#!/bin/bash
# Bash wrappers for docker run commands
# Source: https://raw.githubusercontent.com/jessfraz/dotfiles/master/.dockerfunc

export DOCKER_REPO_PREFIX=jess

#
# Helper Functions
#
dcleanup(){
	local containers
	mapfile -t containers < <(docker ps -aq 2>/dev/null)
	docker rm "${containers[@]}" 2>/dev/null
	local volumes
	mapfile -t volumes < <(docker ps --filter status=exited -q 2>/dev/null)
	docker rm -v "${volumes[@]}" 2>/dev/null
	local images
	mapfile -t images < <(docker images --filter dangling=true -q 2>/dev/null)
	docker rmi "${images[@]}" 2>/dev/null
}
del_stopped(){
	local name=$1
	local state
	state=$(docker inspect --format "{{.State.Running}}" "$name" 2>/dev/null)

	if [[ "$state" == "false" ]]; then
		docker rm "$name"
	fi
}
rmctr(){
	# shellcheck disable=SC2068
	docker rm -f $@ 2>/dev/null || true
}
relies_on(){
	for container in "$@"; do
		local state
		state=$(docker inspect --format "{{.State.Running}}" "$container" 2>/dev/null)

		if [[ "$state" == "false" ]] || [[ "$state" == "" ]]; then
			echo "$container is not running, starting it for you."
			$container
		fi
	done
}
# creates an nginx config for a local route
nginx_config(){
	server=$1
	route=$2

	cat >"${HOME}/.nginx/conf.d/${server}.conf" <<-EOF
	upstream ${server} { server ${route}; }
	server {
	server_name ${server};

	location / {
	proxy_pass  http://${server};
	proxy_http_version 1.1;
	proxy_set_header Upgrade \$http_upgrade;
	proxy_set_header Connection "upgrade";
	proxy_set_header Host \$http_host;
	proxy_set_header X-Forwarded-Proto \$scheme;
	proxy_set_header X-Forwarded-For \$remote_addr;
	proxy_set_header X-Forwarded-Port \$server_port;
	proxy_set_header X-Request-Start \$msec;
}
	}
	EOF

	# restart nginx
	docker restart nginx

	# add host to /etc/hosts
	hostess add "$server" 127.0.0.1

	# open browser
	browser-exec "http://${server}"
}

#
# Container Aliases
#
apt_file(){
	docker run --rm -it \
		--name apt-file \
		${DOCKER_REPO_PREFIX}/apt-file
}
alias apt-file="apt_file"
audacity(){
	del_stopped audacity

	docker run -d \
		-v /etc/localtime:/etc/localtime:ro \
		-v /tmp/.X11-unix:/tmp/.X11-unix \
		-e "DISPLAY=unix${DISPLAY}" \
		-e QT_DEVICE_PIXEL_RATIO \
		--device /dev/snd \
		--group-add audio \
		--name audacity \
		${DOCKER_REPO_PREFIX}/audacity
}
aws(){
	docker run -it --rm \
		-v "${HOME}/.aws:/root/.aws" \
		--log-driver none \
		--name aws \
		${DOCKER_REPO_PREFIX}/awscli "$@"
}
az(){
	docker run -it --rm \
		-v "${HOME}/.azure:/root/.azure" \
		--log-driver none \
		${DOCKER_REPO_PREFIX}/azure-cli "$@"
}
bees(){
	docker run -it --rm \
		-e NOTARY_TOKEN \
		-v "${HOME}/.bees:/root/.bees" \
		-v "${HOME}/.boto:/root/.boto" \
		-v "${HOME}/.dev:/root/.ssh:ro" \
		--log-driver none \
		--name bees \
		${DOCKER_REPO_PREFIX}/beeswithmachineguns "$@"
}
cadvisor(){
	docker run -d \
		--restart always \
		-v /:/rootfs:ro \
		-v /var/run:/var/run:rw \
		-v /sys:/sys:ro  \
		-v /var/lib/docker/:/var/lib/docker:ro \
		-p 1234:8080 \
		--name cadvisor \
		google/cadvisor

	hostess add cadvisor "$(docker inspect --format '{{.NetworkSettings.Networks.bridge.IPAddress}}' cadvisor)"
	browser-exec "http://cadvisor:8080"
}
cheese(){
	del_stopped cheese

	docker run -d \
		-v /etc/localtime:/etc/localtime:ro \
		-v /tmp/.X11-unix:/tmp/.X11-unix \
		-e "DISPLAY=unix${DISPLAY}" \
		-v "${HOME}/Pictures:/root/Pictures" \
		--device /dev/video0 \
		--device /dev/snd \
		--device /dev/dri \
		--name cheese \
		${DOCKER_REPO_PREFIX}/cheese
}
chrome(){
	# add flags for proxy if passed
	local proxy=
	local map
	local args=$*
	if [[ "$1" == "tor" ]]; then
		relies_on torproxy

		map="MAP * ~NOTFOUND , EXCLUDE torproxy"
		proxy="socks5://torproxy:9050"
		args="https://check.torproject.org/api/ip ${*:2}"
	fi

	del_stopped chrome

	# one day remove /etc/hosts bind mount when effing
	# overlay support inotify, such bullshit
	docker run -d \
		--memory 3gb \
		-v /etc/localtime:/etc/localtime:ro \
		-v /tmp/.X11-unix:/tmp/.X11-unix \
		-e "DISPLAY=unix${DISPLAY}" \
		-v "${HOME}/Downloads:/root/Downloads" \
		-v "${HOME}/Pictures:/root/Pictures" \
		-v "${HOME}/Torrents:/root/Torrents" \
		-v "${HOME}/.chrome:/data" \
		-v /dev/shm:/dev/shm \
		-v /etc/hosts:/etc/hosts \
		--security-opt seccomp:/etc/docker/seccomp/chrome.json \
		--device /dev/snd \
		--device /dev/dri \
		--device /dev/video0 \
		--device /dev/usb \
		--device /dev/bus/usb \
		--group-add audio \
		--group-add video \
		--name chrome \
		${DOCKER_REPO_PREFIX}/chrome --user-data-dir=/data \
		--proxy-server="$proxy" \
		--host-resolver-rules="$map" "$args"

