#!/usr/bin/env bash

echo "Don't forget to run the wireguard job first";

# Sort out log rotation
COPY "${JOBFILE_DIR}/wesher.logrotate" "/tmp/wesher.logrotate"
RUN "sudo mv /tmp/wesher.logrotate /etc/logrotate.d/wesher"
RUN "sudo chown root:root /etc/logrotate.d/wesher"

RUN "sudo apt-get update";

RUN "sudo apt-get install --yes wesher wesher-systemd";

RUN "sudo ufw allow 7946 comment wesher-gossip";
RUN "sudo ufw allow 51820/udp comment wesher-wireguard";

# Allow all traffic from the VPN; we don't actually know what ports Nomad will use
RUN "sudo ufw allow in on wgoverlay";

# Activate the new logging system
RUN "sudo systemctl restart logrotate"

# See the Keepass entry in our database for copy-paste commands to join nodes.
# Basically:
#	sudo wesher --cluster-key CLUSTER_KEY_HERE --join 172.16.230.100 --overlay-net 172.31.250.0/16 --log-level info
#	sudo systemctl enable --now wesher.service
#	sudo systemctl status wesher.service