#!/bin/bash -x

set -eE -o pipefail
trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR

if [[ $EUID != 0 ]]; then
  echo "$0: error: expected to be root."
  exit 1
fi

if ! type -t fcopy &>/dev/null; then
  sudo apt-get -y install fai-client
fi

if [[ -e /a/bin/fai/fai-wrapper ]]; then
  chroot() {
    shift
    "$@"
  }
fi



# -r = recursive
# -i = ignore non-matching class warnings, always exit 0
# -B = no backup files
fcopy -riB /boot
# this is also done by FABASE/10-misc by default (without B)
fcopy -riB /root


src=$FAI/distro-install-common/shadow
dst=/q/root/shadow
if [[ ! -e $dst && -e $src ]]; then
  # outside of fai context, we skip this
  mkdir -p $dst
  mount -o bind $src $dst
fi

$FAI/distro-install-common/end



### begin sources install + updates
# these get copied in an earlier stage by fai, but leaving it here since
# I run this as a single post-fai script to update things that have changed.
tmpfile1=$(mktemp)
# this can fail if we need an apt update
chroot $FAI_ROOT /usr/bin/apt-cache policy >$tmpfile1 ||:
fcopy -riBM /etc/apt
tmpfile2=$(mktemp)
chroot $FAI_ROOT /usr/bin/apt-cache policy >$tmpfile2
if ! diff -q $tmpfile1 $tmpfile2; then
  chroot $FAI_ROOT /usr/bin/apt update
fi
# outside of fai, this seems to regularly lead to
# E: Could not get lock /var/lib/apt/lists/lock - open (11: Resource temporarily unavailable)
# so add a sleep. 1 sec is probably way more than needed.
sleep 1
f=$FAI_ROOT/var/cache/apt/pkgcache.bin
if [[ ! -r $f ]] || (( $(( $(date +%s) - $(stat -c %Y $f ) )) > 60*60*2 )); then
  i=0
  while fuser $FAI_ROOT/var/lib/dpkg/lock &>/dev/null; do
    sleep 1
    i=$(( i+1 ))
    if (( i > 300 )); then
      echo "error: timed out waiting for /var/lib/dpkg/lock" >&2
      exit 1
    fi
    $ROOTCMD apt-get update
  done
fi
### end sources install + updates


#### misc configurations
chroot $FAI_ROOT bash <<'EOFOUTER'
if getent group systemd-journal >/dev/null; then
  # makes the journal be saved to disk.
  mkdir -p /var/log/journal
  chmod 755 /var/log/journal
fi
debconf-set-selections <<EOF
kexec-tools kexec-tools/load_kexec boolean false
EOF
apt-get install -y pxe-kexec

# this is usefull. Only thing reason I see this being disabled by default is
# that a normal user can disrupt the system, eg cause a reboot.
sed -i '$a kernel.sysrq=1
/^kernel.sysrq=/d' /etc/sysctl.conf

EOFOUTER


if [[ $FAI_ACTION != dirinstall ]] && ! ifclass NOCRYPT; then
  # luks options, see man systemd-cryptsetup-generator
  # all i know is that with luks.crypttab=no, swap still timed out on boot.
  # and with rd.luks.crypttab=no, it works.
  if ifclass LINODE; then
    speed=19200
    cmdline="rd.luks.crypttab=no net.ifnames=0 console=ttyS0,${speed}n8"
  else
    speed=115200
    cmdline="rd.luks.crypttab=no net.ifnames=0 console=ttyS0,${speed}n8 console=tty0"
    case $HOSTNAME in
      # https://wiki.archlinux.org/index.php/Solid_state_drive#Resolving_NCQ_errors
      # evo-870 doesnt get along well with d16 with etiona
      kd) cmdline+=" libata.force=5.00:noncq" ;;
      # per rubens suggestion to make a d16 more stable
      kd|kw) cmdline+=" pci=realloc=off" ;;
    esac
  fi

  cat >$FAI_ROOT/etc/grub.d/40_custom <<EOF
#!/bin/sh
exec tail -n +3 \$0
# This file provides an easy way to add custom menu entries.  Simply type the
# menu entries you want to add after this comment.  Be careful not to change
# the 'exec tail' line above.

# https://www.coreboot.org/Serial_console # tty
# but removed unneeded stuff

serial --speed=$speed
terminal_input --append  serial
terminal_output --append serial
EOF


  chroot $FAI_ROOT bash <<EOF
set -eE -o pipefail
# https://askubuntu.com/questions/33416/how-do-i-disable-the-boot-splash-screen-and-only-show-kernel-and-boot-text-inst
# we remove quiet and splash, and all thats left is what we want

if grep -qF "$cmdline" /etc/default/grub; then
  # already set things, exit
  exit 0
fi
sed -ri 's/^ *GRUB_CMDLINE_LINUX_DEFAULT=.*/GRUB_CMDLINE_LINUX_DEFAULT="$cmdline"/' /etc/default/grub
# on xenial, no grub is displayed at all. fix that.
# found just by noticing this in the config file, and a
# warning about it in error.log
sed -i '/^ *GRUB_HIDDEN_TIMEOUT/d' /etc/default/grub

update-grub2
EOF
fi ##### end != dirinstall && != NOCRYPT


###### begin network setup ####

# use old names. the idea of them changing between boots has never
# happened to me and I usually only have 1 wired or other type.
# If I ever do need to care about it, I will.
# Strangely this didn't work on kw, so I added kernel cmdline parameter.
# https://www.freedesktop.org/wiki/Software/systemd/PredictableNetworkInterfaceNames/
ln -sf /dev/null $target/etc/systemd/network/99-default.link


# bitfolk installer handles the rest
case $HOSTNAME in
  bk|je) exit 0 ;;
esac


# use networkmanager if this host has wireless.
if type -p iw &>/dev/null && [[ $(iw dev) ]]; then
  chroot $FAI_ROOT bash <<EOF
apt-get -y install network-manager
EOF

  # allow networkmanager to manage interfaces
  #https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/1638842
  touch $target/etc/NetworkManager/conf.d/10-globally-managed-devices.conf
  # in a default desktop install, it looks like netplan creates this file under
  # run/NetworkManager/conf.d in early boot.

