{{- if eq .host.distro.family "linux" -}}
#!/usr/bin/env bash
# @file Endlessh Configuration
# @brief Applies the Endlessh configuration and starts the service on Linux systems
# @description
#     Endlessh is a endless SSH tarpit that slowly shows an infinitely long SSH welcome banner on the default
#     SSH port. It is intended to break unsophisticated malware that targets SSH.
#
#     If the `endlessh` program is installed, this script applies the configuration stored in `home/private_dot_ssh/endlessh/config.tmpl`
#     (that unpacks with Chezmoi to `~/.ssh/endlessh/config`) to the system location and then starts the service.
#
#     **Note:** _This script runs under the assumption that the actual SSH port which is defined in `home/.chezmoidata.yaml`
#     is assigned to a non-standard port like 2214. This allows the default port to be used for `endlessh`._
#
#     ## Links
#
#     * [Endlessh GitHub repository](https://github.com/skeeto/endlessh)
#     * [Endlessh configuration](https://github.com/megabyte-labs/install.doctor/blob/master/home/private_dot_ssh/endlessh/config.tmpl)

# @file Endlessh Configuration
# @brief This script configures Endlessh by applying the configuration stored in `${XDG_DATA_HOME:-$HOME/.ssh}/endlessh/config` if the `endlessh` application is available
# @description
#     This script applies the Endlessh configuration stored in `${XDG_DATA_HOME:-$HOME/.ssh}/endlessh/config` if endlessh is installed.
#     Endlessh is and SSH Tarpit configured to listen for incoming connection on the given port and respond slowly with a random, endless SSH banner. To protect the real server,
#     configure Endlessh to listen on the default SSH port (22), while the real server listens to a different port.
#
#     ## Configuration Variables
#
#     The following chart details the input variable(s) that are used to determine the configuration of the endlessh:
#
#     | Variable        | Description                                                |
#     |-----------------|------------------------------------------------------------|
#     | `endlesshPort`  | The port that endlessh listens to for incoming connections |
#
#     ## Links
#
#     * [Default Endlessh configuration](https://github.com/megabyte-labs/install.doctor/tree/master/home/private_dot_ssh/endlessh/config.tmpl)
#     * [Secrets / Environment variables documentation](https://install.doctor/docs/customization/secrets)

# endlessh config hash: {{- include (joinPath .host.home ".ssh" "endlessh" "config") | sha256sum -}}

{{ includeTemplate "universal/profile" }}
{{ includeTemplate "universal/logg" }}

### Configures endlessh service
function configureEndlessh() {
    ### Update the service configuration file
    logg info 'Updating `endlessh` service configuration file'
    sudo sed -i 's/^.*#AmbientCapabilities=CAP_NET_BIND_SERVICE/AmbientCapabilities=CAP_NET_BIND_SERVICE/' /usr/lib/systemd/system/endlessh.service
    sudo sed -i 's/^.*PrivateUsers=true/#PrivateUsers=true/' /usr/lib/systemd/system/endlessh.service
    logg info 'Reloading systemd'
    sudo systemctl daemon-reload

    ### Update capabilities of `endlessh`
    logg info 'Updating capabilities of `endlessh`'
    sudo setcap 'cap_net_bind_service=+ep' /usr/bin/endlessh

    ### Restart / enable Endlessh
    logg info 'Enabling the `endlessh` service'
    sudo systemctl enable endlessh
    logg info 'Restarting the `endlessh` service'
    sudo systemctl restart endlessh
}

### Update /etc/endlessh/config if environment is not WSL
if [[ ! "$(test -d proc && grep Microsoft /proc/version > /dev/null)" ]]; then
    if command -v endlessh > /dev/null; then
        if [ -d /etc/endlessh ]; then
            logg info 'Copying ~/.ssh/endlessh/config to /etc/endlessh/config'
            sudo cp -f "$HOME/.ssh/endlessh/config" /etc/endlessh/config

            configureEndlessh || CONFIGURE_EXIT_CODE=$?
            if [ -n "$CONFIGURE_EXIT_CODE" ]; then
                logg error 'Configuring `endlessh` service failed' && exit 1
            else
                logg success 'Successfully configured `endlessh` service'
            fi
        elif [ -f /etc/endlessh.conf ]; then
            logg info 'Copying ~/.ssh/endlessh/config to /etc/endlessh.conf'
            sudo cp -f "$HOME/.ssh/endlessh/config" /etc/endlessh.conf

            configureEndlessh || CONFIGURE_EXIT_CODE=$?
            if [ -n "$CONFIGURE_EXIT_CODE" ]; then
                logg error 'Configuring `endlessh` service failed' && exit 1
            else
                logg success 'Successfully configured `endlessh` service'
            fi
        else
            logg warn 'Neither the /etc/endlessh folder nor the /etc/endlessh.conf file exist'
        fi
    else
        logg info 'Skipping Endlessh configuration because the `endlessh` executable is not available in the PATH'
    fi
else
    logg info 'Skipping Endlessh configuration since environment is WSL'
fi

{{ end -}}