#!/bin/bash

# autoreply config update dialog with no
if [[ ! -f /etc/apt/apt.conf.d/local ]]
    then
        echo "Dpkg::Options {" >> /etc/apt/apt.conf.d/local
        echo "   "--force-confdef";" >> /etc/apt/apt.conf.d/local
        echo "   "--force-confold";" >> /etc/apt/apt.conf.d/local
        echo "}" >> /etc/apt/apt.conf.d/local
fi

# update bookworm to new debian.sources file
if [[ -f /etc/apt/sources.list.d/debian.sources ]] 
    then
        echo "Sources already updated"
    else
        isInFile=$(cat /etc/apt/sources.list | grep -c "bullseye")
            if [ $isInFile -eq 0 ]
                then
                    mkdir /etc/apt/mirrors > /dev/null 2>&1
                    echo "https://deb.debian.org/debian" >> /etc/apt/mirrors/debian.list
                    echo "https://deb.debian.org/debian-security" >> /etc/apt/mirrors/debian-security.list
                    echo "Types: deb deb-src" >> /etc/apt/sources.list.d/debian.sources
                    echo "URIs: mirror+file:///etc/apt/mirrors/debian.list" >> /etc/apt/sources.list.d/debian.sources
                    echo "Suites: bookworm bookworm-updates bookworm-backports" >> /etc/apt/sources.list.d/debian.sources
                    echo "Components: main contrib non-free non-free-firmware" >> /etc/apt/sources.list.d/debian.sources
                    echo "" >> /etc/apt/sources.list.d/debian.sources
                    echo "Types: deb deb-src" >> /etc/apt/sources.list.d/debian.sources
                    echo "URIs: mirror+file:///etc/apt/mirrors/debian-security.list" >> /etc/apt/sources.list.d/debian.sources
                    echo "Suites: bookworm-security" >> /etc/apt/sources.list.d/debian.sources
                    echo "Components: main" >> /etc/apt/sources.list.d/debian.sources
                    mv /etc/apt/sources.list /etc/apt/sources.list.bak > /dev/null 2>&1
                    rm /etc/apt/sources.list.11.backup > /dev/null 2>&1
                else
                    echo "Bullseye detected, skipping sources update"
            fi
fi

# update and upgrade
apt-get update
apt-get upgrade -y

# download and install packages
apt-get install -y pwgen lsb-release cron qemu-guest-agent sudo nano curl wget zip unzip git rsync man-db cifs-utils nfs-common parted libtalloc2 libwbclient0 net-tools gnupg apt-transport-https tmux gdisk bash-completion

# add akanealw user if not existing
isInFile=$(cat /etc/passwd | grep -c "akanealw")
if [ $isInFile -eq 0 ]
    then
        echo "Set password for akanealw"
        useradd -m -p $(openssl passwd -1 ${PASSWORD}) -s /bin/bash -d /home/akanealw akanealw
        mkdir /home/akanealw/.ssh
        chown akanealw:akanealw /home/akanealw/.ssh
        chmod 700 /home/akanealw/.ssh
        cp /root/.ssh/authorized_keys /home/akanealw/.ssh > /dev/null 2>&1
        chown akanealw:akanealw /home/akanealw/.ssh/authorized_keys > /dev/null 2>&1
        chmod 600 /home/akanealw/.ssh/authorized_keys > /dev/null 2>&1
fi

# create akanealw file in /etc/sudoers.d
if [[ ! -f /etc/sudoers.d/akanealw ]]
    then
        echo "akanealw ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers.d/akanealw
fi

# enable ping for all users
setcap 'cap_net_admin,cap_net_raw+ep' $(which ping)

# remove all motd
rm /etc/motd > /dev/null 2>&1

# disable systemd-networkd-wait-online.service
systemctl disable systemd-networkd-wait-online.service

# git config
git config --global credential.helper store
git config --global user.name "akanealw"
git config --global user.email "akanealw@gmail.com"
git config --global init.defaultBranch main

# show ip in /etc/issue
wget -qO /etc/issue.default http://192.168.1.50/debian/issue.default
rm /etc/issue > /dev/null 2>&1
cp /etc/issue.default /etc/issue
name=$(basename /sys/class/net/e*)
echo "" >> /etc/issue
echo "$name: \4{$name}" >> /etc/issue
echo "" >> /etc/issue

# set input preferences
wget -qO /etc/inputrc.default http://192.168.1.50/debian/inputrc.default
rm /etc/inputrc > /dev/null 2>&1
cp /etc/inputrc.default /etc/inputrc
echo "" >> /etc/inputrc
echo "set completion-ignore-case On" >> /etc/inputrc

