#!/bin/bash
# Copyright (C) 2019 Ian Kelling
# SPDX-License-Identifier: AGPL-3.0-or-later

set -eE -o pipefail
trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?"' ERR

[[ $EUID == 0 ]] || exec sudo -E "${BASH_SOURCE[0]}" "$@"
if [[ $- != *i* ]]; then
  exec &>>/var/log/keyscript-on.log
  echo "$0: starting. $(date)"
fi
rootn=1

sed="sed --follow-symlinks"

if [[ ! -e /tmp/keyscript-off ]]; then
  if [[ $($sed -rn 's/^ID=(.*)/\1/p' /etc/os-release) == arch ]]; then
    if ! grep -q '^\s*FILES=' /etc/mkinitcpio.conf; then
      $sed -ri 's/^#(\s*FILES=.*)/\1/' /etc/mkinitcpio.conf # uncomment
      mkinitcpio -p linux
    fi
  else
    x=decrypt_keyctl
    # old name. can remove this sometime after aug 2019
    $sed -i "s#/root/keyscript-manual,#${x},#" /etc/crypttab
    if grep -q "${x}," /etc/crypttab; then
      $sed -i "s#${x},#/root/keyscript,#" /etc/crypttab
      update-initramfs -u
    fi
  fi
fi
# switch to easy or hard login pass which is the same as luks
f=/q/root/shadow/traci-simple
[[ $HOSTNAME != tpnew ]] || usermod -p "$(cat $f)" iank

echo "$0: finished. $(date)"