#!/bin/sh
# SPDX-FileCopyrightText: Daniel Pätzold
# SPDX-License-Identifier: AGPL-3.0-or-later
#
# This Script has some functions:
#
# A. First setup of PC
# Shall run after install of some new Fedora- installation -> in %post Section of Kickstart
# Attention: Kickstart-Installations ARE NON INTERACTIVE !
# When this script is executed without knowledge, it can destroy your Installation !

# Basic concepts:
# First, you need some other tool, to make a new PC include the OEM- Partition on your drive (refer to the Docs)
# The you can run a Installation of Fedora using the Everything Netinstaller or Server DVD- ISO written to USB
# The Kickstart will setup your PC, while clearing unused Partitions will be handled by pre- Section of Kickstart
# In the post-section this script will be called, to setup your PC and to have the pc getting you in the Domain on first boot
# At the first logon, the script is called by your Window- Manager again to fully setup your profile

# TODO
# - Make it ask for all needed Parameters and store them to the System if needed
# - Make it check for what to do each time so that it can be called every startup
# - Make it callable from anakondas kickstart post- script to setup system at first run
#   (kickstart post-script must be non-interactive, while first start with systemd can have a service bounf to tty for getting user-input too)
# - Detect System Environement and make User-Logon- Setup Start after first Logon
#   Supported: Cinnamon, KDE
# - Not needed: Import Firefox-Cert from IPA automatically at first run to system -> Somehow this is not needed any more, firefox will work from scratch!

# TODO Additionally
# Build a bootstick with kickstarter-configuration
# Needs the SHARE_ID where to get the installarchive from Nextcloud
# when creating the Stick

# TODO write a doc!

#Load Sytem Settings
source $(dirname "$0")/setup_system.inc.sh

# TODO
# Install System settings to installed system
# read system settings from that file

##Step 1 - Install at System boot
firstrun_prepare()
{
#Checking Service
FIRSTRUN_SERVICESTATUS=$( systemctl is-enabled ${FIRSTRUN_SERVICENAME} )
echo "Current Service Status of ${FIRSTRUN_SERVICENAME} is ${FIRSTRUN_SERVICESTATUS}"
if [ ${FIRSTRUN_SERVICESTATUS} != "enabled" ]; then
    echo "Installing Service at ${FIRSTRUN_SCRIPTPATH}/${FIRSTRUN_SERVICENAME}"
( cat <<EOF | sudo tee ${FIRSTRUN_SCRIPTPATH}/${FIRSTRUN_SERVICENAME}
[Unit]
Description=First time setup of this PC
After=NetworkManager-wait-online.service
Before=sssd.service
ConditionKernelCommandLine=!inst.nofirstrun

[Service]
User=root
Group=root
Type=oneshot
# RemainAfterExit=yes
StandardOutput=tty
#Setup_System Path
ExecStart=/bin/sh ${SCRIPTPATH}/${SCRIPTNAME} firstrun_run
#ExecStart=-/sbin/agetty --noclear -n -l "/bin/sh ${SCRIPTPATH}/${SCRIPTNAME} firstrun_run" %I 38400
# user interaction in tty8
StandardInput=tty
TTYPath=/dev/tty8
TTYReset=yes
TTYVHangup=yes

[Install]
WantedBy=multi-user.target
EOF
) >/dev/null
    sudo chmod go+r ${FIRSTRUN_SCRIPTPATH}/${FIRSTRUN_SERVICENAME}
    echo "Activating Service"
    sudo systemctl daemon-reload
    sudo systemctl enable ${FIRSTRUN_SERVICENAME}
fi
}

firstrun_remove()
{
  sudo systemctl disable ${FIRSTRUN_SERVICENAME} && sudo rm ${FIRSTRUN_SCRIPTPATH}/${FIRSTRUN_SERVICENAME}
}

#Do updates
upgrade_interactive()
{
check_root
dnf upgrade --refresh
#Check if restart is needed
dnf needs-restarting
if [ $? -eq 0 ]; then
    echo "No Restart required."
else
    echo "Restart is required, please do so now and rerun this script after reboot."
    read -n 1 -s -r -p "If you do not want to restart, please hit CTRL+C now. Any other key to continue."
    echo
#    echo "If you do not want to restart, please hit CTRL+C in the next 10 seconds"
#    for i in {10..01}
#    do
#        echo -ne "\r$i"
#        sleep 1
#    done
    shutdown -r now
fi
}

