOF'
deb http://archive.trisquel.org/trisquel/ nabia main
deb-src http://archive.trisquel.org/trisquel/ nabia main

deb http://archive.trisquel.org/trisquel/ nabia-updates main
deb-src http://archive.trisquel.org/trisquel/ nabia-updates main

deb http://archive.trisquel.info/trisquel/ nabia-security main
deb-src http://archive.trisquel.info/trisquel/ nabia-security main

deb http://archive.trisquel.org/trisquel/ nabia-backports main
deb-src http://archive.trisquel.org/trisquel/ nabia-backports main
EOF

cd /mnt

chrbind() {
  local d
  # dev/pts needed for pacman signature check
  for d in dev proc sys dev/pts; do
    [[ -d $d ]]
    if ! mountpoint $d &>/dev/null; then
      mount -o bind /$d $d
    fi
  done
}
chrbind

host=$1
cp /root/bitfolk-chroot-install /mnt
mkdir -p /mnt/etc/ssh
cp -a /etc/ssh/ssh_host* /mnt/etc/ssh
chroot . /bitfolk-chroot-install $host

poweroff