#!/usr/bin/bash

set -e
set -o errtrace

vm_name="$2"
if [ "$vm_name" = "" ]; then
    vm_name="sys-whonix"
fi

error_handler() {
    local exit_code="$?"
    echo "INFO: BASH_COMMAND '$BASH_COMMAND' terminated with exit_code '$exit_code'. Remote support will not work." >&2
    exit "$exit_code"
}

trap error_handler ERR

no_root_check() {
    if [ "$(id -u)" = "0" ]; then
        echo "ERROR: Do not run $0 as root / with sudo!" >&2
        exit 100
    fi
}

dom0_check_rpc_policy() {
    local append_string

    if ! test -f /etc/qubes-rpc/policy/qubes.ConnectTCP+22 ; then
        exit 2
    fi

    append_string="$vm_name dom0 allow,target=dom0"

    if grep -q "$append_string" /etc/qubes-rpc/policy/qubes.ConnectTCP+22 ; then
        echo "INFO: /etc/qubes-rpc/policy/qubes.ConnectTCP+22 looks OK."
    else
        echo "INFO: /etc/qubes-rpc/policy/qubes.ConnectTCP+22 missing line
$append_string
remote support will not work." >&2
        exit 3
    fi
}

check_vm_started() {
    if qvm-check --running "$vm_name" ; then
        echo "INFO: VM '$vm_name' already running, ok."
    else
        exit 3
    fi
}

check_vm_status() {
    ## --pass-io is optional but useful for gathering debug output.

    qvm-run --user root --pass-io "$vm_name" "systemctl status --no-pager --no-block qubes-whonix-remote-support.service"
    qvm-run --user root --pass-io "$vm_name" "systemctl status --no-pager --no-block tor@default.service"
}

dom0_check_sshd_status() {
    sudo --non-interactive systemctl --no-pager --no-block status sshd.service
}

no_root_check

## If dom0 SSH server is not running, there is no way to remote administrate dom0.
## However, the onion v3 service might still be running inside $vm_name in case
## of a race condition.
dom0_check_sshd_status

dom0_check_rpc_policy
check_vm_started
check_vm_status

echo "INFO: Success."
