#!/bin/sh

set -e

usage() {
    printf 'Usage:\n'
    printf '%s [on|off|help|-h]\n' "$1"
    printf '\ton \t\tTurn on Docker isolation\n'
    printf '\toff \t\tTurn off Docker isolation\n'
    printf '\thelp, -h \tPrint this help\n'
    printf '\nNo arguments: print current Docker isolation status\n'
}

DOCKER_SERVICE_FILE=/lib/systemd/system/docker.service
CONTAINERD_SERVICE_FILE=/lib/systemd/system/containerd.service
DOCKER_SERVICE_OVERRIDE_FILE=/usr/share/docker.io/contrib/parsec/10-docker-isolate.conf
CONTAINERD_SERVICE_OVERRIDE_FILE=/usr/share/docker.io/contrib/parsec/10-containerd-isolate.conf
DOCKER_SERVICE_OVERRIDE_DIR=/etc/systemd/system/docker.service.d
DOCKER_SERVICE_OVERRIDE_LINK=$DOCKER_SERVICE_OVERRIDE_DIR/10-docker-isolate.conf
CONTAINERD_SERVICE_OVERRIDE_DIR=/etc/systemd/system/containerd.service.d
CONTAINERD_SERVICE_OVERRIDE_LINK=$CONTAINERD_SERVICE_OVERRIDE_DIR/10-docker-isolate.conf

check_file_exists() {
    if ! [ -f $1 ]; then
        >&2 printf 'Error: file %s does not exist\n' "$1"
        >&2 printf 'Please reinstall docker.io package\n'
        exit 1
    fi
}

check_sanity() {
    check_file_exists $DOCKER_SERVICE_FILE
    check_file_exists $CONTAINERD_SERVICE_FILE
    check_file_exists $DOCKER_SERVICE_OVERRIDE_FILE
    check_file_exists $CONTAINERD_SERVICE_OVERRIDE_FILE
}

check_root() {
    if [ "$EUID" -ne 0 ]; then
        printf 'You must be root to run this script\n'
        exit
    fi
}

print_isolation_status() {
    if [ -f $DOCKER_SERVICE_OVERRIDE_LINK ]; then
        printf 'on\n'
    else
        printf 'off\n'
    fi
}

remove_link() {
    rm -f $DOCKER_SERVICE_OVERRIDE_LINK
    rm -f $CONTAINERD_SERVICE_OVERRIDE_LINK
}

add_link() {
    mkdir -p $DOCKER_SERVICE_OVERRIDE_DIR
    ln -s $DOCKER_SERVICE_OVERRIDE_FILE $DOCKER_SERVICE_OVERRIDE_LINK
    mkdir -p $CONTAINERD_SERVICE_OVERRIDE_DIR
    ln -s $CONTAINERD_SERVICE_OVERRIDE_FILE $CONTAINERD_SERVICE_OVERRIDE_LINK
}

daemon_reload() {
    systemctl daemon-reload
}

isolation_on() {
    check_root
    check_sanity
    remove_link
    add_link
    daemon_reload
}

isolation_off() {
    check_root
    check_sanity
    remove_link
    daemon_reload
}

if [ $# -gt 1 ]; then
    >&2 printf 'Error: invalid argument count\n\n'
    >&2 usage $0
    exit 1
fi

if [ $# -eq 0 ]; then
    check_sanity
    print_isolation_status
    exit 0
fi

case $1 in
    on)
        isolation_on
        ;;
    off)
        isolation_off
        ;;
    help|-h)
        printf 'Docker isolation switch\n(c) AstraLinux 2020\n\n'
        usage $0
        ;;
    *)
        >&2 printf 'Error: invalid argument\n\n'
        >&2 usage $0
        exit 1
        ;;
esac