}
consul(){
	if [[ -n "$(which consul)" ]]; then
		"$(which consul)" "$@"
	else
		del_stopped consul

		# check if we passed args and if consul is running
		local state
		state=$(docker inspect --format "{{.State.Running}}" consul 2>/dev/null)
		if [[ "$state" == "true" ]] && [[ "$*" != "" ]]; then
			docker exec -it consul consul "$@"
			return 0
		fi

		docker run -d \
			--restart always \
			-v "${HOME}/.consul:/etc/consul.d" \
			-v /var/run/docker.sock:/var/run/docker.sock \
			--net host \
			-e GOMAXPROCS=2 \
			--name consul \
			${DOCKER_REPO_PREFIX}/consul agent \
			-bootstrap-expect 1 \
			-config-dir /etc/consul.d \
			-data-dir /data \
			-encrypt "$(docker run --rm ${DOCKER_REPO_PREFIX}/consul keygen)" \
			-ui-dir /usr/src/consul \
			-server \
			-dc neverland \
			-bind 0.0.0.0

		hostess add consul "$(docker inspect --format '{{.NetworkSettings.Networks.bridge.IPAddress}}' consul)"
		browser-exec "http://consul:8500"
	fi
}
cura(){
	del_stopped cura

	docker run -d \
		-v /etc/localtime:/etc/localtime:ro \
		-v /tmp/.X11-unix:/tmp/.X11-unix \
		-e "DISPLAY=unix${DISPLAY}" \
		-v "${HOME}/cura:/root/cura" \
		-v "${HOME}/.cache/cura:/root/.cache/cura" \
		-v "${HOME}/.config/cura:/root/.config/cura" \
		-e QT_DEVICE_PIXEL_RATIO \
		-e GDK_SCALE \
		-e GDK_DPI_SCALE \
		--device /dev/dri \
		--name cura \
		${DOCKER_REPO_PREFIX}/cura
}
dcos(){
	docker run -it --rm \
		-v "${HOME}/.dcos:/root/.dcos" \
		-v "$(pwd):/root/apps" \
		-w /root/apps \
		${DOCKER_REPO_PREFIX}/dcos-cli "$@"
}
figma() {
	del_stopped figma

	docker run --rm -it \
		-v /etc/localtime:/etc/localtime:ro \
		-v /tmp/.X11-unix:/tmp/.X11-unix \
		-e "DISPLAY=unix${DISPLAY}" \
		--name figma \
		${DOCKER_REPO_PREFIX}/figma-wine bash
}
firefox(){
	del_stopped firefox

	docker run -d \
		--memory 2gb \
		--net host \
		--cpuset-cpus 0 \
		-v /etc/localtime:/etc/localtime:ro \
		-v /tmp/.X11-unix:/tmp/.X11-unix \
		-v "${HOME}/.firefox/cache:/root/.cache/mozilla" \
		-v "${HOME}/.firefox/mozilla:/root/.mozilla" \
		-v "${HOME}/Downloads:/root/Downloads" \
		-v "${HOME}/Pictures:/root/Pictures" \
		-v "${HOME}/Torrents:/root/Torrents" \
		-e "DISPLAY=unix${DISPLAY}" \
		-e GDK_SCALE \
		-e GDK_DPI_SCALE \
		--device /dev/snd \
		--device /dev/dri \
		--name firefox \
		${DOCKER_REPO_PREFIX}/firefox "$@"

	# exit current shell
	exit 0
}
fleetctl(){
	docker run --rm -it \
		--entrypoint fleetctl \
		-v "${HOME}/.fleet://.fleet" \
		r.j3ss.co/fleet "$@"
}
gcalcli(){
	docker run --rm -it \
		-v /etc/localtime:/etc/localtime:ro \
		-v "${HOME}/.gcalcli/home:/home/gcalcli/home" \
		-v "${HOME}/.gcalcli/work/oauth:/home/gcalcli/.gcalcli_oauth" \
		-v "${HOME}/.gcalcli/work/gcalclirc:/home/gcalcli/.gcalclirc" \
		--name gcalcli \
		${DOCKER_REPO_PREFIX}/gcalcli "$@"
}
dgcloud(){
	docker run --rm -it \
		-v "${HOME}/.gcloud:/root/.config/gcloud" \
		-v "${HOME}/.ssh:/root/.ssh:ro" \
		-v "$(command -v docker):/usr/bin/docker" \
		-v /var/run/docker.sock:/var/run/docker.sock \
		--name gcloud \
		${DOCKER_REPO_PREFIX}/gcloud "$@"
}
gimp(){
	del_stopped gimp

