#!/bin/sh
echo Lightsail: Initializing Instance.
cat > /etc/ssh/lightsail_instance_ca.pub << EOF
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDBka5pRWpL2Udj6zviEbJ/RQZi4CSTdGESCSmSWbaf9I7hbqJ2LF0bRlQvurrH8fjmkbyunyVCdTTBAcNQh0d40/rvR/1ZGn7CbaD9UtWZAAfEIDcqBZ56hLN1gUwxbkqhWzTLicwpWAl/hMHotkyJROxLQ6/k+IH1nzCunkAtFisP+WFBeWOrwMpeTg9MwWq6XU+SaZ18m1KbmaYn0WljnAcyQ785vRWfqhW8L7TDfPOT+YQhFlFMb009RUU58wAAr9q44Au93q+11ClJOWXqSYCxAVp10S14LTk6sjFpOe582UniQ1D1Z7jtRyPHSRL71csuEhxJbTY+/Z0pgqv9UfeDjCDe7tm6y18Fh7tOHsXlwNssQVmkuuXpCQkd9OoFPG06QgFxSsaB90WT08NjIrxKn9Lq5VpYT9zglqIeb9eS8l0TbpBrSzZXQ/sXSLRMyre5AtY9mY5PBfAZ20NJgEhpMlTXpXnHDBeGDDwi5jr3R8zcvVUEENsUUBnf6sF3/r/xYmUswxhsxGjVPjLPzSGs+uRN2qTUoEu34lNAjbtc9UQV9YBS+JCSIK0M6KQQ8YXaHMw6dothSUe0082P6pw/86sQ5o3Vcfb/X367V627F6rMOprDgqMrhoUiKAJ2Ysw20T4Qk+WIozFKANi9snXQyB9wMj28RajxrbnI3w==
EOF
echo Lightsail: SSH CA PubKey created.
echo >> /etc/ssh/sshd_config
echo 'TrustedUserCAKeys /etc/ssh/lightsail_instance_ca.pub' >> /etc/ssh/sshd_config
echo Lightsail: SSH CA PubKey regstrd.

service ssh restart
echo Lightsail: ssh restarted.
readonly pw_pathname=/home/bitnami/bitnami_application_password
touch $pw_pathname
chmod 600 $pw_pathname
chown bitnami.bitnami $pw_pathname

if [ -f /var/log/boot.log ]; then
   cmd='cat $(ls -d1tr /var/log/boot.log*)'
elif [ -f /var/log/syslog ]; then
   cmd='cat $(ls -d1tr /var/log/syslog*)'
else
   cmd='/usr/bin/journalctl -u bitnami --since -2h'
fi
sleep_time=3
total_time=0
if [ ! -s $pw_pathname ]; then
  until [ $total_time -ge "600" ]; do
  password=$( eval "$cmd" | grep -a "Bitnami application password" | tail -n1 | grep -oE "'(.*?)'" | tr -d "'" )
  if [ -n "$password" ]; then
    echo $password >> $pw_pathname
    echo Lightsail: Bitnami app password stored in $pw_pathname
    break
  fi
  echo no password found, will retry in $sleep_time seconds
  total_time=$(( total_time + sleep_time ))
  sleep $sleep_time
  done
fi