#!/bin/bash
set -xuo pipefail
trap "stop; exit 0;" SIGTERM SIGINT

SERVICES=(krb5-kdc krb5-admin-server nfs-kernel-server)
stop()
{
	echo "signal caught, stopping the world..."
	exportfs -uav
    for i in "${SERVICES[@]}"; do
        service "$i" stop;
    done;
	echo "bye!"
	exit
}

DEFAULT_PERMITTED="*"
RW_MODE="rw"
UID=${NFS_UID:-0}
DOMAIN=$(echo "$NFS_KRB_REALM" | tr '[:upper:]' '[:lower]')
if [ -n "${SHARED_DIRECTORY}" ]; then
    options="(${RW_MODE:-rw},\
nohide,sync,no_subtree_check,insecure,no_root_squash,crossmnt,sec=krb5p:krb5i:krb5,fsid=0)"
    cat > /etc/exports <<EOE
    ${SHARED_DIRECTORY} ${PERMITTED:-${DEFAULT_PERMITTED}}$options
    # / ${PERMITTED:-${DEFAULT_PERMITTED}}${options%?},fsid=0)
EOE

# nfs v4 root export hack
    if [ "$(dirname "${SHARED_DIRECTORY}")" != "/" ]; then
        cat >> /etc/exports <<-EOE
        # $(dirname "${SHARED_DIRECTORY}") ${PERMITTED:-${DEFAULT_PERMITTED}}${options%?})
EOE
    fi 
	chmod 777 "${SHARED_DIRECTORY}"
fi

cat > /etc/krb5.conf << EOL
[logging]
    default = SYSLOG:DEBUG
    kdc = SYSLOG:DEBUG 
    admin_server = SYSLOG:DEBUG 

[libdefaults]
    dns_lookup_realm = false
    ticket_lifetime = 24h
    renew_lifetime = 7d
    forwardable = true
    rdns = false
    default_realm = ${NFS_KRB_REALM}

[realms]
    ${NFS_KRB_REALM} = {
        kdc = localhost 
        admin_server = localhost
    }
EOL
cat > /etc/idmapd.conf << EOC
[General]
Domain = $DOMAIN
Verbosity = 5
EOC

cat > /etc/nfs.conf << EOC
[general]
pipefs-directory=/run/rpc_pipefs

[exportfs]
debug=1

[gssd]
verbosity=5
rpc-verbosity=5
keytab-file=/etc/krb5.keytab

[exportd]
debug="all"

[mountd]
debug="all"
manage-gids=y
port=892

[nfsdcld]
debug=1

[nfsdcltrack]
debug=1

[nfsd]
debug=1
# threads=8
# host=
# grace-time=90
# lease-time=90
udp=y
tcp=y
vers3=y
vers4=y
vers4.0=y
vers4.1=y
vers4.2=y
EOC

cat > /etc/default/nfs-common << EOC
NEED_STATD=y

# Do you want to start the idmapd daemon? It is only needed for NFSv4.
NEED_IDMAPD=y

# Do you want to start the gssd daemon? It is required for Kerberos mounts.
NEED_GSSD=y
EOC

echo NEED_SVCGSSD=y > /etc/default/nfs-kernel-server


touch /var/lib/krb5kdc/kadm5.acl

exportfs -rvaf


kdb5_util -r "${NFS_KRB_REALM}" create -s << EOL
${NFS_KRB_PWD}
${NFS_KRB_PWD}
EOL

echo "${DOMAIN}" > /etc/hostname

# setup logging

syslogd 
rpcdebug -m nfsd -s all
rpcdebug -m nfs -s all
rpcdebug -m rpc -s all
kadmin.local << EOS
addprinc ${NFS_KRB_PRINC}@${NFS_KRB_REALM}
${NFS_KRB_PWD}
${NFS_KRB_PWD}
ktadd -norandkey ${NFS_KRB_PRINC}@${NFS_KRB_REALM}
EOS

export OPTS_RPC_MOUNTD='--debug all -t 8 -N 3'
echo "OPTS_RPC_MOUNTD=\"${OPTS_RPC_MOUNTD}\"" >> /etc/conf.d/nfs
service nfs restart
kill `pidof rpcbind`
rpcbind -fd &> /var/log/rpcbind.log &
sleep 3
for i in "${SERVICES[@]}"; do
service "$i" start
done
rpc.svcgssd -vf &> /var/log/gssd.log &
cat /etc/krb5.conf

while true; do
	sleep 360
done