	docker run -d \
		-v /etc/localtime:/etc/localtime:ro \
		-v /tmp/.X11-unix:/tmp/.X11-unix \
		-e "DISPLAY=unix${DISPLAY}" \
		-v "${HOME}/Pictures:/root/Pictures" \
		-v "${HOME}/.gtkrc:/root/.gtkrc" \
		-e GDK_SCALE \
		-e GDK_DPI_SCALE \
		--name gimp \
		${DOCKER_REPO_PREFIX}/gimp
}
gitsome(){
	docker run --rm -it \
		-v /etc/localtime:/etc/localtime:ro \
		--name gitsome \
		--hostname gitsome \
		-v "${HOME}/.gitsomeconfig:/home/anon/.gitsomeconfig" \
		-v "${HOME}/.gitsomeconfigurl:/home/anon/.gitsomeconfigurl" \
		${DOCKER_REPO_PREFIX}/gitsome
}
hollywood(){
	docker run --rm -it \
		--name hollywood \
		${DOCKER_REPO_PREFIX}/hollywood
}
htop(){
	if [[ -n "$(which htop)" ]]; then
		"$(which htop)" "$@"
	else
		docker run --rm -it \
			--pid host \
			--net none \
			--name htop \
			${DOCKER_REPO_PREFIX}/htop
	fi
}
htpasswd(){
	docker run --rm -it \
		--net none \
		--name htpasswd \
		--log-driver none \
		${DOCKER_REPO_PREFIX}/htpasswd "$@"
}
http(){
	docker run -t --rm \
		-v /var/run/docker.sock:/var/run/docker.sock \
		--log-driver none \
		${DOCKER_REPO_PREFIX}/httpie "$@"
}
imagemin(){
	local image=$1
	local extension="${image##*.}"
	local filename="${image%.*}"

	docker run --rm -it \
		-v /etc/localtime:/etc/localtime:ro \
		-v "${HOME}/Pictures:/root/Pictures" \
		${DOCKER_REPO_PREFIX}/imagemin sh -c "imagemin /root/Pictures/${image} > /root/Pictures/${filename}_min.${extension}"
}
irssi() {
	del_stopped irssi
	# relies_on notify_osd

	docker run --rm -it \
		--user root \
		-v "${HOME}/.irssi:/home/user/.irssi" \
		${DOCKER_REPO_PREFIX}/irssi \
		chown -R user /home/user/.irssi

	docker run --rm -it \
		-v /etc/localtime:/etc/localtime:ro \
		-v "${HOME}/.irssi:/home/user/.irssi" \
		--read-only \
		--name irssi \
		${DOCKER_REPO_PREFIX}/irssi
}
john(){
	local file
	file=$(realpath "$1")

	docker run --rm -it \
		-v "${file}:/root/$(basename "${file}")" \
		${DOCKER_REPO_PREFIX}/john "$@"
}
kernel_builder(){
	docker run --rm -it \
		-v /usr/src:/usr/src \
		-v /lib/modules:/lib/modules \
		-v /boot:/boot \
		--name kernel-builder \
		${DOCKER_REPO_PREFIX}/kernel-builder
}
keypassxc(){
	del_stopped keypassxc

	docker run -d \
		-v /etc/localtime:/etc/localtime:ro \
		-v /tmp/.X11-unix:/tmp/.X11-unix \
		-v /usr/share/X11/xkb:/usr/share/X11/xkb:ro \
		-e "DISPLAY=unix${DISPLAY}" \
		-v /etc/machine-id:/etc/machine-id:ro \
		--name keypassxc \
		${DOCKER_REPO_PREFIX}/keepassxc
}
kicad(){
	del_stopped kicad

	docker run -d \
		-v /etc/localtime:/etc/localtime:ro \
		-v /tmp/.X11-unix:/tmp/.X11-unix \
		-e "DISPLAY=unix${DISPLAY}" \
		-v "${HOME}/kicad:/root/kicad" \
		-v "${HOME}/.cache/kicad:/root/.cache/kicad" \
		-v "${HOME}/.config/kicad:/root/.config/kicad" \
		-e QT_DEVICE_PIXEL_RATIO \
		-e GDK_SCALE \
		-e GDK_DPI_SCALE \
		--device /dev/dri \
		--name kicad \
		${DOCKER_REPO_PREFIX}/kicad
}
kvm(){
	del_stopped kvm
	relies_on pulseaudio

	# modprobe the module
	modprobe kvm

	docker run -d \
		--tmpfs /var/run \
		-v /etc/localtime:/etc/localtime:ro \
		-v /tmp/.X11-unix:/tmp/.X11-unix \
		-v "${HOME}/kvm:/root/kvm" \
		-e "DISPLAY=unix${DISPLAY}" \
		-e GDK_SCALE \
		-e GDK_DPI_SCALE \
		-e QT_DEVICE_PIXEL_RATIO \
		--link pulseaudio:pulseaudio \
		-e PULSE_SERVER=pulseaudio \
		--group-add audio \
		--name kvm \
		--privileged \
		${DOCKER_REPO_PREFIX}/kvm
}
libreoffice(){
	del_stopped libreoffice

	docker run -d \
		-v /etc/localtime:/etc/localtime:ro \
		-v /tmp/.X11-unix:/tmp/.X11-unix \
		-e "DISPLAY=unix${DISPLAY}" \
		-v "${HOME}/slides:/root/slides" \
		-e GDK_SCALE \
		-e GDK_DPI_SCALE \
		--name libreoffice \
		${DOCKER_REPO_PREFIX}/libreoffice
}
lpass(){
	docker run --rm -it \
		-v "${HOME}/.lpass:/root/.lpass" \
		--name lpass \
		${DOCKER_REPO_PREFIX}/lpass "$@"
}
lynx(){
	if [[ -n "$(which lynx)" ]]; then
		"$(which lynx)" "$@"
	else
		docker run --rm -it \
			--name lynx \
			${DOCKER_REPO_PREFIX}/lynx "$@"
	fi
}
masscan(){
	docker run -it --rm \
		--log-driver none \
		--net host \
		--cap-add NET_ADMIN \
		--name masscan \
		${DOCKER_REPO_PREFIX}/masscan "$@"
}

