use std::collections::HashMap;

use oci_spec::runtime;
use serde::Deserialize;
use serde_json::json;

use crate::unshare;

pub fn generate_spec(run: &str, env: &HashMap<String, String>) -> runtime::Spec {
	let env_entries: Vec<String> = env.iter().map(|(k, v)| format!("{}={}", k, v)).collect();
	runtime::Spec::deserialize(json!({
		"ociVersion": "1.0.2",
		"process": {
			"terminal": false,
			"user": {
				"uid": unshare::BUILD_UID.as_raw(),
				"gid": unshare::BUILD_GID.as_raw(),
			},
			"args": [
				"sh",
				"-ec",
				run
			],
			"env": env_entries,
			"cwd": "/home/build",
			"noNewPrivileges": true
		},
		"root": {
			"path": "../rootfs",
			"readonly": true
		},
		"hostname": "rebel-builder",
		"mounts": [
			{
				"destination": "/home/build",
				"type": "none",
				"source": "workdir",
				"options": [
					"bind"
				]
			},
			{
				"destination": "/opt/sysroot",
				"type": "none",
				"source": "depends/opt/sysroot",
				"options": [
					"bind",
					"ro"
				]
			},
			{
				"destination": "/tmp",
				"type": "tmpfs",
				"source": "tmp",
				"options": [
					"nodev",
					"nosuid",
					"mode=1777",
					"size=65536k"
				]
			},
			{
				"destination": "/proc",
				"type": "proc",
				"source": "proc"
			},
			{
				"destination": "/dev",
				"type": "tmpfs",
				"source": "tmpfs",
				"options": [
					"nosuid",
					"strictatime",
					"mode=755",
					"size=65536k"
				]
			},
			{
				"destination": "/dev/pts",
				"type": "devpts",
				"source": "devpts",
				"options": [
					"nosuid",
					"noexec",
					"newinstance",
					"ptmxmode=0666",
					"mode=0620",
					"gid=5"
				]
			},
			{
				"destination": "/dev/shm",
				"type": "tmpfs",
				"source": "shm",
				"options": [
					"nosuid",
					"noexec",
					"nodev",
					"mode=1777",
					"size=65536k"
				]
			},
			{
				"destination": "/dev/mqueue",
				"type": "mqueue",
				"source": "mqueue",
				"options": [
					"nosuid",
					"noexec",
					"nodev"
				]
			},
			{
				"destination": "/sys",
				"type": "sysfs",
				"source": "sysfs",
				"options": [
					"nosuid",
					"noexec",
					"nodev",
					"ro"
				]
			},
			{
				"destination": "/sys/fs/cgroup",
				"type": "cgroup",
				"source": "cgroup",
				"options": [
					"nosuid",
					"noexec",
					"nodev",
					"relatime",
					"ro"
				]
			}
		],
		"linux": {
			"resources": {
				"devices": [
					{
						"allow": false,
						"access": "rwm"
					}
				]
			},
			"namespaces": [
				{
					"type": "pid"
				},
				{
					"type": "network"
				},
				{
					"type": "ipc"
				},
				{
					"type": "uts"
				},
				{
					"type": "mount"
				}
			],
			"maskedPaths": [
				"/proc/acpi",
				"/proc/asound",
				"/proc/kcore",
				"/proc/keys",
				"/proc/latency_stats",
				"/proc/timer_list",
				"/proc/timer_stats",
				"/proc/sched_debug",
				"/sys/firmware",
				"/proc/scsi"
			],
			"readonlyPaths": [
				"/proc/bus",
				"/proc/fs",
				"/proc/irq",
				"/proc/sys",
				"/proc/sysrq-trigger"
			]
		}
	}))
	.unwrap()
}