#!/usr/bin/env -S zsh -eu

service=diabloii
pubkey="ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHVMEkZQ+dGB/wwc/Mo7Ejp8QXH9XpUWXKf7RixjBsJO minnow@regulus"
port=4000

echo "Creating user..."
adduser --system --shell /bin/false --disabled-password $service

echo "Creating .ssh directory..."
mkdir                  /home/$service/.ssh
chown $service:nogroup /home/$service/.ssh
chmod 700              /home/$service/.ssh

echo "Adding pubkey..."
echo $pubkey         > /home/$service/.ssh/authorized_keys
chown $service:nogroup /home/$service/.ssh/authorized_keys
chmod 600              /home/$service/.ssh/authorized_keys

echo "Configuring firewall (ufw)..."
ufw allow in $port/tcp comment "$service"

echo "Configuring sshd..."
echo ""                               >> /etc/ssh/sshd_config
echo "Match User $service"            >> /etc/ssh/sshd_config
echo "	GatewayPorts clientspecified" >> /etc/ssh/sshd_config

echo "Done setting up ssh tunnel."
echo "On your local machine, use this command to port forward:"
echo "ssh -N -R :$port:localhost:$port $service@starfall.systems &"