#!/usr/bin/env bash

set -e
rm -rf "$DEST"

if ! command -v dockerd &> /dev/null; then
	echo >&2 'error: binary-daemon or dynbinary-daemon must be run before run'
	false
fi

DOCKER_COMMAND="$(command -v dockerd)"

DOCKER_GRAPHDRIVER=${DOCKER_GRAPHDRIVER:-vfs}
DOCKER_USERLANDPROXY=${DOCKER_USERLANDPROXY:-true}

# example usage: DOCKER_STORAGE_OPTS="dm.basesize=20G,dm.loopdatasize=200G"
storage_params=""
if [ -n "$DOCKER_STORAGE_OPTS" ]; then
	IFS=','
	for i in ${DOCKER_STORAGE_OPTS}; do
		storage_params="--storage-opt $i $storage_params"
	done
	unset IFS
fi

listen_port=2375
if [ -n "$DOCKER_PORT" ]; then
	listen_port="${DOCKER_PORT##*:}"
fi

if [ -n "$DELVE_PORT" ]; then
	delve_listen_port="${DELVE_PORT##*:}"
fi

extra_params="$DOCKERD_ARGS"
if [ "$DOCKER_REMAP_ROOT" ]; then
	extra_params="$extra_params --userns-remap $DOCKER_REMAP_ROOT"
fi

if [ -n "$DOCKER_EXPERIMENTAL" ]; then
	extra_params="$extra_params --experimental"
fi

socket=/var/run/docker.sock
if [ -n "$DOCKER_ROOTLESS" ]; then
	user="unprivilegeduser"
	uid=$(id -u $user)
	# shellcheck disable=SC2174
	mkdir -p -m 700 "/tmp/docker-${uid}"
	chown $user "/tmp/docker-${uid}"
	socket=/tmp/docker-${uid}/docker.sock
fi

# shellcheck disable=SC2206
args=(
	--debug
	--host="tcp://0.0.0.0:${listen_port}"
	--host="unix://${socket}"
	--storage-driver="${DOCKER_GRAPHDRIVER}"
	--userland-proxy="${DOCKER_USERLANDPROXY}"
	--tls=false
	$storage_params
	$extra_params
)

dockerd=("$DOCKER_COMMAND")

if [ -n "$DELVE_PORT" ]; then
	dockerd=(
		dlv
		--listen="0.0.0.0:$delve_listen_port"
		--headless=true
		--log
		--api-version=2
		--only-same-user=false
		--check-go-version=false
		--accept-multiclient
		exec "${dockerd[@]}" --
	)
fi

if [ -n "$DOCKER_ROOTLESS" ]; then
	dockerd=(
		sudo -u "$user"
		-E DOCKERD="${dockerd[*]}"
		-E XDG_RUNTIME_DIR="/tmp/docker-${uid}"
		-E XDG_CONFIG_HOME="/home/${user}/.config"
		-E HOME="/home/${user}"
		--
		dockerd-rootless.sh
	)
fi

# On a host using nftables, the ip6_tables kernel module may need to be loaded.
# This trick is borrowed from the docker (dind) official image ...
# "modprobe" without modprobe
#   https://twitter.com/lucabruno/status/902934379835662336
# This isn't 100% fool-proof, but it'll have a much higher success rate than
# simply using the "real" modprobe (which isn't installed in the dev container).
if ! ip6tables -nL > /dev/null 2>&1; then
	ip link show ip6_tables > /dev/null 2>&1 || true
	if ! ip6tables -nL > /dev/null 2>&1; then
		echo >&2 'ip6tables is not available'
	fi
fi

set -x
# shellcheck disable=SC2086
exec "${dockerd[@]}" "${args[@]}"
