#!/bin/bash
# ========================================================================== #
#                                                                            #
#    KVMD - The main PiKVM daemon.                                           #
#                                                                            #
#    Copyright (C) 2018-2023  Maxim Devaev <mdevaev@gmail.com>               #
#                                                                            #
#    This program is free software: you can redistribute it and/or modify    #
#    it under the terms of the GNU General Public License as published by    #
#    the Free Software Foundation, either version 3 of the License, or       #
#    (at your option) any later version.                                     #
#                                                                            #
#    This program is distributed in the hope that it will be useful,         #
#    but WITHOUT ANY WARRANTY; without even the implied warranty of          #
#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the           #
#    GNU General Public License for more details.                            #
#                                                                            #
#    You should have received a copy of the GNU General Public License       #
#    along with this program.  If not, see <https://www.gnu.org/licenses/>.  #
#                                                                            #
# ========================================================================== #


set -ex

if [ "$(whoami)" != root ]; then
	echo "Only root can do that"
	exit 1
fi

if [ "$1" != --do-the-thing ]; then
	echo "This script will make some firstboot magic. Don't run it manually."
	exit 1
fi


# ========== Preparing ==========

if [ ! -f /boot/pikvm.txt ]; then
	exit 0
fi
# shellcheck disable=SC1090
source <(dos2unix < /boot/pikvm.txt)

rw


# ========== First boot configuration ==========

if [ -n "$FIRSTBOOT$FIRST_BOOT" ]; then
	( \
		(umount /etc/machine-id || true) \
		&& echo -n > /etc/machine-id \
		&& systemd-machine-id-setup \
	) || true

	rm -f /etc/ssh/ssh_host_*
	ssh-keygen -v -A

	rm -f /etc/kvmd/nginx/ssl/*
	rm -f /etc/kvmd/vnc/ssl/*
	kvmd-gencert --do-the-thing
	kvmd-gencert --do-the-thing --vnc

	if grep -q 'X-kvmd\.otgmsd' /etc/fstab; then
		part=$(grep 'X-kvmd\.otgmsd' /etc/fstab | awk '{print $1}')
		# shellcheck disable=SC2206
		splitted=(${part//=/ })
		if [ "${splitted[0]}" == LABEL ]; then
			label=${splitted[1]}
			part=$(blkid -c /dev/null -L "$label")
		else
			label=PIMSD
		fi
		unset splitted
		disk=/dev/$(lsblk -no pkname "$part")
		npart=$(cat "/sys/class/block/${part//\/dev\//}/partition")
		umount "$part"
		parted "$disk" -a optimal -s resizepart "$npart" 100%
		yes | mkfs.ext4 -L "$label" -F -m 0 "$part"
		mount "$part"
		unset disk part npart label
	fi

	# fc-cache is required for installed X server
	# shellcheck disable=SC2015
	which fc-cache && fc-cache || true
fi


# ========== OTG serial ==========

if [ -n "$ENABLE_OTG_SERIAL" ]; then
	cat <<end_of_file > /etc/kvmd/override.d/0000-vendor-otg-serial.yaml
# Generated by kvmd-bootconfig. Do not edit this file!
otg:
    devices:
        serial:
            enabled: true
end_of_file
	grep '^ttyGS0$' /etc/securetty || echo ttyGS0 >> /etc/securetty
	mkdir -p /etc/systemd/system/getty@ttyGS0.service.d
	cat <<end_of_file > /etc/systemd/system/getty@ttyGS0.service.d/override.conf
[Service]
TTYReset=no
TTYVHangup=no
TTYVTDisallocate=no
end_of_file
	systemctl enable getty@ttyGS0.service
	touch /boot/pikvm-reboot.txt
fi


# ========== SSH ==========

if [ -n "$SSH_PORT" ]; then
	sed -i -e "s/^\s*#*\s*Port\s\+.*$/Port $SSH_PORT/g" /etc/ssh/sshd_config
fi


# ========== Ethernet ==========

# If the ETH_DHCP is defined, configure eth0 for DHCP
if [ -n "$ETH_DHCP" ]; then
	ETH_IFACE="${ETH_IFACE:-eth0}"
	cat <<end_of_file > "/etc/systemd/network/$ETH_IFACE.network"
[Match]
Name=$ETH_IFACE

[Network]
DHCP=yes
DNSSEC=no

[DHCP]
# Use same IP by forcing to use MAC address for clientID
ClientIdentifier=mac
# https://github.com/pikvm/pikvm/issues/583
RouteMetric=10
end_of_file
fi

# If the ETH_ADDR is defined, configure a static address on eth0
if [ -n "$ETH_ADDR" ]; then
	ETH_IFACE="${ETH_IFACE:-eth0}"
	cat <<end_of_file > "/etc/systemd/network/$ETH_IFACE.network"
[Match]
Name=$ETH_IFACE

[Network]
Address=$ETH_ADDR
DNS=$ETH_DNS
DNSSEC=no

[Route]
Gateway=$ETH_GW
end_of_file
fi


# ========== Wi-Fi ==========

# Set the regulatory domain for wifi, if defined.
if [ -n "$WIFI_REGDOM" ]; then
	sed -i \
			-e 's/^\(WIRELESS_REGDOM=.*\)$/#\1/' \
			-e 's/^#\(WIRELESS_REGDOM="'"$WIFI_REGDOM"'"\)/\1/' \
		/etc/conf.d/wireless-regdom
fi

# If the WIFI_ESSID is defined, configure wlan0
if [ -n "$WIFI_ESSID" ]; then
	WIFI_IFACE="${WIFI_IFACE:-wlan0}"
	cat <<end_of_file > "/etc/systemd/network/$WIFI_IFACE.network"
[Match]
Name=$WIFI_IFACE

[Network]
DHCP=yes
DNSSEC=no

# Use same IP by forcing to use MAC address for clientID
[DHCP]
ClientIdentifier=mac
end_of_file
	wpa_passphrase "$WIFI_ESSID" "$WIFI_PASSWD" > "/etc/wpa_supplicant/wpa_supplicant-$WIFI_IFACE.conf"
	systemctl enable "wpa_supplicant@$WIFI_IFACE.service" || true
	touch /boot/pikvm-reboot.txt
fi


# ========== Custom scripts ==========

if [ -d /boot/pikvm-scripts.d ]; then
	run-parts --regex='^.+$' /boot/pikvm-scripts.d || true
fi


# ========== Finish ==========

rm -f /boot/pikvm.txt

if [ -f /boot/pikvm-reboot.txt ]; then
	rm -f /boot/pikvm-reboot.txt
	ro
	echo "kvmd-bootconfig: Reboot after 5 seconds" | tee /dev/kmsg
	sleep 2
	reboot
	sleep 3
else
	ro
fi