#!/bin/sh
#
# SPDX-License-Identifier: BSD-3-Clause
#
# Copyright (c) 2018-2025, Christer Edwards <christer.edwards@gmail.com>
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are met:
#
# * Redistributions of source code must retain the above copyright notice, this
#   list of conditions and the following disclaimer.
#
# * Redistributions in binary form must reproduce the above copyright notice,
#   this list of conditions and the following disclaimer in the documentation
#   and/or other materials provided with the distribution.
#
# * Neither the name of the copyright holder nor the names of its
#   contributors may be used to endorse or promote products derived from
#   this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

PATH=${PATH}:/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin

BASTILLE_VERSION=1.3.2.251225

# Validate config file
# Copy default when 'setup' is called
# so we can skip to the setup command
bastille_conf_check() {

    local _config="${1}"
    shift 1
    local _args="$@"

    if [ ! -r "${_config}" ]; then
        if echo "${_args}" | grep -Eosqw "setup"; then
            cp /usr/local/etc/bastille/bastille.conf.sample /usr/local/etc/bastille/bastille.conf
        else
            echo -e "\n[ERROR]: No config file found!"
            echo -e "Please run 'bastille setup' to configure Bastille.\n"
            exit 1
        fi
    fi
}

## bastille_prefix should be 0750
## this restricts file system access to privileged users
bastille_perms_check() {
    if [ -d "${bastille_prefix}" ]; then
        BASTILLE_PREFIX_PERMS=$(stat -f "%Op" "${bastille_prefix}")
        if [ "${BASTILLE_PREFIX_PERMS}" != 40750 ]; then
            error_notify "Insecure permissions on ${bastille_prefix}"
            error_exit "Try: chmod 0750 ${bastille_prefix}"
        fi
    fi
}

usage() {
    cat << EOF
	
Bastille is an open-source system for automating deployment and management of
containerized applications on FreeBSD.

Usage:
  bastille [option(s)] COMMAND [option(s)] TARGET ARGS

Available Commands:
  bootstrap   Bootstrap a release or template(s).
  clone       Clone an existing jail.
  cmd         Execute command(s) inside jail(s).
  config      Get, set, add or remove properties from jail(s).
  console     Console into a jail.
  convert     Convert a jail from thin to thick; convert a jail to a custom release.
  cp          Copy file(s)/directorie(s) from host to jail(s).
  create      Create a jail.
  destroy     Destroy jail(s) or release(s).
  edit        Edit jail configuration files (advanced).
  etcupdate   Update /etc for jail(s).
  export      Export a jail.
  help        Help for any command.
  htop        Interactive process viewer (requires htop).
  import      Import a jail.
  jcp         Copy file(s)/directorie(s) from jail to jail(s).
  limits      Apply resources limits to jail(s). See rctl(8) and cpuset(1).
  list        List jails, releases, templates and more...
  migrate     Migrate jail(s) to a remote system.
  monitor     Monitor and attempt to restart jail service(s).
  mount       Mount file(s)/directorie(s) inside jail(s).
  network     Add or remove interface(s) from jail(s).
  pkg         Manage packages inside jail(s). See pkg(8).
  rcp         Copy file(s)/directorie(s) from jail to host.
  rdr         Redirect host port to jail port.
  rename      Rename a jail.
  restart     Restart a jail.
  service     Manage services within jail(s).
  setup       Auto-configure network, firewall, storage and more...
  start       Start stopped jail(s).
  stop        Stop running jail(s).
  sysrc       Edit rc files inside jail(s).
  tags        Add or remove tags to jail(s).
  template    Apply templates to jail(s).
  top         Process viewer. See top(1).
  umount      Unmount file(s)/directorie(s) from jail(s).
  update      Update a jail or release.
  upgrade     Upgrade a jail to new release.
  verify      Compare release against a "known good" index.
  zfs         Manage ZFS options/attributes for jail(s).

Use "bastille -v|--version" for version information.
Use "bastille command -h|--help" for more information about a command.
Use "bastille -c|--config FILE command" to specify a non-default config file.

EOF
    exit 1
}

if [ -z "${BASTILLE_CONFIG}" ]; then
    if [ -z "${BASTILLE_CONFIG}" ]; then
        BASTILLE_CONFIG=/usr/local/etc/bastille/bastille.conf
        export BASTILLE_CONFIG
    elif [ -r "/usr/local/etc/bastille/${BASTILLE_CONFIG}" ]; then
        BASTILLE_CONFIG="/usr/local/etc/bastille/${BASTILLE_CONFIG}"
        export BASTILLE_CONFIG
    else
        echo "Not a valid config file: ${BASTILLE_CONFIG}"
        exit 1
    fi
fi

# Pass BASTILLE_CONFIG and ARGS to config function
bastille_conf_check "${BASTILLE_CONFIG}" "$@"
bastille_perms_check

# Load common.sh after setting BASTILLE_CONFIG
. /usr/local/share/bastille/common.sh

# Handle options
while [ "$#" -gt 0 ]; do
    case "${1}" in
        -h|--help|help)
            usage
            ;;
        version|-v|--version)
            info "${BASTILLE_VERSION}"
            exit 0
            ;;
        -c|--config)
            BASTILLE_CONFIG="${2}"
            if [ -r "/usr/local/etc/bastille/${BASTILLE_CONFIG}" ]; then
                BASTILLE_CONFIG="/usr/local/etc/bastille/${BASTILLE_CONFIG}"
                info "Using custom config: ${BASTILLE_CONFIG}"
                export BASTILLE_CONFIG
            else
                error_exit "Not a valid config file: ${BASTILLE_CONFIG}"
            fi
            # Load common.sh after setting BASTILLE_CONFIG
            . /usr/local/share/bastille/common.sh
            shift 2
            ;;
        -*)
            error_exit "Unknown Option: \"${1}\""
            ;;
        *)
            break
            ;;
    esac
done

if [ "$#" -lt 1 ]; then
    usage
else
    CMD="${1}"
    shift
fi

# Handle sub-commands.
case "${CMD}" in
    # 39 total commands
    bootstrap) ;;
    clone) ;;
    cmd) ;;
    config) ;;
    console) ;;
    convert) ;;
    cp) ;;
    create) ;;
    destroy|destory)
        CMD="destroy"
        ;;
    edit) ;;
    etcupdate) ;;
    export) ;;
    htop) ;;
    import) ;;
    jcp) ;;
    limit|limits)
        CMD="limits"
        ;;
    list) ;;
    migrate) ;;
    monitor) ;;
    mount) ;;
    net|network)
        CMD="network"
        ;;
    pkg) ;;
    rcp) ;;
    rdr) ;;
    rename) ;;
    restart) ;;
    service) ;;
    setup) ;;
    start) ;;
    stop) ;;
    sysrc) ;;
    tags) ;;
    template) ;;
    top) ;;
    umount|unmount)
        CMD="umount"
        ;;
    update) ;;
    upgrade) ;;
    verify) ;;
    zfs) ;;
    *)
        usage
        ;;
esac

# shellcheck disable=SC2154
SCRIPTPATH="${bastille_sharedir}/${CMD}.sh"

if [ -f "${SCRIPTPATH}" ]; then

    : "${UMASK:=022}"
    umask "${UMASK}"

    : "${SH:=sh}"

    exec ${SH} "${SCRIPTPATH}" "$@"

else
    error_exit "${SCRIPTPATH} not found."
fi
