#!/bin/bash
# I, Ian Kelling, follow the GNU license recommendations at
# https://www.gnu.org/licenses/license-recommendations.en.html. They
# recommend that small programs, < 300 lines, be licensed under the
# Apache License 2.0. This file contains or is part of one or more small
# programs. If a small program grows beyond 300 lines, I plan to switch
# its license to GPL.

# Copyright 2024 Ian Kelling

# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at

#     http://www.apache.org/licenses/LICENSE-2.0

# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.



# setup automatic decryption on boot using host-specific key file.
# When changing a hostname, that key needs updating.

set -eE -o pipefail
trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?"' ERR

[[ $EUID == 0 ]] || exec sudo -E "${BASH_SOURCE[0]}" "$@"
if [[ $- != *i* ]]; then
  exec &>>/var/log/keyscript-on.log
  echo "$0: starting. $(date)"
fi

sed="sed --follow-symlinks"

# for running under corn, we need this, else, if we call
# /sbin/update-initramfs , it will fail with:
# /sbin/update-initramfs: 157: mkinitramfs: not found
PATH="/sbin:$PATH"

if [[ $INVOCATION_ID ]]; then
  if [[ -e /b/bash_unpublished/source-state ]]; then
    # this is the canonical one
    source /b/bash_unpublished/source-state
  elif [[ -e /dev/shm/iank-status ]]; then
    # This one gets copied by system-status and is useful because it
    # exists when /a is unmounted.
    source /dev/shm/iank-status
  fi
  if [[ $MAIL_HOST && $MAIL_HOST != "$HOSTNAME" ]]; then
    echo "$0: exiting early: running under systemd as MAIL_HOST"
    exit 0
  fi
fi

if [[ ! -e /tmp/keyscript-off ]]; then
  if [[ $($sed -rn 's/^ID=(.*)/\1/p' /etc/os-release) == arch ]]; then
    if ! grep -q '^\s*FILES=' /etc/mkinitcpio.conf; then
      $sed -ri 's/^#(\s*FILES=.*)/\1/' /etc/mkinitcpio.conf # uncomment
      mkinitcpio -p linux
    fi
  else
    x=decrypt_keyctl
    if grep -q "${x}," /etc/crypttab; then
      $sed -i "s#${x},#/root/keyscript,#" /etc/crypttab
      update-initramfs -u
    fi
  fi
fi
# switch to easy or hard login pass which is the same as luks
f=/q/root/shadow/traci-simple
[[ $HOSTNAME != tpnew ]] || usermod -p "$(cat $f)" iank

echo "$0: finished. $(date)"