mpd(){
	del_stopped mpd

	# adding cap sys_admin so I can use nfs mount
	# the container runs as a unpriviledged user mpd
	docker run -d \
		--device /dev/snd \
		--cap-add SYS_ADMIN \
		-e MPD_HOST=/var/lib/mpd/socket \
		-v /etc/localtime:/etc/localtime:ro \
		-v /etc/exports:/etc/exports:ro \
		-v "${HOME}/.mpd:/var/lib/mpd" \
		-v "${HOME}/.mpd.conf:/etc/mpd.conf" \
		--name mpd \
		${DOCKER_REPO_PREFIX}/mpd
}
mutt(){
	# subshell so we dont overwrite variables
	(
	local account=$1
	export IMAP_SERVER
	export SMTP_SERVER

	if [[ "$account" == "riseup" ]]; then
		export GMAIL=$MAIL_RISEUP
		export GMAIL_NAME=$MAIL_RISEUP_NAME
		export GMAIL_PASS=$MAIL_RISEUP_PASS
		export GMAIL_FROM=$MAIL_RISEUP_FROM
		IMAP_SERVER=mail.riseup.net
		SMTP_SERVER=$IMAP_SERVER
	fi

	docker run -it --rm \
		-e GMAIL \
		-e GMAIL_NAME \
		-e GMAIL_PASS \
		-e GMAIL_FROM \
		-e GPG_ID \
		-e IMAP_SERVER \
		-e SMTP_SERVER \
		-v "${HOME}/.gnupg:/home/user/.gnupg:ro" \
		-v /etc/localtime:/etc/localtime:ro \
		--name "mutt-${account}" \
		${DOCKER_REPO_PREFIX}/mutt
	)
}
ncmpc(){
	del_stopped ncmpc

	docker run --rm -it \
		-v "${HOME}/.mpd/socket:/var/run/mpd/socket" \
		-e MPD_HOST=/var/run/mpd/socket \
		--name ncmpc \
		${DOCKER_REPO_PREFIX}/ncmpc "$@"
}
neoman(){
	del_stopped neoman

	docker run -d \
		-v /etc/localtime:/etc/localtime:ro \
		-v /tmp/.X11-unix:/tmp/.X11-unix \
		-e "DISPLAY=unix${DISPLAY}" \
		--device /dev/bus/usb \
		--device /dev/usb \
		--name neoman \
		${DOCKER_REPO_PREFIX}/neoman
}
nes(){
	del_stopped nes
	local game=$1

	docker run -d \
		-v /tmp/.X11-unix:/tmp/.X11-unix \
		-e "DISPLAY=unix${DISPLAY}" \
		--device /dev/dri \
		--device /dev/snd \
		--name nes \
		${DOCKER_REPO_PREFIX}/nes "/games/${game}.rom"
}
netcat(){
	docker run --rm -it \
		--net host \
		${DOCKER_REPO_PREFIX}/netcat "$@"
}
nginx(){
	del_stopped nginx

	docker run -d \
		--restart always \
		-v "${HOME}/.nginx:/etc/nginx" \
		--net host \
		--name nginx \
		nginx

	# add domain to hosts & open nginx
	sudo hostess add jess 127.0.0.1
}
nmap(){
	if [[ -n "$(which nmap)" ]]; then
		"$(which nmap)" "$@"
	else
		docker run --rm -it \
			--net host \
			${DOCKER_REPO_PREFIX}/nmap "$@"
	fi
}
notify_osd(){
	del_stopped notify_osd

	docker run -d \
		-v /etc/localtime:/etc/localtime:ro \
		-v /tmp/.X11-unix:/tmp/.X11-unix \
		--net none \
		-v /etc \
		-v /home/user/.dbus \
		-v /home/user/.cache/dconf \
		-e "DISPLAY=unix${DISPLAY}" \
		--name notify_osd \
		${DOCKER_REPO_PREFIX}/notify-osd
}
alias notify-send=notify_send
notify_send(){
	relies_on notify_osd
	local args=${*:2}
	docker exec -i notify_osd notify-send "$1" "${args}"
}
now(){
	docker run -it --rm \
		-v "${HOME}/.now:/root/.now" \
		-v "$(pwd):/usr/src/repo:ro" \
		--workdir /usr/src/repo \
		--log-driver none \
		${DOCKER_REPO_PREFIX}/now "$@"
}
openscad(){
	del_stopped openscad

	docker run -d \
		-v /etc/localtime:/etc/localtime:ro \
		-v /tmp/.X11-unix:/tmp/.X11-unix \
		-e "DISPLAY=unix${DISPLAY}" \
		-v "${HOME}/openscad:/root/openscad" \
		-v "${HOME}/.config/OpenSCAD:/root/.config/OpenSCAD" \
		-e QT_DEVICE_PIXEL_RATIO \
		-e GDK_SCALE \
		-e GDK_DPI_SCALE \
		--device /dev/dri \
		--name openscad \
		${DOCKER_REPO_PREFIX}/openscad
}
opensnitch(){
	del_stopped opensnitchd
	del_stopped opensnitch

