#!/bin/bash
set -e

# ensure ssh host keys exist
if [ ! -f /etc/ssh/keys/ssh_host_ed25519_key ]; then
    mkdir -p /etc/ssh/keys
    ssh-keygen -t ed25519 -f /etc/ssh/keys/ssh_host_ed25519_key -N ''
    ssh-keygen -t rsa -f /etc/ssh/keys/ssh_host_rsa_key -N ''
    ssh-keygen -t ecdsa -f /etc/ssh/keys/ssh_host_ecdsa_key -N ''
fi

# ensure directories exist
mkdir -p /home/git/repositories

# ensure git user owns home directory
chown -R git:git /home/git

# configure sshd to listen on 0.0.0.0:22 for Fly.io proxy
cat > /etc/ssh/sshd_config << 'EOF'
Port 22
ListenAddress 0.0.0.0
HostKey /etc/ssh/keys/ssh_host_ed25519_key
HostKey /etc/ssh/keys/ssh_host_rsa_key
HostKey /etc/ssh/keys/ssh_host_ecdsa_key
PasswordAuthentication no
PubkeyAuthentication yes
AuthorizedKeysFile none

Match User git
  AuthorizedKeysCommand /usr/bin/knot keys -o authorized-keys -internal-api http://localhost:5444 -git-dir /home/git/repositories
  AuthorizedKeysCommandUser nobody
EOF

# start sshd on 0.0.0.0:22 (Fly proxy requires this)
/usr/sbin/sshd -D -e &

# run knotserver as git user (foreground)
exec su -s /bin/bash git -c '/usr/bin/knot server'