#!/bin/sh
echo Lightsail: Initializing Instance.
cat > /etc/ssh/lightsail_instance_ca.pub << EOF
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCasldL7JHqFuYadVmFjXtQ2KdyZk7JtjCmdX0aBaJjkf6LPpt9Nc+mtILfAEPYld6fmgMYX5Lb8xo1RcKl85RFtYDA8PG+Qb3AywH474/A8amSP217XCcAHX9+SUENG2GS/APDrqMxLa1BWKM413Q+DV2uFpuQlD9pxiJoHtHpXTjM68BRN7F6D0RoDfJNklrLWua6zIGQVcqmPRjcvPFjQ377wpGwRJ/3ctEw6VjjpjRGGS3/0Y4d3ZuBeTKMG+nHbkvRJL9xsNzJEwlQAESg5QUkhu6/Rzv8NK0he8VJzuk7Ll4RbffeyRGk3yFJi8ROZw4K5GQP6M6MfUMWwr90S0D1JG8WCGBDrfMg4obPDoAc9wmRPAQds6D8XCVlAr9b2pTNnqefMvV8LoCelwv/mfgBY9HMbHtf1rKLAo2OqP+/eP66i3NjytgzSisC8dLKEwCJyu/dUoR7wMwCtMs/HhmVyS/vvYhJ63OTGlcQcVGpl/uDUULOAu1Zj75r4GbpUF0Dcg6+19Fi2GkrywX3M0CM8wLdejA7aPRD54pj6T3adKxdnSPZi5oVwrUI1qWgMNSV+asSAu58YvbEU20LzZov8kBcQlnmH3dvc/Pe4zG6PdS8KJsUPD6Ea4XZ3//GlywUq6CwTVTXNkcgC7eYE5A1Nlf99srSiBoAL6bVSQ==
EOF
echo Lightsail: SSH CA PubKey created.
echo >> /etc/ssh/sshd_config
echo 'TrustedUserCAKeys /etc/ssh/lightsail_instance_ca.pub' >> /etc/ssh/sshd_config
echo Lightsail: SSH CA PubKey regstrd.

service ssh restart
echo Lightsail: ssh restarted.
readonly pw_pathname=/home/bitnami/bitnami_application_password
touch $pw_pathname
chmod 600 $pw_pathname
chown bitnami.bitnami $pw_pathname

if [ -f /var/log/boot.log ]; then
   cmd='cat $(ls -d1tr /var/log/boot.log*)'
elif [ -f /var/log/syslog ]; then
   cmd='cat $(ls -d1tr /var/log/syslog*)'
else
   cmd='/usr/bin/journalctl -u bitnami --since -2h'
fi
sleep_time=3
total_time=0
if [ ! -s $pw_pathname ]; then
  until [ $total_time -ge "600" ]; do
  password=$( eval "$cmd" | grep -a "Bitnami application password" | tail -n1 | grep -oE "'(.*?)'" | tr -d "'" )
  if [ -n "$password" ]; then
    echo $password >> $pw_pathname
    echo Lightsail: Bitnami app password stored in $pw_pathname
    break
  fi
  echo no password found, will retry in $sleep_time seconds
  total_time=$(( total_time + sleep_time ))
  sleep $sleep_time
  done
fi