#!/usr/bin/env sh
# SPDX-FileCopyrightText: Daniel Pätzold
# SPDX-License-Identifier: AGPL-3.0-or-later
#
# Central sofwareinstallation script. Should be called from logon-script via sudo and prereserved env

#Check for root
if [ "$EUID" -ne 0 ]; then
    echo "Error: Script requires root privileges. It should be executed via logon-script and not standalone."
    echo "Press any key to continue" && read -n 1 -s -r && exit 1
fi

# Ensure krb5_validate = False in sssd.conf to restore offline auth
# (SSSD >= 2.10.1 skips the CAP_DAC_READ_SEARCH raise in offline mode, so validate_tgt
#  fails with EACCES before the cached-credential fallback is reached)
_SSSD_CONF="/etc/sssd/sssd.conf"
if [ -f "${_SSSD_CONF}" ] && ! grep -q "^krb5_validate" "${_SSSD_CONF}"; then
    echo "Patching sssd.conf: adding 'krb5_validate = False' to restore offline authentication"
    sed -i "/^\[domain\/${DOMAIN}\]/a krb5_validate = False" "${_SSSD_CONF}"
    systemctl restart sssd
fi

#Check Token
if [ "${DAVTOKEN_USER}." == "." ]; then
    echo "Error: Script cannot be executed standalone, must be run with a matching sudo rule and needs a prereserved environment from logon-script."
    echo "A matching sudo rule could look like this: "'^'${SYSCONFIGPATH////'\/'}'\/system_setup\/sync_client_software\.sh.*$'
    echo "Hint: the rule must contain the !authenticate and setenv option to work."
    echo "Press any key to continue" && read -n 1 -s -r && exit 1
fi

#Install or update Nextcloud com.nextcloud.desktopclient.nextcloud
echo "Update or install Nextcloud client"
/usr/bin/flatpak remote-add --if-not-exists flathub https://dl.flathub.org/repo/flathub.flatpakrepo && \
/usr/bin/flatpak install -y --or-update --noninteractive flathub com.nextcloud.desktopclient.nextcloud && echo "Done Update/Install of Nextcloud."
if [[ $? -ne 0 ]]; then
    echo ""
    echo "There seems to be a problem with your network connection. Please first check, if your network can be established before reuming."
    echo "You can press CRTL+C to abort now. Than your data wont be accessible and you need to run \"$0\" again."
    echo "You can also continue without network. You may need your personal encryptionkey for accessing your data."
    read -n 1 -s -r -p "Please check Network and press any Key to continue"
fi
echo ""

# Ensure session bus access for Nextcloud (may be blocked by Flatseal or missing from manifest)
/usr/bin/flatpak override --system --socket=session-bus com.nextcloud.desktopclient.nextcloud

#Do an upgrade of the Base package if its configured and if there are changes
chown root:${CLIENTADMINGROUP} -R ${SYSCONFIGPATH}
chmod ug+rwX,o=rX -R ${SYSCONFIGPATH}
if [[ ! -z "${REPO_URL}" ]]; then
    echo "Checking for Upgrades on ${REPO_URL} and Branch ${REPO_BRANCH}"
    REMOTEURL=$( git config --get remote.origin.url )
    echo "Remote git URL is ${REMOTEURL}"
    if [[ "${REMOTEURL}" != "${REPO_URL}" ]]; then
        echo "This Repo is not on the matching URL, so no update is possible. If you want to change this, check out the docs on how to setup from scratch."
    else
        GITBRANCH=$( git rev-parse --abbrev-ref HEAD )
        echo "Current branch is ${GITBRANCH}"
        if [[ "${GITBRANCH}" != "${REPO_BRANCH}" ]]; then
            echo "This Repo is not on the right branch, so no update is possible."
        else
            # Doing upgrade, discarding all local changes frist (is more save than forced pull)
            echo "Checks have passed, we are now upgrading via git."
            #Fetch latest commit only (depth=1), reset working tree, purge old history and untracked files
            git fetch --depth=1 origin ${REPO_BRANCH} && git reset --hard FETCH_HEAD && git -C "${SYSCONFIGPATH}" clean -fd && git gc --prune=now --quiet
            if [[ $? -ne 0 ]]; then
                echo "Error: Failure while updating, will continue as is."
            fi
        fi
    fi
else
    echo "REPO_URL is not specified in conf - No Upgrade option available."
fi
echo ""

