import { Alpine } from "../alpine.js";
import { Runit } from "../runit/index.js";
import { FluentBitParser, runitLokiLogger } from "../software/fluentbit.js";

export async function setupNtpsec(alpine: Alpine, runit: Runit) {
  await alpine.addPackages(["ntpsec"]);

  // In the ntpsec-doc package, open in browser:
  // file:///usr/share/doc/ntpsec/quick.html
  // file:///usr/share/doc/ntpsec/NTS-QuickStart.html
  // XXX: revisar driftfile, creo que tiene que poder escribir pero está readonly
  await alpine.writeFile(
    "/etc/ntp.conf",
    `
driftfile /var/lib/ntp/ntp.drift

restrict default kod limited nomodify nopeer noquery
restrict 127.0.0.1
restrict ::1

# https://gist.github.com/jauderho/2ad0d441760fc5ed69d8d4e2d6b35f8d

server time.cloudflare.com nts iburst
server nts.ntp.se nts iburst

# https://nts.time.nl/
server ntppool1.time.nl nts iburst
server ntppool2.time.nl nts iburst

# https://system76.com/time/
server paris.time.system76.com nts iburst
server brazil.time.system76.com nts iburst

# https://www.netnod.se/netnod-time/how-to-use-nts
server sth1.nts.netnod.se nts iburst
server sth2.nts.netnod.se nts iburst

# https://ntp.br/guia/linux/
server a.st1.ntp.br nts iburst
server b.st1.ntp.br nts iburst
server c.st1.ntp.br nts iburst
server d.st1.ntp.br nts iburst
server gps.ntp.br nts iburst
`
  );

  await runit.addService(
    "ntpsec",
    `#!/bin/sh
exec ntpd --nice --nofork --panicgate --user=ntp
`,
    runitLokiLogger(FluentBitParser.Ntpsec, "ntpsec")
  );
}