# Bastillefile: anki-sync-server
#
# Dieses Template setzt einen Anki Sync Server (Python, anki.syncserver) in einem Bastille-Jail auf.
# - Installiert Build-Tools (für das Rust-Bridge-Modul), Python + pip
# - Erstellt ein Virtualenv und installiert Anki via pip
# - Legt ein rc.d-Script an, das den Syncserver per daemon(8) startet
# - Startet den Dienst und lauscht standardmäßig auf Port 27701 (HTTP)
#
# WICHTIG:
#  - Falls Builds im Jail /dev/fd brauchen, sorge im Host-Jail-Setup für:  "mount.fdescfs;"
#  - Für produktiven Betrieb die Zugangsdaten (SYNC_USER1, ggf. mehrere) anpassen!
#
# Verzeichnisse und Pfade:
#   Virtualenv:      /opt/anki-sync/venv
#   Datenverzeichnis / Sync-Store: /var/db/anki-sync
#   Logfile:         /var/log/anki-sync.log
#   rc.d-Script:     /usr/local/etc/rc.d/anki_sync

# --- Basis / Pakete ---
CMD pkg update -f
CMD pkg upgrade -y
CMD pkg install -y python311 py311-pip rust cmake gmake pkgconf ca_root_nss git nano

# --- Dienstnutzer anlegen (optional; root ginge auch) ---
CMD pw user add anki -m -s /bin/sh || true

# --- Verzeichnisse ---
CMD mkdir -p /opt/anki-sync/venv
CMD mkdir -p /var/db/anki-sync
CMD mkdir -p /usr/local/etc/rc.d
CMD mkdir -p /var/log

# Rechte auf Daten/Log
CMD chown -R anki:anki /var/db/anki-sync
CMD touch /var/log/anki-sync.log
CMD chown anki:anki /var/log/anki-sync.log

# --- Python Virtualenv + Anki installieren ---
CMD /usr/local/bin/python3.11 -m venv /opt/anki-sync/venv
CMD /opt/anki-sync/venv/bin/python -m pip install --upgrade pip wheel setuptools
# Anki installieren (neueste Version; alternativ Version pinnen, z.B.: anki==2.1.65)
CMD /opt/anki-sync/venv/bin/python -m pip install --no-cache-dir anki

# --- rc.d-Script schreiben ---
CMD /bin/sh -c 'cat > /usr/local/etc/rc.d/anki_sync << "EOF"
#!/bin/sh
# PROVIDE: anki_sync
# REQUIRE: LOGIN
# KEYWORD: jail

. /etc/rc.subr

name="anki_sync"
rcvar="${name}_enable"

load_rc_config $name

: ${anki_sync_enable:="NO"}
: ${anki_sync_user:="anki"}
: ${anki_sync_base:="/var/db/anki-sync"}
: ${anki_sync_bin:="/opt/anki-sync/venv/bin/python"}
: ${anki_sync_host:="0.0.0.0"}
: ${anki_sync_port:="27701"}
: ${anki_sync_log:="/var/log/anki-sync.log"}
: ${anki_sync_pidfile:="/var/run/anki-sync.pid"}
: ${anki_sync_env_users:=""}
: ${anki_sync_module:="-m anki.syncserver"}

start_cmd="${name}_start"
stop_cmd="${name}_stop"
status_cmd="${name}_status"

build_env() {
    _env="SYNC_BASE=${anki_sync_base} SYNC_HOST=${anki_sync_host} SYNC_PORT=${anki_sync_port}"
    [ -n "${anki_sync_env_users}" ] && _env="${_env} ${anki_sync_env_users}"
    echo "${_env}"
}

anki_sync_start()
{
    # Mindestens ein User?
    case " ${anki_sync_env_users} " in
        *" SYNC_USER"*) ;;
        *) echo "ERROR: No users defined. Set anki_sync_env_users in /etc/rc.conf (e.g. SYNC_USER1=user:pass)"; return 1 ;;
    esac

    install -d -m 0755 "${anki_sync_base}" || true
    touch "${anki_sync_log}" || true
    [ -d "/var/run" ] || install -d -m 0755 /var/run
    chown -f "${anki_sync_user}":"${anki_sync_user}" "${anki_sync_log}" "${anki_sync_base}" 2>/dev/null || true

    /usr/sbin/daemon -f -r \
        -P "${anki_sync_pidfile}" \
        -o "${anki_sync_log}" \
        -u "${anki_sync_user}" \
        env $(build_env) "${anki_sync_bin}" ${anki_sync_module}
}

anki_sync_stop()
{
    if [ -f "${anki_sync_pidfile}" ]; then
        kill "$(cat "${anki_sync_pidfile}")" 2>/dev/null || true
        rm -f "${anki_sync_pidfile}"
    else
        pkill -f "${anki_sync_bin} ${anki_sync_module}" 2>/dev/null || true
    fi
}

anki_sync_status()
{
    if [ -f "${anki_sync_pidfile}" ] && kill -0 "$(cat "${anki_sync_pidfile}")" 2>/dev/null; then
        echo "${name} is running as pid $(cat "${anki_sync_pidfile}")"
        exit 0
    fi
    pgrep -lf "${anki_sync_bin} ${anki_sync_module}" && exit 0
    echo "${name} is not running"
    exit 1
}

run_rc_command "$1"
EOF'

CMD chmod +x /usr/local/etc/rc.d/anki_sync

# --- rc.conf: Dienst aktivieren + Standard-ENV (BITTE ändern!) ---
SYSRC anki_sync_enable="YES"
SYSRC anki_sync_user="anki"
SYSRC anki_sync_base="/var/db/anki-sync"
SYSRC anki_sync_host="0.0.0.0"
SYSRC anki_sync_port="27701"
# Test-User setzen (unbedingt ersetzen!)
SYSRC anki_sync_env_users='SYNC_USER1=demo:demo'

# --- Dienst starten ---
SERVICE anki_sync start