  # By default, dns=default is set in etiona, and dns is just broken.
  # Maybe with resolvconf it would work, but theres no need for that.
  # https://wiki.gnome.org/Projects/NetworkManager/DNS
  cat >$target/etc/NetworkManager/conf.d/99-iank.conf <<'EOF'
[main]
dns=systemd-resolved
EOF
  if [[ $HOSTNAME == frodo ]]; then
    cat > $target/etc/network/interfaces <<-EOF
# generated by FAI
auto lo eth0
iface lo inet loopback
iface eth0 inet static
address 10.3.0.2/16
EOF
  fi

else
  cat > $target/etc/network/interfaces <<-EOF
# generated by FAI
auto lo eth0
iface lo inet loopback
iface eth0 inet dhcp
iface eth0 inet6 auto
EOF

  # previously had an else condition after
  #elif ifclass VM || ifclass LINODE; then
  # iface $NIC1 inet manual
  # iface br0 inet dhcp
  #   bridge_ports $NIC1
  #   bridge_stp off
  #   bridge_maxwait 0
  # however, on t9, on startup, br0, became
  # rename1 and didn't come up. i dunno why,
  # but the bridge is for vms that I rarely use,
  # so not bothering to figure it out.


fi

if ifclass LINODE; then
  mkdir -p $target/etc/initramfs-tools/conf.d
  cat >$target/etc/initramfs-tools/conf.d/mine <<EOF
# dhcp in initramfs doesn't work on linode. i dunno why, whatever.
# man 5 initramfs.conf
# /usr/share/doc/klibc-utils/README.ipconfig.gz
# /usr/share/initramfs-tools/scripts/functions
IP=$linode_ip::$linode_gw:255.255.255.0::eth0:off
EOF


  if [[ $HOSTNAME == li ]]; then

    cat > $target/etc/network/interfaces <<-EOF
# generated by FAI
auto lo eth0
iface lo inet loopback
iface eth0 inet dhcp
# for the standard network config, uncomment this and comment the lines after it.
#iface eth0 inet6 auto

iface eth0 inet6 static
# this is really a /128. it seems like we need to assign it for ipv6 to work.
address 2600:3c00::f03c:91ff:fe6d:baf8/64
gateway fe80::1

iface eth0 inet6 static
# from a requested /64 pool
address 2600:3c00:e000:280::2/64
EOF
  fi

fi

# I prefer to stick with ifup/down for now. a. networkd is not in its
# own package, so cant use in other init systems. b. it works fine.
chroot $FAI_ROOT bash <<EOF
systemctl disable systemd-networkd.socket systemd-networkd networkd-dispatcher systemd-networkd-wait-online
systemctl mask systemd-networkd.socket systemd-networkd networkd-dispatcher systemd-networkd-wait-online
EOF

##### end network setup  #####


if ifclass VOL_BUSTER_BOOTSTRAP; then
  fcopy -riM /etc/systemd/system
  chroot $FAI_ROOT bash <<'EOFOUTER'
systemctl enable fai_check.service
EOFOUTER
  exit 0 # avoid unnecessary stuff in bootstrap vol
fi



## misc settings
chroot $FAI_ROOT bash <<'EOFOUTER'
#### begin .ssh setup ###
set -x
set -eE -o pipefail
mkdir -p /home/iank/.ssh
f=/root/.ssh/authorized_keys
if [[ -e $f ]]; then
   cp $f /home/iank/.ssh
fi
chown -R 1000:1000 /home/iank/.ssh
chmod -R u=Xrw,og= /home/iank/.ssh
rm -rf /root/.ssh
# remove broken symlinks or the following cp will fail
find /home/iank/.ssh -xtype l -exec rm '{}' \;
cp -rL /home/iank/.ssh /root
chown -R root:root /root/.ssh
chmod 700 /root/.ssh
# https://ticktockhouse.svbtle.com/my-obligatory-ubuntu-ssh-agent-post
# systemctl --user is not available at fai time, so create the link ourselves
d=/home/iank/.config/systemd/user/default.target.wants
sudo -u iank mkdir -p $d
sudo -u iank ln -sf /usr/lib/systemd/user/ssh-agent.service $d
#### end .ssh setup ###

## duplicated in ssh-emacs-setup
# done here so its setup earlier for convenience
line='AcceptEnv INSIDE_EMACS BRC COLUMNS'
f=/etc/ssh/sshd_config
grep -xFq "$line" $f || tee -a $f <<<"$line"


# default debian groups (jessie through buster) + adm, sudo, root
for g in cdrom floppy audio dip video plugdev netdev adm sudo; do
  if getent gropu $g >/dev/null; then
    usermod -aG $g iank
  fi
done

if getent group systemd-journal >/dev/null; then
  usermod -aG systemd-journal iank
fi
EOFOUTER

rm -f $target/etc/resolv.conf
ln -s ../run/systemd/resolve/stub-resolv.conf $target/etc/resolv.conf
# needed for bitfolk image
if [[ -e /a/bin/fai/fai-wrapper ]]; then
  systemctl enable systemd-resolved
  systemctl start systemd-resolved
fi



# reading through the groups that iank is in but user2 isn't,
for g in plugdev audio video cdrom; do
  $ROOTCMD usermod -a -G $g user2
done