#! /usr/bin/env bash

# make sure we're root
if [ "$EUID" -ne 0 ]; then
  echo "Please run as root."
  exit 1
fi

USER_NAME=virgil
CRICTL_VERSION="v1.30.0" # check latest version in /releases page


#sudo/ssh configuration
printf "${USER_NAME} ALL=(ALL) NOPASSWD:ALL" | tee /etc/sudoers.d/passwordless > /dev/null
printf "PasswordAuthentication no\nChallengeResponseAuthentication no\nUsePAM no\nPermitRootLogin no" | tee /etc/ssh/sshd_config.d/passwordless.conf > /dev/null

if [ -z "$(which docker)" ]; then

  if [ ! -e "/etc/apt/keyrings/docker.asc" ]; then
    curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc
    chmod a+r /etc/apt/keyrings/docker.asc
  fi

  # Add the repository to Apt sources:
  echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu noble stable" | \
  tee /etc/apt/sources.list.d/docker.list > /dev/null

  apt-get update
  apt-get install -y docker-ce docker-ce-cli containerd.io apt-transport-https
  usermod -aG docker ${USER_NAME}

  mkdir -p /etc/containerd
  containerd config default > /etc/containerd/config.toml
  sed -i -e 's,SystemdCgroup = false,SystemdCgroup = true,g' /etc/containerd/config.toml
fi

if [ "arm64" == "$(dpkg --print-architecture)" ]; then
  echo "{\"exec-opts\": [\"native.cgroupdriver=systemd\"],\"log-driver\": \"json-file\",\"log-opts\": {\"max-size\": \"100m\"},\"storage-driver\": \"overlay2\"}" | tee /etc/docker/daemon.json > /dev/null
fi

if [ ! -e "/etc/modules-load.d/containerd.conf" ]; then

  #todo we need to handle kvm for intel/amd/arm64 here
cat <<EOF | tee /etc/modules-load.d/containerd.conf
overlay
br_netfilter
EOF
  modprobe overlay
  modprobe br_netfilter

cat <<EOF | tee /etc/sysctl.d/99-kubernetes-cri.conf
net.bridge.bridge-nf-call-iptables  = 1
net.ipv4.ip_forward                 = 1
net.bridge.bridge-nf-call-ip6tables = 1
EOF
  sysctl --system
fi

# make good and sure swap is disabled
swapoff -a
swapoff -a
sed -i.bak -r 's/(.+ swap .+)/#\1/' /etc/fstab

#kubeadm install
systemctl enable --now containerd

if [ -z "$(which kubeadm)" ]; then

  systemctl restart containerd

curl -fsSL https://pkgs.k8s.io/core:/stable:/v1.31/deb/Release.key | sudo gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg

cat <<EOF >/etc/apt/sources.list.d/kubernetes.list
deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://pkgs.k8s.io/core:/stable:/v1.31/deb/ /
EOF


apt-get update && apt-get install -y kubelet kubeadm kubectl
apt-mark hold kubelet kubeadm kubectl
systemctl enable kubelet && systemctl start kubelet


kubeadm config images pull
fi


apt-get upgrade -y
apt-get autoremove -y