#!/bin/bash -x

set -eE -o pipefail
trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR

if [[ $EUID != 0 ]]; then
  echo "$0: error: expected to be root."
  exit 1
fi


# -r = recursive
# -i = ignore non-matching class warnings, always exit 0
# -B = no backup files
fcopy -riBM /boot



chpw() {
  # generating a hashed password:
  # under debian, you can do
  # mkpasswd -m sha-512 -s >/q/root/shadow/standard
  # On arch, best seems to be copy your shadow file to a temp location,
  # then passwd, get out the new pass, then copy the shadow file back.

  user=$1
  pwfile=$2
  if [[ $pwfile && -e $pwfile ]]; then
    printf "$user:" | cat - "$pwfile" | $ROOTCMD chpasswd -e
  else
    echo "$0: warning: no pw set for $user" >&2
  fi
}

chpw root $FAI/distro-install-common/shadow/community0p


#### misc configurations
chroot $FAI_ROOT bash <<'EOFOUTER'
if getent group systemd-journal >/dev/null; then
  # makes the journal be saved to disk.
  mkdir -p /var/log/journal
  chmod 755 /var/log/journal
fi
debconf-set-selections <<EOF
kexec-tools kexec-tools/load_kexec boolean false
EOF
apt-get install -y pxe-kexec

# this is usefull. Only thing reason I see this being disabled by default is
# that a normal user can disrupt the system, eg cause a reboot.
sed -i '$a kernel.sysrq=1
/^kernel.sysrq=/d' /etc/sysctl.conf

EOFOUTER

speed=115200
cmdline="rd.luks.crypttab=no net.ifnames=0 console=ttyS0,${speed}n8 console=tty0"

# per rubens suggestion to make a d16 more stable
cmdline+=" pci=realloc=off"

cat >$FAI_ROOT/etc/grub.d/40_custom <<EOF
#!/bin/sh
exec tail -n +3 \$0
# This file provides an easy way to add custom menu entries.  Simply type the
# menu entries you want to add after this comment.  Be careful not to change
# the 'exec tail' line above.

# https://www.coreboot.org/Serial_console # tty
# but removed unneeded stuff

serial --speed=$speed
terminal_input --append  serial
terminal_output --append serial
EOF


chroot $FAI_ROOT bash <<EOF
set -eE -o pipefail
# https://askubuntu.com/questions/33416/how-do-i-disable-the-boot-splash-screen-and-only-show-kernel-and-boot-text-inst

sed -ri 's/(^GRUB_CMDLINE_LINUX_DEFAULT=")quiet/\1/;s/^(GRUB_CMDLINE_LINUX_DEFAULT=".*) quiet([ "])/\1\2/' /etc/default/grub
sed -ri 's/(^GRUB_CMDLINE_LINUX_DEFAULT=")splash/\1/;s/^(GRUB_CMDLINE_LINUX_DEFAULT=".*) splash([ "])/\1\2/' /etc/default/grub

for arg in $cmdline; do
  if ! grep "^GRUB_CMDLINE_LINUX_DEFAULT=.*[\" ]${arg//./\\.}[\" ]" /etc/default/grub; then
    sed -ri "s/^GRUB_CMDLINE_LINUX_DEFAULT=\"(.*)/GRUB_CMDLINE_LINUX_DEFAULT=\"$arg \1/" /etc/default/grub
  fi
done

if grep -qF "$cmdline" /etc/default/grub; then
  # already set things, exit
  exit 0
fi
sed -ri 's/^ *GRUB_CMDLINE_LINUX_DEFAULT=.*/GRUB_CMDLINE_LINUX_DEFAULT="$cmdline"/' /etc/default/grub
# on xenial, no grub is displayed at all. fix that.
# found just by noticing this in the config file, and a
# warning about it in error.log
sed -i '/^ *GRUB_HIDDEN_TIMEOUT/d' /etc/default/grub

if type -P update-grub2 &>/dev/null; then
  update-grub2
else
  update-grub
fi

EOF


  cat > $target/etc/network/interfaces <<-EOF
# generated by FAI
auto lo eth0
iface lo inet loopback
iface eth0 inet dhcp
iface eth0 inet6 auto

source-directory /etc/network/interfaces.d
EOF

  # previously had an else condition after
  #elif ifclass VM || ifclass LINODE; then
  # iface $NIC1 inet manual
  # iface br0 inet dhcp
  #   bridge_ports $NIC1
  #   bridge_stp off
  #   bridge_maxwait 0
  # however, on t9, on startup, br0, became
  # rename1 and didn't come up. i dunno why,
  # but the bridge is for vms that I rarely use,
  # so not bothering to figure it out.




