#!/bin/bash

set -e

# Packages
sudo apt update
sudo apt install -y borgbackup

# Backup script - not symlinked to avoid potential privilege escalation
sudo cp borg/backup.sh /usr/local/sbin/backup.sh
sudo chown root:root /usr/local/sbin/backup.sh
sudo chmod 744 /usr/local/sbin/backup.sh

# Passphrase
if [ ! -f /usr/local/etc/borg/passphrase.key ]; then
  sudo mkdir --parents --mode=755 /usr/local/etc/borg/
  echo '@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@'
  echo '@@    PLEASE BACKUP BORG PASSPHRASE:    @@'
  pwgen 32 1 | sudo tee /usr/local/etc/borg/passphrase.key
  echo '@@ (/usr/local/etc/borg/passphrase.key) @@'
  echo '@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@'
  read -p 'Press any key to continue..'
  sudo chmod 600 /usr/local/etc/borg/passphrase.key
fi


# Systemd service and timer - not symlinked to avoid potential privilege escalation
sudo cp borg/borg-daily.service /etc/systemd/system/
sudo cp borg/borg-daily.timer /etc/systemd/system/
sudo chown root:root /etc/systemd/system/borg-daily.service /etc/systemd/system/borg-daily.timer
sudo systemctl enable borg-daily.timer
sudo systemctl start borg-daily.timer


# SSH
sudo cp borg/known_hosts /root/.ssh/known_hosts
sudo ssh-keygen -t ed25519 || true  # generate key for the root user, it's fine if it already exists
echo "Please add /root/.ssh/id_ed25519.pub to the servers' authorized_keys"
read -p 'Press any key when done to test the connection.. (should return "PTY allocation request failed on channel 0")'
sudo ssh borg@borg.caspervk.net -p 22222