#Software needed and additional stuff
install_sw()
{
check_root
yum install -y mc htop ipa-client thunderbird pip npm pykickstart gocryptfs mediawriter
flatpak remote-add --if-not-exists flathub https://dl.flathub.org/repo/flathub.flatpakrepo

#Set default Umask 0077
sudo cp -f /etc/login.defs /etc/login.defs_backup_${CDATEC8}_${CTIMEC6}
( sed 's/^UMASK.*022$/UMASK\t077/' /etc/login.defs | sudo tee /etc/login.defs ) >/dev/null
}

ipa_register_host()
{
#Integrate this PC into Domain
chvt 8
#Check if IPA is already Configured
echo "Checking for existing IPA- Setup."
if ( grep -q "${FQDN}" /etc/ipa/default.conf ); then
  echo "IPA is already installed, skipping setup."
  return 0
fi
echo "IPA not jet installed, doing Setup."
check_root
#Serialnr of this device
echo "This PC is called ${FQDN} and will join Domain ${DOMAIN}"
#Always set determined hostname - see setup_system.conf
hostnamectl set-hostname ${HOSTNM}
#Check, if hostname is resolvable to this host - if not, add entry to /etc/hosts
if ! grep -q ${FQDN} "/etc/hosts"; then
  echo "Adding Host ${FQDN} to /etc/hosts"
  echo "">>"/etc/hosts"
  echo "127.0.0.1   ${FQDN} ${HOSTNM}">>"/etc/hosts"
fi
echo
echo -n "Please Enter your Domain- Userid: "
read IPAUSERID
echo -n "Please Enter your Domain- Password: "
read -s IPAPASSWD
INSTCMD="ipa-client-install -U --mkhomedir --force-join --no-ntp --principal=${IPAUSERID} --domain=${DOMAIN} --server=${SERVERFQDN_IPA} --hostname=${FQDN} -w ${IPAPASSWD}"
echo ${INSTCMD}
${INSTCMD}
if [ $? -ne 0 ]; then
    echo "Some Error. Please check what went wrong and redo."
    return 1
fi
echo "The PC was integrated into the Domain. You should now be able to Logon with tha User. If not, restart SSSD- Service and check the Logs."
echo ""
echo "ADVISE: for the First Logon, you may use Console (Using e.g. CONTROL+ALT+F3) - as maybe you will be prompted for Changing your Password there"
echo "which may not work on graphical logon. After that works, use CONTROL+ALT+F2 (or F7) to get back to the graphical logon."
echo ""
read -n 1 -s -r -p "Press any key to continue."
echo ""
}

test_tty()
{
  #Use TTY3 and show it
  chvt 8
  whoami
  read -r -p "This is a Test. Please enter some String: " SOMESTRING
  echo "The String was ${SOMESTRING}"
  read -n 1 -s -r -p "Press any key to continue"
  echo ""
  echo "========== END ========"
}

prepare_skel()
{
check_root
#Copy and extrakt Skel-Archive
#Include: Autostart for Getting WEB-DAV-Token if not there
#+An empty Firefox Profile - already integrated into domain with one single Startup-Page: Get Token
# https://nextcloud.obel1x.de/settings/user/security
#
#File was created with from Draft-Folder and then transferred to NC
#tar -I 'zstd -9' -cf system_setup.tar.zst ~/system_setup
#
./setup_skel.sh
}

### MAIN
case $1 in
  'install')
    echo "Mode: Install"
    install_sw
    prepare_skel
#    firstrun_prepare
  ;;
  'firstrun_prepare')
    firstrun_prepare
  ;;
  'firstrun_remove')
    firstrun_remove
  ;;
  'firstrun_run')
#    test_tty
    ipa_register_host
    echo "========== END FIRSTRUN-SERVICE ========"
  ;;
  'logon')
    upgrade
  ;;
#    ''|'something) botherpossible=true; ;;
  *)
    echo "Wrong first Parameter. Choose from: install,logon,firstrun_prepare,firstrun_remove,firstrun_run"
    echo "PLEASE DON'T USE THIS SCRIPT WITHOUT YOU KNOW WHAT YOU ARE DOING!"
    echo
    echo "ATTENTION: THIS SCRIPT MAY RENDER YOUR PC USELESS WITHOUT ASKING IF USED WRONG !!!"
    exit 1
    ;;
esac

#End
exit 0

#temp
read -n 1 -s -r -p "Press any key to continue"