if ifclass LINODE; then
  mkdir -p $target/etc/initramfs-tools/conf.d
  cat >$target/etc/initramfs-tools/conf.d/mine <<EOF
# dhcp in initramfs doesn't work on linode. i dunno why, whatever.
# man 5 initramfs.conf
# /usr/share/doc/klibc-utils/README.ipconfig.gz
# /usr/share/initramfs-tools/scripts/functions
IP=$linode_ip::$linode_gw:255.255.255.0::eth0:off
EOF


  if [[ $HOSTNAME == li ]]; then

    cat > $target/etc/network/interfaces <<-EOF
# generated by FAI
auto lo eth0
iface lo inet loopback
iface eth0 inet dhcp
# for the standard network config, uncomment this and comment the lines after it.
#iface eth0 inet6 auto

iface eth0 inet6 static
# this is really a /128. it seems like we need to assign it for ipv6 to work.
address 2600:3c00::f03c:91ff:fe6d:baf8/64
gateway fe80::1

iface eth0 inet6 static
# from a requested /64 pool
address 2600:3c00:e000:280::2/64

source-directory /etc/network/interfaces.d
EOF
  fi
fi

# I prefer to stick with ifup/down for now. a. networkd is not in its
# own package, so cant use in other init systems. b. it works fine.
chroot $FAI_ROOT bash <<EOF
systemctl disable systemd-networkd.socket systemd-networkd networkd-dispatcher systemd-networkd-wait-online
systemctl mask systemd-networkd.socket systemd-networkd networkd-dispatcher systemd-networkd-wait-online
EOF

##### end network setup  #####


if ifclass VOL_BULLSEYE_BOOTSTRAP; then
  fcopy /etc/systemd/system/faicheck.service
  chroot $FAI_ROOT bash <<'EOFOUTER'
systemctl enable faicheck.service
EOFOUTER
  exit 0 # avoid unnecessary stuff in bootstrap vol
fi


## misc settings
chroot $FAI_ROOT bash <<'EOFOUTER'
#### begin .ssh setup ###
set -x
set -eE -o pipefail
if ! [[ -s /home/iank/.ssh/authorized_keys ]]; then
  mkdir -p /home/iank/.ssh
  f=/root/.ssh/authorized_keys
  if [[ -e $f ]]; then
     cp $f /home/iank/.ssh
  fi
  chown -R 1000:1000 /home/iank/.ssh
  chmod -R u=Xrw,og= /home/iank/.ssh
  rm -rf /root/.ssh
  # remove broken symlinks or the following cp will fail
  find /home/iank/.ssh -xtype l -exec rm '{}' \;
  cp -rL /home/iank/.ssh /root
  chown -R root:root /root/.ssh
  chmod 700 /root/.ssh
fi

# old link from
# # https://ticktockhouse.svbtle.com/my-obligatory-ubuntu-ssh-agent-post
# but that made a service that started too soon and didn't pick up our
# x env vars. instead, copy from the root ssh-agent just the
# appropriate things into a new service.
rm -f /home/iank/.config/systemd/user/default.target.wants/ssh-agent.service

rm -f /home/iank/.local/share/systemd/user/sshaiank.service \
  /home/iank/.config/systemd/user/default.target.wants/sshaiank.service

#### end .ssh setup ###

## duplicated in ssh-emacs-setup
# done here so its setup earlier for convenience
line='AcceptEnv INSIDE_EMACS BRC COLUMNS'
f=/etc/ssh/sshd_config
grep -xFq "$line" $f || tee -a $f <<<"$line"


# default debian groups (jessie through buster) + adm, root, admin
for g in cdrom floppy audio dip video plugdev netdev adm sudo admin; do
  if getent group $g >/dev/null; then
    usermod -aG $g iank
  fi
done

if getent group systemd-journal >/dev/null; then
  usermod -aG systemd-journal iank
fi
EOFOUTER

rm -f $target/etc/resolv.conf
ln -s ../run/systemd/resolve/stub-resolv.conf $target/etc/resolv.conf
# needed for bitfolk image
if [[ -e /a/bin/fai/fai-wrapper ]]; then
  systemctl enable systemd-resolved
  systemctl start systemd-resolved
fi



# reading through the groups that iank is in but user2 isn't,
for g in plugdev audio video cdrom; do
  $ROOTCMD usermod -a -G $g user2
done