# Before running sync or software installs, restore the rights to all filles.
# They must be owned by root, changeable by admingroup and readable by otherusers (we are root, so we can change!)
# user_run.sh must also be executable by users
chown root:${CLIENTADMINGROUP} -R ${SYSCONFIGPATH}
chmod ug+rwX,o=rX -R ${SYSCONFIGPATH}

#Make all install.sh executable
find ${SYSCONFIGPATH}/client_software -type f -name install.sh -exec chmod ug+x,o-x {} \;
find ${SYSCONFIGPATH}/client_software -type f -name user_run.sh -exec chmod ugo+x {} \;
find ${SYSCONFIGPATH}/client_software_cust -type f -name install.sh -exec chmod ug+x,o-x {} \;
find ${SYSCONFIGPATH}/client_software_cust -type f -name user_run.sh -exec chmod ugo+x {} \;

# At first, sync central configs if they are configured to be synced
if [[ ! -z "${DISTCONFIGPATH_SRC}" ]]; then
    echo "Synced config path was found, doing remote sync."
    SYNCCMD="sudo -i /usr/bin/flatpak run --branch=stable --arch=x86_64 --command=nextcloudcmd com.nextcloud.desktopclient.nextcloud -h -u ${DAVTOKEN_USER} -p ${DAVTOKEN_PASS} --path ${DISTCONFIGPATH_SRC} ${DISTCONFIGPATH} https://${SERVERFQDN_NC}"
    SYNCCMD_HIDDENPW=$( echo "${SYNCCMD/${DAVTOKEN_PASS}/***HIDDEN***}" )
    echo "Exec: ${SYNCCMD_HIDDENPW}"
    echo "Sync Configuration"
    ${SYNCCMD} >${TEMPDIR}/synccmd_last.log 2>&1
    if [[ $? -ne 0 ]]; then
        echo "Error in sync:"
        echo ""
        cat ${TEMPDIR}/synccmd_last.log
        echo ""
        echo "Please check if your Token is setup right and for the above Output"
        read -n 1 -s -r -p "Press any key to continue"
        echo ""
        exit 1
    fi
    echo "Sucessfully synced."
    echo ""

    # Check, if we are in configure-mode and if so, remove the file and reread the now new synced configuration
    if [ -f $(dirname "$0")/../config.d/configure.conf ]; then
        #Check if configuration was obtained by sync
        if [ -f $(dirname "$0")/../config/setup_system.conf ]; then
            echo "Existing configuration found in Repository, removing configure-mode and reread the configuration."
            rm -f $(dirname "$0")/../config.d/configure.conf.bak >/dev/null
            mv $(dirname "$0")/../config.d/configure.conf $(dirname "$0")/../config.d/configure.conf.bak
            OLD_REPO_URL="$REPO_URL"
            OLD_REPO_BRANCH="$REPO_BRANCH"
            source $(dirname "$0")/setup_system.inc.sh
            #Compare the Repository URLS after that
            if [ "$REPO_URL" != "$OLD_REPO_URL" ] || [ "$REPO_BRANCH" != "$OLD_REPO_BRANCH" ]; then
                echo "The Repository for installation was"
                echo "$OLD_REPO_URL Branch $OLD_REPO_BRANCH"
                echo "After reading the config, the Repository has changed to"
                echo "$REPO_URL Branch $REPO_BRANCH"
                echo
                echo "Do you want to create a system specific configuration for the installation Repository, so that"
                read -r -p "only this system will stay on the Repository for installation? [y/N]: " CREATE_REPO_CONF
                if [[ "${CREATE_REPO_CONF,,}" == "y" ]]; then
                    echo "export REPO_URL=\"$OLD_REPO_URL\"" >$(dirname "$0")/../config.d/repo.conf
                    echo "export REPO_BRANCH=\"$OLD_REPO_BRANCH\"" >>$(dirname "$0")/../config.d/repo.conf
                    echo "Wrote new $(dirname "$0")/../config.d/repo.conf"
                fi
            fi
        else
            echo "System is in configure-mode and configuration repository was found and synced, but still not configuration was found"
            echo "checking file $(dirname "$0")/../config/setup_system.conf"
            echo ""
            echo "Please make a copy of system_setup/config.dist/setup_system.conf.dist to config/setup_system.conf and check all settings there."
            echo "Then rerun the logon script to sync the file to your repository."
            echo "Press any key to continue" && read -n 1 -s -r && exit 1
        fi
    fi
fi