	docker run -d \
		-v /etc/localtime:/etc/localtime:ro \
		--net host \
		--cap-add NET_ADMIN \
		-v /etc/machine-id:/etc/machine-id:ro \
		-v /var/run/dbus:/var/run/dbus \
		-v /usr/share/dbus-1:/usr/share/dbus-1 \
		-v "/var/run/user/$(id -u):/var/run/user/$(id -u)" \
		-e DBUS_SESSION_BUS_ADDRESS \
		-e XAUTHORITY \
		-v "${HOME}/.Xauthority:$HOME/.Xauthority" \
		-v /tmp:/tmp \
		--name opensnitchd \
		${DOCKER_REPO_PREFIX}/opensnitchd

	docker run -d \
		-v /etc/localtime:/etc/localtime:ro \
		-v /tmp/.X11-unix:/tmp/.X11-unix \
		-e "DISPLAY=unix${DISPLAY}" \
		-v /usr/share/X11:/usr/share/X11:ro \
		-v /usr/share/dbus-1:/usr/share/dbus-1 \
		-v /etc/machine-id:/etc/machine-id:ro \
		-v /var/run/dbus:/var/run/dbus \
		-v "/var/run/user/$(id -u):/var/run/user/$(id -u)" \
		-e DBUS_SESSION_BUS_ADDRESS \
		-e XAUTHORITY \
		-v "${HOME}/.Xauthority:$HOME/.Xauthority" \
		-e HOME \
		-e QT_DEVICE_PIXEL_RATIO \
		-e XDG_RUNTIME_DIR \
		-v /etc/passwd:/etc/passwd:ro \
		-v /etc/group:/etc/group:ro \
		-v /tmp:/tmp \
		-u "$(id -u)" -w "$HOME" \
		--net host \
		--name opensnitch \
		${DOCKER_REPO_PREFIX}/opensnitch
}
osquery(){
	rmctr osquery

	docker run -d --restart always \
		-v /etc/localtime:/etc/localtime:ro \
		-v /var/run/docker.sock:/var/run/docker.sock \
		-v /etc/os-release:/etc/os-release:ro \
		--net host \
		--ipc host \
		--pid host \
		-e OSQUERY_ENROLL_SECRET \
		--name osquery \
		--privileged \
		${DOCKER_REPO_PREFIX}/osquery \
		--verbose \
		--enroll_secret_env=OSQUERY_ENROLL_SECRET \
		--docker_socket=/var/run/docker.sock \
		--host_identifier=hostname \
		--tls_hostname="${OSQUERY_DOMAIN}" \
		--enroll_tls_endpoint=/api/v1/osquery/enroll \
		--config_plugin=tls \
		--config_tls_endpoint=/api/v1/osquery/config \
		--config_tls_refresh=10 \
		--disable_distributed=false \
		--distributed_plugin=tls \
		--distributed_interval=10 \
		--distributed_tls_max_attempts=3 \
		--distributed_tls_read_endpoint=/api/v1/osquery/distributed/read \
		--distributed_tls_write_endpoint=/api/v1/osquery/distributed/write \
		--logger_plugin=tls \
		--logger_tls_endpoint=/api/v1/osquery/log \
		--logger_tls_period=10
}
pandoc(){
	if [[ -n "$(which pandoc)" ]]; then
		"$(which pandoc)" "$@"
	else
		local file=${*: -1}
		local lfile
		lfile=$(readlink -m "$(pwd)/${file}")
		local rfile
		rfile=$(readlink -m "/$(basename "$file")")
		local args=${*:1:${#@}-1}

		docker run --rm \
			-v "${lfile}:${rfile}" \
			-v /tmp:/tmp \
			--name pandoc \
			${DOCKER_REPO_PREFIX}/pandoc "${args}" "${rfile}"
	fi
}
pivman(){
	del_stopped pivman

	docker run -d \
		-v /etc/localtime:/etc/localtime:ro \
		-v /tmp/.X11-unix:/tmp/.X11-unix \
		-e "DISPLAY=unix${DISPLAY}" \
		--device /dev/bus/usb \
		--device /dev/usb \
		--name pivman \
		${DOCKER_REPO_PREFIX}/pivman
}
pms(){
	del_stopped pms

	docker run --rm -it \
		-v "${HOME}/.mpd/socket:/var/run/mpd/socket" \
		-e MPD_HOST=/var/run/mpd/socket \
		--name pms \
		${DOCKER_REPO_PREFIX}/pms "$@"
}
pond(){
	del_stopped pond
	relies_on torproxy

	docker run --rm -it \
		--net container:torproxy \
		--name pond \
		${DOCKER_REPO_PREFIX}/pond
}
privoxy(){
	del_stopped privoxy
	relies_on torproxy

	docker run -d \
		--restart always \
		--link torproxy:torproxy \
		-v /etc/localtime:/etc/localtime:ro \
		-p 8118:8118 \
		--name privoxy \
		${DOCKER_REPO_PREFIX}/privoxy

	hostess add privoxy "$(docker inspect --format '{{.NetworkSettings.Networks.bridge.IPAddress}}' privoxy)"
}
pulseaudio(){
	del_stopped pulseaudio

	docker run -d \
		-v /etc/localtime:/etc/localtime:ro \
		--device /dev/snd \
		-p 4713:4713 \
		--restart always \
		--group-add audio \
		--name pulseaudio \
		${DOCKER_REPO_PREFIX}/pulseaudio
}
rainbowstream(){
	docker run -it --rm \
		-v /etc/localtime:/etc/localtime:ro \
		-v "${HOME}/.rainbow_oauth:/root/.rainbow_oauth" \
		-v "${HOME}/.rainbow_config.json:/root/.rainbow_config.json" \
		--name rainbowstream \
		${DOCKER_REPO_PREFIX}/rainbowstream
}
registrator(){
	del_stopped registrator

