#!/bin/bash
set -euo pipefail

filesdir="$(realpath "$(dirname "$0")")"
cd "$filesdir"

ghcup_base=$(ghcup whereis basedir)

chroot="${filesdir}/ubuntu-base"

args=(
  # 10MiB disk
  # Note: this --size option is implemented in
  #   https://github.com/containers/bubblewrap/pull/509
  --size 10485760 --tmpfs /
  --dir /tmp
  --ro-bind "${chroot}/bin" /bin
  --ro-bind "${chroot}/usr/bin" /usr/bin
  --ro-bind "${chroot}/usr/lib" /usr/lib
  --ro-bind "${chroot}/usr/include" /usr/include
  --ro-bind "${chroot}/lib" /lib
  --ro-bind "${chroot}/lib64" /lib64
  --dir "${ghcup_base}"
  --ro-bind "${ghcup_base}/bin"   "${ghcup_base}/bin"
  --ro-bind "${ghcup_base}/ghc"   "${ghcup_base}/ghc"
  --ro-bind "${ghcup_base}/cache" "${ghcup_base}/cache"
  --ro-bind "${filesdir}/workdir" /workdir
  --setenv PATH "/bin:/usr/bin:${ghcup_base}/bin"
  --setenv GHCUP_INSTALL_BASE_PREFIX "$(dirname "${ghcup_base}")"
  --proc /proc
  --chdir "/workdir"
  --new-session
  --unshare-all
  --die-with-parent
  /bin/bash "/workdir/entry.sh"
)

# Turn off core files
ulimit -c 0

# Limit on the number of processes
ulimit -u 10000

# Limit memory to 500 MiB.
ulimit -d $(( 500 * 1024 ))

exec bwrap "${args[@]}"