ssh-keygen -f /opt/autopeer/id_autopeer -N ''
echo "You need to add your new SSH key (/opt/autopeer/id_autopeer) to dn42 gitea to clone the repo:"
cat /opt/autopeer/id_autopeer.pub
echo
read -p "Press enter once you've done that..."


apt install -y git # you needed this to clone
apt install -y vim curl wget man-db whois bind9 bind9-dnsutils bird2 # suggestions
apt install -y python3 wireguard-tools cron socat make libpam-dev gpg libssl-dev # dependencies
ln -s /opt/autopeer/sshd_config /etc/ssh/sshd_config.d/autopeer.conf
systemctl reload ssh
addgroup autopeer
adduser --disabled-password --comment '' new
cat >>/etc/ssh/ssh_known_hosts <<EOF
git.dn42,git.dn42.dev ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDCZ3kp23U/8U/12k462IX0rBAuZIBw9bjoA7olxg1LQPF+akz48sB7E1FAuGTNOFyt2Q4h70j4ksO9o2/L3yeUYeekdRUFkS3K9cReLk1MQYZx3teLT/Nwzu6IKmalZaQgctegqnEJRagoqN/PptU/WUxmvOTR/zamb++XGDiTcjCf24pQNPMpqZqcB2PKZCRoNX19yGngwrugOpTdoqBJQf4wKiejN39CJHPPBgWZoNIrQ2SktgS4o8TquPPFsoVzjV9napKKMCcx5pYACeyLxqotqbLQWSIrgK2WznnMf8aCzgIHNsgO0meUxA2MYlJCZRjTKgedCQ5JinQIdQyp
git.dn42,git.dn42.dev ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBKoCj62akks85kfkX9CPMo1cqIaVMnr43k1AUCIQMSM3Jy6wStCvZVvTkDfnuMdZYVkmbxAOvupK4qXQje7n/eQ=
git.dn42,git.dn42.dev ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIH0fsmrx1IPJZ/gfV46O6kq1Rry0ZeOrdCa10pohQRG
EOF

git -c core.sshcommand="ssh -i /opt/autopeer/id_autopeer" clone git@git.dn42.dev:dn42/registry.git /opt/autopeer/dn42-registry
git -C /opt/autopeer/dn42-registry config core.sshCommand  "ssh -i /opt/autopeer/id_autopeer"

ln -s /opt/autopeer/crond.autopeer /etc/cron.d/autopeer
ln -s /opt/autopeer/pamd.autopeer /etc/pam.d/autopeer

ln -s /opt/autopeer/sysctld.autopeer /etc/sysctl.d/99-dn42.conf
systemctl restart systemd-sysctl

umask 0007
mkdir /opt/autopeer/db
echo 'CREATE TABLE peers (name, asn, ipll, endpoint, port, pubkey, creator_ip, creator_name, creator_date, deleted, primary key (name, asn));' | python3 -m sqlite3 /opt/autopeer/db/sqlite3.db
chgrp -R autopeer /opt/autopeer/db/
chmod 770 /opt/autopeer/db
chmod 660 /opt/autopeer/db/sqlite3.db

umask 0077
wg genkey >/etc/wireguard/privkey
umask 0022
wg pubkey </etc/wireguard/privkey >/etc/wireguard/pubkey

chmod 711 /etc/wireguard

mkdir /var/log/autopeer
chmod 1770 /var/log/autopeer
chown root:autopeer /var/log/autopeer