	docker run -d --restart always \
		-v /var/run/docker.sock:/tmp/docker.sock \
		--net host \
		--name registrator \
		gliderlabs/registrator consul:
}
remmina(){
	del_stopped remmina

	docker run -d \
		-v /etc/localtime:/etc/localtime:ro \
		-v /tmp/.X11-unix:/tmp/.X11-unix \
		-e "DISPLAY=unix${DISPLAY}" \
		-e GDK_SCALE \
		-e GDK_DPI_SCALE \
		-v "${HOME}/.remmina:/root/.remmina" \
		--name remmina \
		--net host \
		${DOCKER_REPO_PREFIX}/remmina
}
ricochet(){
	del_stopped ricochet

	docker run -d \
		-v /etc/localtime:/etc/localtime:ro \
		-v /tmp/.X11-unix:/tmp/.X11-unix \
		-e "DISPLAY=unix${DISPLAY}" \
		-e GDK_SCALE \
		-e GDK_DPI_SCALE \
		-e QT_DEVICE_PIXEL_RATIO \
		--device /dev/dri \
		--name ricochet \
		${DOCKER_REPO_PREFIX}/ricochet
}
rstudio(){
	del_stopped rstudio

	docker run -d \
		-v /etc/localtime:/etc/localtime:ro \
		-v /tmp/.X11-unix:/tmp/.X11-unix \
		-v "${HOME}/fastly-logs:/root/fastly-logs" \
		-v /dev/shm:/dev/shm \
		-e "DISPLAY=unix${DISPLAY}" \
		-e QT_DEVICE_PIXEL_RATIO \
		--device /dev/dri \
		--name rstudio \
		${DOCKER_REPO_PREFIX}/rstudio
}
s3cmdocker(){
	del_stopped s3cmd

	docker run --rm -it \
		-e AWS_ACCESS_KEY="${DOCKER_AWS_ACCESS_KEY}" \
		-e AWS_SECRET_KEY="${DOCKER_AWS_ACCESS_SECRET}" \
		-v "$(pwd):/root/s3cmd-workspace" \
		--name s3cmd \
		${DOCKER_REPO_PREFIX}/s3cmd "$@"
}
scudcloud(){
	del_stopped scudcloud

	docker run -d \
		-v /etc/localtime:/etc/localtime:ro \
		-v /tmp/.X11-unix:/tmp/.X11-unix \
		-e "DISPLAY=unix${DISPLAY}" \
		-v /etc/machine-id:/etc/machine-id:ro \
		-v /var/run/dbus:/var/run/dbus \
		-v "/var/run/user/$(id -u):/var/run/user/$(id -u)" \
		-e TERM \
		-e XAUTHORITY \
		-e DBUS_SESSION_BUS_ADDRESS \
		-e HOME \
		-e QT_DEVICE_PIXEL_RATIO \
		-v /etc/passwd:/etc/passwd:ro \
		-v /etc/group:/etc/group:ro \
		-u "$(whoami)" -w "$HOME" \
		-v "${HOME}/.Xauthority:$HOME/.Xauthority" \
		-v "${HOME}/.scudcloud:/home/jessie/.config/scudcloud" \
		--device /dev/snd \
		--name scudcloud \
		${DOCKER_REPO_PREFIX}/scudcloud

	# exit current shell
	exit 0
}
shorewall(){
	del_stopped shorewall

	docker run --rm -it \
		--net host \
		--cap-add NET_ADMIN \
		--privileged \
		--name shorewall \
		${DOCKER_REPO_PREFIX}/shorewall "$@"
}
skype(){
	del_stopped skype
	relies_on pulseaudio

	docker run -d \
		-v /etc/localtime:/etc/localtime:ro \
		-v /tmp/.X11-unix:/tmp/.X11-unix \
		-e "DISPLAY=unix${DISPLAY}" \
		--link pulseaudio:pulseaudio \
		-e PULSE_SERVER=pulseaudio \
		--security-opt seccomp:unconfined \
		--device /dev/video0 \
		--group-add video \
		--group-add audio \
		--name skype \
		${DOCKER_REPO_PREFIX}/skype
}
slack(){
	del_stopped slack

	docker run -d \
		-v /etc/localtime:/etc/localtime:ro \
		-v /tmp/.X11-unix:/tmp/.X11-unix \
		-e "DISPLAY=unix${DISPLAY}" \
		--device /dev/snd \
		--device /dev/dri \
		--device /dev/video0 \
		--group-add audio \
		--group-add video \
		-v "${HOME}/.slack:/root/.config/Slack" \
		--ipc="host" \
		--name slack \
		${DOCKER_REPO_PREFIX}/slack "$@"
}
spotify(){
	del_stopped spotify

	docker run -d \
		-v /etc/localtime:/etc/localtime:ro \
		-v /tmp/.X11-unix:/tmp/.X11-unix \
		-e "DISPLAY=unix${DISPLAY}" \
		-e QT_DEVICE_PIXEL_RATIO \
		--security-opt seccomp:unconfined \
		--device /dev/snd \
		--device /dev/dri \
		--group-add audio \
		--group-add video \
		--name spotify \
		${DOCKER_REPO_PREFIX}/spotify
}
ssh2john(){
	local file
	file=$(realpath "$1")

	docker run --rm -it \
		-v "${file}:/root/$(basename "${file}")" \
		--entrypoint ssh2john \
		${DOCKER_REPO_PREFIX}/john "$@"
}
sshb0t(){
	del_stopped sshb0t

	if [[ ! -d "${HOME}/.ssh" ]]; then
		mkdir -p "${HOME}/.ssh"
	fi

	if [[ ! -f "${HOME}/.ssh/authorized_keys" ]]; then
		touch "${HOME}/.ssh/authorized_keys"
	fi

