#!/bin/bash
set -euo pipefail

# If provided, extract ssh.zip to /root/.ssh (not baked into the image)
SSH_ZIP_PATH="/shared/ssh.zip"
SSH_ZIP_DEST="/root/.ssh"

if [ -f "$SSH_ZIP_PATH" ]; then
	mkdir -p "$SSH_ZIP_DEST"
	chmod 700 "$SSH_ZIP_DEST"

	echo "[rego-tunnel] Extracting $SSH_ZIP_PATH -> $SSH_ZIP_DEST"
	# Exclude editor swap/backup files; overwrite existing.
	7z x -y -aoa -o"$SSH_ZIP_DEST" "$SSH_ZIP_PATH" \
		-x!*.swp -x!*.swo -x!*.swx -x!*~ -x!.DS_Store >/dev/null

	find "$SSH_ZIP_DEST" -type d -exec chmod 700 {} \;
	find "$SSH_ZIP_DEST" -type f -exec chmod 600 {} \;
else
	echo "[rego-tunnel] No $SSH_ZIP_PATH found; skipping SSH zip extraction"
fi

# Wait for network setup
sleep 2

TAP_NAME="${TAP_NAME:-tap0}"

exec qemu-system-x86_64 \
	-enable-kvm \
	-cpu host \
	-m ${VM_RAM:-8G} \
	-smp ${VM_CPUS:-4} \
	-hda /vm/linux-vm.qcow2 \
	-fsdev local,id=fsdev0,path=/shared,security_model=none,multidevs=remap \
	-device virtio-9p-pci,fsdev=fsdev0,mount_tag=shared \
	-netdev tap,id=net0,ifname="$TAP_NAME",script=no,downscript=no \
	-device virtio-net-pci,netdev=net0,mac=52:54:00:12:34:56 \
	-vnc :0 \
	-vga virtio \
	-usb \
	-device usb-tablet