echo "Running all software scripts in admin- context."
# Run pre installed scripts in client_software
echo "Running pre installed scripts first."
for DIR in $(ls -d ${SYSCONFIGPATH}/client_software/*/ | sort); do
  DIR=${DIR%*/}      # remove the trailing "/"
  if [[ "$2." != "." ]] && [[ "${DIR}" != *"$2"* ]]; then
    #search for string in dir
    echo "Skipping ${DIR} while not in search parameter ( $2 )."
    continue
  fi
  if [ -f "${DIR}/install.sh" ]; then
    echo " ===================="
    echo " >>> Running ${DIR}/install.sh"
    cd ${DIR}
    ${DIR}/install.sh
    if [ $? -ne 0 ]; then
      echo " ===================="
      echo "Some Error in script, will not continue. Please check."
      echo "Press any key to continue."
      read -n 1 -s -r
      exit 1
    fi
    echo " ===================="
  fi
done
echo "Sucessfully installed pre-defined software."
echo

# To run scripts, the repository path must always be set right (but maybe empty, which is fine)
if [ "${CLIENT_SOFTWARE_CUST_DST}" != "${SYSCONFIGPATH}/client_software_cust" ]; then
    echo "Error in config: Required parameter CLIENT_SOFTWARE_CUST_DST is missing or set wrong."
    echo "Please relog and if the problem reoccures, contact your system admins to correct the Values."
    read -n 1 -s -r -p "Press any key to continue"
    echo
    exit 1
else
  # Then, sync all client_software-files
  if [[ -z "${CLIENT_SOFTWARE_CUST_SRC}" ]]; then
    echo "No customer software sync is defined, skipping sync"
    echo "${CLIENT_SOFTWARE_CUST_DST} with ${CLIENT_SOFTWARE_CUST_SRC}"
  else
    echo "Syncing customer software repository ${CLIENT_SOFTWARE_CUST_DST}"
    # Create Directory if not existent
    mkdir -p ${CLIENT_SOFTWARE_CUST_DST}
    SYNCCMD="sudo -i /usr/bin/flatpak run --branch=stable --arch=x86_64 --command=nextcloudcmd com.nextcloud.desktopclient.nextcloud -h -u ${DAVTOKEN_USER} -p ${DAVTOKEN_PASS} --path ${CLIENT_SOFTWARE_CUST_SRC} ${CLIENT_SOFTWARE_CUST_DST} https://${SERVERFQDN_NC}"
    SYNCCMD_HIDDENPW=$( echo "${SYNCCMD/${DAVTOKEN_PASS}/***HIDDEN***}" )
    echo "Exec: ${SYNCCMD_HIDDENPW}"
    echo "Sync Client Software"
    ${SYNCCMD} >${TEMPDIR}/synccmd_last.log 2>&1
    if [[ $? -ne 0 ]]; then
        echo "Error in sync:"
        echo ""
        cat ${TEMPDIR}/synccmd_last.log
        echo ""
        echo "Please check if your Token is setup right and for the above Output"
        read -n 1 -s -r -p "Press any key to continue"
        echo ""
        exit 1
    fi
    echo "Sucessfully synced."
  fi
  echo

  #Run customer setup
  if [ ! -z "${CLIENT_SOFTWARE_CUST_DST}" ]; then
    echo "Running all software scripts in admin- context."
    for DIR in $(ls -d ${CLIENT_SOFTWARE_CUST_DST}/*/ | sort); do
      DIR=${DIR%*/}      # remove the trailing "/"
      if [[ "$1." != "." ]] && [[ "${DIR}" != *"$1"* ]]; then
        #search for string in dir
        echo "Skipping ${DIR} while not in search parameter ( $1 )."
        continue
      fi
      if [ -f "${DIR}/install.sh" ]; then
        echo " ===================="
        echo " >>> Running ${DIR}/install.sh"
        cd ${DIR}
        ${DIR}/install.sh
        if [ $? -ne 0 ]; then
          echo " ===================="
          echo "Some Error in script, will not continue. Please check."
          echo "Press any key to continue."
          read -n 1 -s -r
          exit 1
        fi
        echo " ===================="
      fi
    done
  fi
fi

#Last, remove unused Flatpak- Runtimes and unused Data
echo "Removing unused Flatpak- Data."
flatpak uninstall --unused -y

echo "Sucessfully installed software."
echo ""
exit 0