	GITHUB_USER=${GITHUB_USER:=jessfraz}

	docker run --rm -it \
		--name sshb0t \
		-v "${HOME}/.ssh/authorized_keys:/root/.ssh/authorized_keys" \
		r.j3ss.co/sshb0t \
		--user "${GITHUB_USER}" --keyfile /root/.ssh/authorized_keys --once
}
steam(){
	del_stopped steam
	relies_on pulseaudio

	docker run -d \
		-v /etc/localtime:/etc/localtime:ro \
		-v /etc/machine-id:/etc/machine-id:ro \
		-v /var/run/dbus:/var/run/dbus \
		-v /tmp/.X11-unix:/tmp/.X11-unix \
		-v "${HOME}/.steam:/home/steam" \
		-e "DISPLAY=unix${DISPLAY}" \
		--link pulseaudio:pulseaudio \
		-e PULSE_SERVER=pulseaudio \
		--device /dev/dri \
		--name steam \
		${DOCKER_REPO_PREFIX}/steam
}
t(){
	docker run -t --rm \
		-v "${HOME}/.trc:/root/.trc" \
		--log-driver none \
		${DOCKER_REPO_PREFIX}/t "$@"
}
tarsnap(){
	docker run --rm -it \
		-v "${HOME}/.tarsnaprc:/root/.tarsnaprc" \
		-v "${HOME}/.tarsnap:/root/.tarsnap" \
		-v "$HOME:/root/workdir" \
		${DOCKER_REPO_PREFIX}/tarsnap "$@"
}
telnet(){
	docker run -it --rm \
		--log-driver none \
		${DOCKER_REPO_PREFIX}/telnet "$@"
}
termboy(){
	del_stopped termboy
	local game=$1

	docker run --rm -it \
		--device /dev/snd \
		--name termboy \
		${DOCKER_REPO_PREFIX}/nes "/games/${game}.rom"
}
terraform(){
	if [[ -n "$(which terraform)" ]]; then
		"$(which terraform)" "$@"
	else
		docker run -it --rm \
			-v "${HOME}:${HOME}:ro" \
			-v "$(pwd):/usr/src/repo" \
			-v /tmp:/tmp \
			--workdir /usr/src/repo \
			--log-driver none \
			-e GOOGLE_APPLICATION_CREDENTIALS \
			-e SSH_AUTH_SOCK \
			${DOCKER_REPO_PREFIX}/terraform "$@"
	fi
}
tor(){
	del_stopped tor

	docker run -d \
		--net host \
		--name tor \
		${DOCKER_REPO_PREFIX}/tor

	# set up the redirect iptables rules
	sudo setup-tor-iptables

	# validate we are running through tor
	browser-exec "https://check.torproject.org/"
}
torbrowser(){
	del_stopped torbrowser

	docker run -d \
		-v /etc/localtime:/etc/localtime:ro \
		-v /tmp/.X11-unix:/tmp/.X11-unix \
		-e "DISPLAY=unix${DISPLAY}" \
		-e GDK_SCALE \
		-e GDK_DPI_SCALE \
		--device /dev/snd \
		--name torbrowser \
		${DOCKER_REPO_PREFIX}/tor-browser

	# exit current shell
	exit 0
}
tormessenger(){
	del_stopped tormessenger

	docker run -d \
		-v /etc/localtime:/etc/localtime:ro \
		-v /tmp/.X11-unix:/tmp/.X11-unix \
		-e "DISPLAY=unix${DISPLAY}" \
		-e GDK_SCALE \
		-e GDK_DPI_SCALE \
		--device /dev/snd \
		--name tormessenger \
		${DOCKER_REPO_PREFIX}/tor-messenger

	# exit current shell
	exit 0
}
torproxy(){
	del_stopped torproxy

	docker run -d \
		--restart always \
		-v /etc/localtime:/etc/localtime:ro \
		-p 9050:9050 \
		--name torproxy \
		${DOCKER_REPO_PREFIX}/tor-proxy

	hostess add torproxy "$(docker inspect --format '{{.NetworkSettings.Networks.bridge.IPAddress}}' torproxy)"
}
traceroute(){
	docker run --rm -it \
		--net host \
		${DOCKER_REPO_PREFIX}/traceroute "$@"
}
transmission(){
	del_stopped transmission

	docker run -d \
		-v /etc/localtime:/etc/localtime:ro \
		-v "${HOME}/Torrents:/transmission/download" \
		-v "${HOME}/.transmission:/transmission/config" \
		-p 9091:9091 \
		-p 51413:51413 \
		-p 51413:51413/udp \
		--name transmission \
		${DOCKER_REPO_PREFIX}/transmission


	hostess add transmission "$(docker inspect --format '{{.NetworkSettings.Networks.bridge.IPAddress}}' transmission)"
	browser-exec "http://transmission:9091"
}
travis(){
	docker run -it --rm \
		-v "${HOME}/.travis:/root/.travis" \
		-v "$(pwd):/usr/src/repo:ro" \
		--workdir /usr/src/repo \
		--log-driver none \
		${DOCKER_REPO_PREFIX}/travis "$@"
}
virsh(){
	relies_on kvm

	docker run -it --rm \
		-v /etc/localtime:/etc/localtime:ro \
		-v /run/libvirt:/var/run/libvirt \
		--log-driver none \
		--net container:kvm \
		${DOCKER_REPO_PREFIX}/libvirt-client "$@"
}
virtualbox(){
	del_stopped virtualbox

