#!/bin/sh

set -e

usage() {
    printf 'Usage:\n'
    printf '%s [on|off] [-y] | [help|-h]\n' "$1"
    printf '\ton \t\tTurn on Docker isolation\n'
    printf '\toff \t\tTurn off Docker isolation\n'
    printf '\t-y \t\tSkip confirmation and restart services immediately\n'
    printf '\thelp, -h \tPrint this help\n'
    printf '\nNo arguments: print current Docker isolation status\n'
}

DOCKER_SERVICE_FILE=/lib/systemd/system/docker.service
CONTAINERD_SERVICE_FILE=/lib/systemd/system/containerd.service
DOCKER_SERVICE_OVERRIDE_FILE=/usr/share/docker.io/contrib/parsec/10-docker-isolate.conf
CONTAINERD_SERVICE_OVERRIDE_FILE=/usr/share/docker.io/contrib/parsec/10-containerd-isolate.conf
DOCKER_SERVICE_OVERRIDE_DIR=/etc/systemd/system/docker.service.d
DOCKER_SERVICE_OVERRIDE_LINK=$DOCKER_SERVICE_OVERRIDE_DIR/10-docker-isolate.conf
CONTAINERD_SERVICE_OVERRIDE_DIR=/etc/systemd/system/containerd.service.d
CONTAINERD_SERVICE_OVERRIDE_LINK=$CONTAINERD_SERVICE_OVERRIDE_DIR/10-docker-isolate.conf

check_file_exists() {
    if ! [ -f $1 ]; then
        >&2 printf 'Error: file %s does not exist\n' "$1"
        >&2 printf 'Please reinstall docker.io package\n'
        exit 1
    fi
}

check_sanity() {
    check_file_exists $DOCKER_SERVICE_FILE
    check_file_exists $CONTAINERD_SERVICE_FILE
    check_file_exists $DOCKER_SERVICE_OVERRIDE_FILE
    check_file_exists $CONTAINERD_SERVICE_OVERRIDE_FILE
}

check_root() {
    if [ "$EUID" -ne 0 ]; then
        printf 'You must be root to run this script\n'
        exit
    fi
}

check_isolation_status() {
    if [ -f "$DOCKER_SERVICE_OVERRIDE_LINK" ] && [ -f "$CONTAINERD_SERVICE_OVERRIDE_LINK" ]; then
        return 0
    else
        return 1
    fi
}

print_isolation_status() {
    if check_isolation_status; then
        printf 'on\n'
    else
        printf 'off\n'
    fi
}

remove_link() {
    rm -f $DOCKER_SERVICE_OVERRIDE_LINK
    rm -rf $DOCKER_SERVICE_OVERRIDE_DIR
    rm -f $CONTAINERD_SERVICE_OVERRIDE_LINK
    rm -rf $CONTAINERD_SERVICE_OVERRIDE_DIR
}

add_link() {
    mkdir -p $DOCKER_SERVICE_OVERRIDE_DIR
    ln -s $DOCKER_SERVICE_OVERRIDE_FILE $DOCKER_SERVICE_OVERRIDE_LINK
    mkdir -p $CONTAINERD_SERVICE_OVERRIDE_DIR
    ln -s $CONTAINERD_SERVICE_OVERRIDE_FILE $CONTAINERD_SERVICE_OVERRIDE_LINK
}

daemon_reload() {
    systemctl daemon-reload
    echo "The system requires restarting the following services:"
    echo "    docker-parsec-init.service"
    echo "    containerd.service"
    echo "    docker.service"

    if [[ "$2" == "-y" ]]; then
      echo "Restarting services immediately..."
      restart_services
    else
        echo "Press 'y' to restart the services within 5 seconds (or wait to cancel):"
        read -t 5 -n 1 answer
        if [ "$answer" = "y" ]; then
            restart_services
        fi
    fi
}

restart_services() {
    systemctl restart docker-parsec-init.service
    systemctl restart containerd.service
    systemctl restart docker.service
}


isolation_on() {
    check_root
    check_sanity
    if ! check_isolation_status; then
        remove_link
        add_link
        daemon_reload "$@"
    else
        echo "docker-isolation is already active."
    fi
}

isolation_off() {
    check_root
    check_sanity
     if check_isolation_status; then
        remove_link
        daemon_reload "$@"
     else
        echo "docker-isolation is already disabled."
    fi
}


if [ $# -gt 2 ] || { [ $# -eq 2 ] && [ "$2" != "-y" ]; }; then
    >&2 printf 'Error: invalid argument(s)\n\n'
    >&2 usage $0
    exit 1
fi

if [ $# -eq 0 ]; then
    check_sanity
    print_isolation_status
    exit 0
fi

case $1 in
    on)
        isolation_on "$@"
        ;;
    off)
        isolation_off "$@"
        ;;
    help|-h)
        printf 'Docker isolation switch\n(c) AstraLinux 2020\n\n'
        usage $0
        ;;
    *)
        >&2 printf 'Error: invalid argument\n\n'
        >&2 usage $0
        exit 1
        ;;
esac
