#!/bin/bash
# Script to add rdiff-backup client user and setup SSH access
# Run as root

set -euo pipefail

apt install -y rdiff-backup

USER="rdfbck"
SSH_DIR="/home/$USER/.ssh"
AUTHORIZED_KEYS="$SSH_DIR/authorized_keys"
SUDOERS_FILE="/etc/sudoers.d/rdiff-backup-client"
SSH_KEY='command="sudo /usr/local/sbin/snapback",from="158.36.191.154",no-port-forwarding,no-X11-forwarding,no-pty ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC/QHCeEKUfpzhVHJTEbVUFxf4npnXmF+/0bLAaYprpmHACzIBEto+k2/QT+amDatN12eTANVrcmycaWjfjrAXRNP9pyAWPrvBu7eRScXmrwaOkD3beenuyOu5MrZ+0OhUKW8UQp0bPxd+f4wrIdwZniYPVc88HnbzULyypACkIww/X5xRNwtZ2bLVn4h4MMfv6oE2Mp9lspLm4Lt7kZsTMSAnTc03GWFB9emru9lvlp4hBD4OEQrWU1lXCm3Rt7PID/5FGwkYjR9r17X5Vm36ybFwywUIIf31NVEqXp1jaLtYVsudEEK6codHybarqgAGqAoGwsC8SeOX6suuUI8rEX404b6MSkH6syBiin5Nd5S3gqdi3dIpvcJFvgluJUyvxk2rMtG1dM49j1MswdlBthY6q9G8UGNd1bhIwd+bqqnvC+f3qkyr3c42CMexEEz5jasNVpOddmDeN4nX7gUPmQBRA3zdkINHljRaWno5bKh2+N/U2tNLPMa1+RJxaaMU= rdfbck@freebeast.nuug.no (rdiff-backup)'

# 1. Create system user with a shell and group
if ! id -u "$USER" >/dev/null 2>&1; then
    adduser --shell /bin/bash --group "$USER"
    echo "User $USER created."
else
    echo "User $USER already exists."
fi

# 2. Create .ssh directory
mkdir -p "$SSH_DIR"
chown "$USER":"$USER" "$SSH_DIR"
chmod 700 "$SSH_DIR"

# 3. Add authorized key
echo "$SSH_KEY" > "$AUTHORIZED_KEYS"
chown "$USER":"$USER" "$AUTHORIZED_KEYS"
chmod 600 "$AUTHORIZED_KEYS"
echo "SSH key installed."

# 4. Setup sudoers for backup script
echo "$USER ALL = NOPASSWD: NOLOG_INPUT: NOLOG_OUTPUT: /usr/local/sbin/snapback" > "$SUDOERS_FILE"
chmod 440 "$SUDOERS_FILE"
echo "Sudoers entry added."

# 5. Fetch snapback script
wget --quiet https://www.nuug.no/tools/backup-script/snapback -O /usr/local/sbin/snapback && chmod +x /usr/local/sbin/snapback

if command -v etckeeper >/dev/null 2>&1; then
    etckeeper commit "rdiff-backup: Sett opp daglig backup"
fi

echo "Client Backup Installation completed successfully."