	docker run -d \
		-v /etc/localtime:/etc/localtime:ro \
		-v /tmp/.X11-unix:/tmp/.X11-unix \
		-e "DISPLAY=unix${DISPLAY}" \
		--privileged \
		--name virtualbox \
		${DOCKER_REPO_PREFIX}/virtualbox
}
virt_viewer(){
	relies_on kvm

	docker run -it --rm \
		-v /etc/localtime:/etc/localtime:ro \
		-v /tmp/.X11-unix:/tmp/.X11-unix  \
		-e "DISPLAY=unix${DISPLAY}" \
		-v /run/libvirt:/var/run/libvirt \
		-e PULSE_SERVER=pulseaudio \
		--group-add audio \
		--log-driver none \
		--net container:kvm \
		${DOCKER_REPO_PREFIX}/virt-viewer "$@"
}
alias virt-viewer="virt_viewer"
visualstudio(){
	del_stopped visualstudio

	docker run -d \
		-v /etc/localtime:/etc/localtime:ro \
		-v /tmp/.X11-unix:/tmp/.X11-unix  \
		-e "DISPLAY=unix${DISPLAY}" \
		--device /dev/dri \
		--name visualstudio \
		${DOCKER_REPO_PREFIX}/vscode
}
alias vscode="visualstudio"
vlc(){
	del_stopped vlc
	relies_on pulseaudio

	docker run -d \
		-v /etc/localtime:/etc/localtime:ro \
		-v /tmp/.X11-unix:/tmp/.X11-unix \
		-e "DISPLAY=unix${DISPLAY}" \
		-e GDK_SCALE \
		-e GDK_DPI_SCALE \
		-e QT_DEVICE_PIXEL_RATIO \
		--link pulseaudio:pulseaudio \
		-e PULSE_SERVER=pulseaudio \
		--group-add audio \
		--group-add video \
		-v "${HOME}/Torrents:/home/vlc/Torrents" \
		--device /dev/dri \
		--name vlc \
		${DOCKER_REPO_PREFIX}/vlc
}
watchman(){
	del_stopped watchman

	docker run -d \
		-v /etc/localtime:/etc/localtime:ro \
		-v "${HOME}/Downloads:/root/Downloads" \
		--name watchman \
		${DOCKER_REPO_PREFIX}/watchman --foreground
}
weematrix(){
	del_stopped weematrix

	docker run --rm -it \
		--user root \
		-v "${HOME}/.weechat:/home/user/.weechat" \
		${DOCKER_REPO_PREFIX}/weechat-matrix \
		chown -R user /home/user/.weechat

	docker run --rm -it \
		-v /etc/localtime:/etc/localtime:ro \
		-v "${HOME}/.weechat:/home/user/.weechat" \
		-e "TERM=screen" \
		--name weematrix \
		${DOCKER_REPO_PREFIX}/weechat-matrix
}
weeslack(){
	del_stopped weeslack

	docker run --rm -it \
		--user root \
		-v "${HOME}/.weechat:/home/user/.weechat" \
		${DOCKER_REPO_PREFIX}/wee-slack \
		chown -R user /home/user/.weechat

	docker run --rm -it \
		-v /etc/localtime:/etc/localtime:ro \
		-v "${HOME}/.weechat:/home/user/.weechat" \
		--name weeslack \
		${DOCKER_REPO_PREFIX}/wee-slack
}
wg(){
	docker run -i --rm \
		--log-driver none \
		-v /tmp:/tmp \
		--cap-add NET_ADMIN \
		--net host \
		--name wg \
		${DOCKER_REPO_PREFIX}/wg "$@"
}
wireshark(){
	del_stopped wireshark

	docker run -d \
		-v /etc/localtime:/etc/localtime:ro \
		-v /tmp/.X11-unix:/tmp/.X11-unix \
		-e "DISPLAY=unix${DISPLAY}" \
		--cap-add NET_RAW \
		--cap-add NET_ADMIN \
		--net host \
		--name wireshark \
		${DOCKER_REPO_PREFIX}/wireshark
}
wrk(){
	docker run -it --rm \
		--log-driver none \
		--name wrk \
		${DOCKER_REPO_PREFIX}/wrk "$@"
}
ykman(){
	del_stopped ykman

	if [[ -n "$(which ykman)" ]]; then
		"$(which ykman)" "$@"
	else
		docker run --rm -it \
			-v /etc/localtime:/etc/localtime:ro \
			--device /dev/usb \
			--device /dev/bus/usb \
			--name ykman \
			${DOCKER_REPO_PREFIX}/ykman bash
	fi
}
ykpersonalize(){
	del_stopped ykpersonalize

	if [[ -n "$(which ykpersonalize)" ]]; then
		"$(which ykpersonalize)" "$@"
	else
		docker run --rm -it \
			-v /etc/localtime:/etc/localtime:ro \
			--device /dev/usb \
			--device /dev/bus/usb \
			--name ykpersonalize \
			${DOCKER_REPO_PREFIX}/ykpersonalize bash
	fi
}
yubico_piv_tool(){
	del_stopped yubico-piv-tool

	if [[ -n "$(which yubico-piv-tool)" ]]; then
		"$(which yubico-piv-tool)" "$@"
	else
		docker run --rm -it \
			-v /etc/localtime:/etc/localtime:ro \
			--device /dev/usb \
			--device /dev/bus/usb \
			--name yubico-piv-tool \
			${DOCKER_REPO_PREFIX}/yubico-piv-tool bash
	fi
}
alias yubico-piv-tool="yubico_piv_tool"