#!/bin/bash

# setup_buildkit_config_rootless.sh
# 说明：此脚本用于配置 BuildKit 的 rootless 模式配置文件。

# 获取当前执行脚本的用户
CURRENT_USER=$(whoami)
echo "当前用户：$CURRENT_USER"

# BuildKit 配置文件路径
CONFIG_DIR="$HOME/.config/buildkit"
CONFIG_FILE="$CONFIG_DIR/buildkit.toml"
CONFIG_FILE_D="$CONFIG_DIR/buildkitd.toml"  # 新增 buildkitd.toml 文件路径

# 镜像源配置
declare -A mirrors
mirrors=(
  ["docker.io"]="https://docker.io https://docker.unsee.tech https://dockerhub.icu"
  ["registry.k8s.io"]="https://registry.k8s.io https://k8s.m.daocloud.io"
  ["docker.elastic.co"]="https://docker.elastic.co https://elastic.m.daocloud.io"
  ["gcr.io"]="https://gcr.io https://gcr.m.daocloud.io"
  ["ghcr.io"]="https://ghcr.io https://ghcr.m.daocloud.io"
  ["k8s.gcr.io"]="https://k8s.gcr.io https://k8s-gcr.m.daocloud.io"
  ["mcr.microsoft.com"]="https://mcr.microsoft.com https://mcr.m.daocloud.io"
  ["nvcr.io"]="https://nvcr.io https://nvcr.m.daocloud.io"
  ["quay.io"]="https://quay.io https://quay.m.daocloud.io"
  ["registry.jujucharms.com"]="https://registry.jujucharms.com https://jujucharms.m.daocloud.io"
  ["rocks.canonical.com"]="https://rocks.canonical.com https://rocks-canonical.m.daocloud.io"
)

# 创建配置目录
mkdir -p "$CONFIG_DIR"

# 生成 BuildKit 配置文件 buildkit.toml
echo "生成 BuildKit 配置文件 buildkit.toml..."
cat > "$CONFIG_FILE" <<EOF
[worker.oci]
  enabled = false

[worker.containerd]
  address = "/run/containerd/containerd.sock"
  enabled = true
  namespace = "buildkit"
  platforms = ["linux/amd64", "linux/arm64"]
  gc = true
  gckeepstorage = 9000
  snapshotter = "overlayfs"

# 注册表配置，包含多个镜像加速器
EOF

# 生成 BuildKit 配置文件 buildkitd.toml (复制 buildkit.toml 内容)
cp "$CONFIG_FILE" "$CONFIG_FILE_D"
echo "生成 BuildKit 配置文件 buildkitd.toml..."

# 添加镜像源到配置文件
echo "配置镜像加速器..."
for registry in "${!mirrors[@]}"; do
  IFS=' ' read -r server host1 host2 <<<"${mirrors[$registry]}"
  cat >> "$CONFIG_FILE" <<EOF

[registry."$registry"]
  mirrors = ["$host1", "$host2"]
  http = true
  insecure = true
EOF
done

# 将同样的镜像源配置追加到 buildkitd.toml
cat "$CONFIG_FILE" > "$CONFIG_FILE_D"

# 设置 /run/containerd/containerd.sock 权限
echo "配置 containerd.sock 的权限..."

# 创建 containerd 组（如果不存在）
sudo groupadd -f containerd

# 将当前用户添加到 containerd 组
sudo usermod -aG containerd "$CURRENT_USER"

# 设置 socket 文件的组和权限
sudo chgrp containerd /run/containerd/containerd.sock
sudo chmod 660 /run/containerd/containerd.sock

# 重启 BuildKit 服务
echo "重启 BuildKit 服务..."
systemctl --user daemon-reload
systemctl --user start buildkit.service
systemctl --user enable buildkit.service
sudo systemctl daemon-reload
sudo systemctl restart buildkit

# 提示用户重新登录以应用组权限更改
echo "完成。请重新登录会话以应用对组的更改，使 $CURRENT_USER 可以使用 /run/containerd/containerd.sock。"

# 输出完成信息
echo "BuildKit 配置文件已生成: $CONFIG_FILE 和 $CONFIG_FILE_D"
echo "镜像配置已设置完成，详细选项请参考官方文档：https://github.com/moby/buildkit/blob/master/docs/buildkitd.toml.md"