#!/bin/bash -x
set -eE -o pipefail
trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?"' ERR

for x in /etc/*.pacorig; do
    mv $x ${x%.pacorig}
done

echo $hostname > /etc/hostname
ln -s /usr/share/zoneinfo/America/Los_Angeles /etc/localtime
l=en_US.UTF-8
echo "$l UTF-8" > /etc/locale.gen
locale-gen
echo "LANG=$l" > /etc/locale.conf
# if coming from windows, and you had to set the time, do this
# hwclock --systohc --utc

# A password is required to access the  volume:
# Command requires device and ampped name as arguments

# If we were using btrfs raid, we supposedly would need this.
# # add btrfs as module instead of hook due to
# # https://wiki.archlinux.org/index.php/Btrfs,
# # https://bugs.archlinux.org/task/42884
# # disabled, as with just the module, startup spammed something about
# # command takes a device name and something else.
# sed -ri '/^ *MODULES *=.*btrfs/!s/^( *MODULES *=.*)"/\1 btrfs"/' /etc/mkinitcpio.conf
# # remove extra space
# sed -ri 's/^( *MODULES *=[^"]*)" */\1"/' /etc/mkinitcpio.conf

# https://wiki.archlinux.org/index.php/Dm-crypt/Encrypting_an_entire_system#Configuring_mkinitcpio_2
# used to have lvm2 after encrypt for lvm.
for x in encrypt encrypt1 btrfs; do sed -ri -f - /etc/mkinitcpio.conf <<EOF
/^ *HOOKS.*\b$x\b/!s/^( *HOOKS=.*)filesystems/\1$x filesystems/
EOF
done



# for desktop without full fs encryption, use this:
#cat > /etc/crypttab <<'EOF'
#tmp  /dev/lvm/tmp  /dev/urandom  tmp,cipher=aes-xts-plain64,size=256

# otgherwise ERROR: file not found: `fsck.btrfs'
pacman -S --noconfirm btrfs-progs

pacman -S --noconfirm grub gptfdisk

if [[ $hostname == x2 || $hostname == demohost ]]; then
    echo "$0: fstab:"
    cat /etc/fstab
    # https://wiki.archlinux.org/index.php/Dm-crypt/System_configuration#Boot_loader
    # if cryptdevice was lvm, it woulde be in this format,
    # where x2-vg is from lvdisplay, VG Name field.
    # cryptdevice=/dev/disk/by-uuid/585dff23-136f-446f-815f-01053b70c957:x2-vg
    # but, if you are using your own fstab, it seems you just give it a name,
    # which will be the crypt device name under /dev/mapper/
    # https://wiki.archlinux.org/index.php/GRUB#Additional_arguments
    crypt_dev=(/dev/?da3)
    crypt_name=crypt_dev_${crypt_dev##/dev/}
    k_args=(
        cryptdevice=$crypt_dev:$crypt_name:allow-discards
        root=/dev/mapper/$crypt_name
        resume=${crypt_dev%3}2
    )
    crypt_mapper_devs=(/dev/mapper/crypt_dev_?d[a-z]3)
    keyfile_vars=()
    for ((i=1; i < ${#crypt_mapper_devs[@]}; i++)); do
        ((i!=1)) || dup_keys=(" ")
        cp /crypto_keyfile.bin /crypto_keyfile$i.bin
        dup_keys+=(/crypto_keyfile$i.bin)
        base=/usr/lib/initcpio
        cp $base/hooks/encrypt{,$i}
        cp $base/install/encrypt{,$i}
        sed -i "s/cryptdevice/cryptdevice$i/" $base/hooks/encrypt$i
        sed -i "s/cryptkey/cryptkey$i/" $base/hooks/encrypt$i
        crypt_name=${crypt_mapper_devs[i]#/dev/mapper/}
        crypt_dev=/dev/${crypt_name#crypt_dev_}
        k_args+=(cryptdevice$i=$crypt_dev:$crypt_name:allow-discards
                 cryptkey$i=rootfs:/crypto_keyfile$i.bin)
    done
    # this is the default file, otherwise you use cryptkey=device:fstype:path
    sed -ri -f - /etc/mkinitcpio.conf <<EOF
s#^\s*FILES=.*#FILES="/crypto_keyfile.bin${dup_keys[*]}"#
EOF
    echo "$0: FILES:"
    grep FILES /etc/mkinitcpio.conf
    k_args="${k_args[*]}"
    echo "$0: grub cmdline additions: $k_args"
    sed -ri -f - /etc/default/grub <<EOF
\%$k_args%!s%^ *GRUB_CMDLINE_LINUX_DEFAULT *= *"%\0$k_args %
EOF
fi

mkinitcpio -p linux


# remove the default quiet arg.
# this doesn't seem to affect anything, so leave it alone.
#sed -ri 's/^( *GRUB_CMDLINE_LINUX_DEFAULT *= *.*) ?\bquiet\b(.*)/\1\2/' /etc/default/grub

# https://wiki.archlinux.org/index.php/GRUB#Install_to_disk
grub-install --recheck $grubdisk
grub-mkconfig -o /boot/grub/grub.cfg
pacman -S --noconfirm openssh unison

echo "root:$ROOTPW" | chpasswd -e

pacman -S --noconfirm sudo

useradd -m -p "$ROOTPW" ian

/root/distro-install-common/end
systemctl enable sshd

rm -rf /home/ian/.ssh
cp -r /root/.ssh /home/ian
chown ian:ian /home/ian/.ssh
# the groups recommended by
# https://wiki.archlinux.org/index.php/Users_and_groups#Group_list
usermod -aG games,rfkill,users,uucp,wheel ian

# setup a bridge, so we can have 1st class vms.
cat > /etc/systemd/network/wired.network <<EOF
[Match]
Name=en*

[Network]
Bridge=br0
EOF

cat > /etc/systemd/network/br0.network <<EOF
[Match]
Name=br0

[Network]
DHCP=ipv4
EOF

pacman -S --noconfirm net-tools # for route
mac=$(cat /sys/class/net/$(route -n | sed -rn 's/^0\.0\.0\.0.*[[:space:]]([^[:space:]]+)[[:space:]]*$/\1/p')/address)
cat > /etc/systemd/network/br0.netdev <<EOF
[NetDev]
Name=br0
Kind=bridge
# use the same mac as the physical port,
# which is mapped to a static ip in our dhcp server.
MACAddress=$mac
EOF

for x in networkd resolved; do systemctl enable systemd-$x; done