# set bash preferences and aliases
wget -qO /etc/bash.bashrc.default http://192.168.1.50/debian/bash.bashrc.default
rm /etc/bash.bashrc > /dev/null 2>&1
cp /etc/bash.bashrc.default /etc/bash.bashrc
echo "" >> /etc/bash.bashrc
echo "# custom settings and aliases" >> /etc/bash.bashrc
echo "set -o noclobber" >> /etc/bash.bashrc
echo "alias lsa='ls -alhvF'" >> /etc/bash.bashrc
echo "alias systart='sudo systemctl start'" >> /etc/bash.bashrc
echo "alias systop='sudo systemctl stop'" >> /etc/bash.bashrc
echo "alias sysrest='sudo systemctl restart'" >> /etc/bash.bashrc
echo "alias systat='sudo systemctl status'" >> /etc/bash.bashrc
echo "alias aptupy='sudo apt update && sudo apt upgrade -y'" >> /etc/bash.bashrc
echo "alias aptiy='sudo apt install -y'" >> /etc/bash.bashrc
echo "alias aptry='sudo apt remove -y'" >> /etc/bash.bashrc
echo "alias aptrpy='sudo apt remove --purge -y'" >> /etc/bash.bashrc
echo "alias aptary='sudo apt autoremove -y'" >> /etc/bash.bashrc
echo "alias apts='sudo apt search'" >> /etc/bash.bashrc
echo "alias aptl='sudo apt list --installed'" >> /etc/bash.bashrc
echo "alias aptsh='sudo apt show'" >> /etc/bash.bashrc
echo "alias aptac='sudo apt-get autoclean'" >> /etc/bash.bashrc
echo "alias dpkgi='sudo dpkg -i'" >> /etc/bash.bashrc
echo "alias tmxls='tmux ls'" >> /etc/bash.bashrc
echo "alias tmxa='tmux attach -t'" >> /etc/bash.bashrc
echo "alias dc='docker compose'" >> /etc/bash.bashrc
echo "alias dcup='docker compose up -d'" >> /etc/bash.bashrc
echo "alias dcaup='docker compose -f admin-compose.yml up -d'" >> /etc/bash.bashrc
echo "alias dcdown='docker compose down'" >> /etc/bash.bashrc
echo "alias dcadown='docker compose -f admin-compose.yml down'" >> /etc/bash.bashrc
echo "alias dcpull='docker compose pull'" >> /etc/bash.bashrc
echo "alias dcapull='docker compose -f admin-compose.yml pull'" >> /etc/bash.bashrc
echo "alias dps='docker ps'" >> /etc/bash.bashrc
echo "alias dipaf='docker image prune -a -f'" >> /etc/bash.bashrc

# create tmux config
rm /etc/tmux.conf* > /dev/null 2>&1
echo "unbind C-b" >> /etc/tmux.conf
echo "set-option -g prefix C-a" >> /etc/tmux.conf
echo "bind-key C-a send-prefix" >> /etc/tmux.conf

# create credentials and map network drives
isInFile=$(cat /etc/fstab | grep -c "192.168.1.41")
if [ $isInFile -eq 0 ]
    then
        mkdir /mnt/truenasdata > /dev/null 2>&1
        chown akanealw:akanealw /mnt/truenasdata
        echo "# nfs shares" >> /etc/fstab
        echo "192.168.1.41:/mnt/data /mnt/truenasdata nfs defaults,nolock,soft,vers=4.2 0 0" >> /etc/fstab
fi

# configure email for sending notifications
isInFile=$(cat /etc/postfix/main.cf | grep -c "gmail")
if [ $isInFile -eq 0 ]
    then
        DEBIAN_FRONTEND=noninteractive apt install -y libsasl2-modules mailutils postfix postfix-pcre
        echo "smtp.gmail.com notify.akanealw@gmail.com:leawkqqpthbwacrf" > /etc/postfix/sasl_passwd
        echo "/^From:.*/ REPLACE From: $(hostname) <notify.akanealw@gmail.com>" > /etc/postfix/smtp_header_checks
        chmod 600 /etc/postfix/sasl_passwd
        postmap hash:/etc/postfix/sasl_passwd
        postmap hash:/etc/postfix/smtp_header_checks
        sed -i 's@relayhost =@#relayhost = @g' /etc/postfix/main.cf
        sed -i 's@smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache@#smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache@g' /etc/postfix/main.cf
        echo "" >> /etc/postfix/main.cf
        echo "# google mail configuration" >> /etc/postfix/main.cf
        echo "relayhost = smtp.gmail.com:587" >> /etc/postfix/main.cf
        echo "smtp_use_tls = yes" >> /etc/postfix/main.cf
        echo "smtp_sasl_auth_enable = yes" >> /etc/postfix/main.cf
        echo "smtp_sasl_security_options =" >> /etc/postfix/main.cf
        echo "smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd" >> /etc/postfix/main.cf
        echo "smtp_tls_CAfile = /etc/ssl/certs/Entrust_Root_Certification_Authority.pem" >> /etc/postfix/main.cf
        echo "smtp_tls_session_cache_database = btree:/var/lib/postfix/smtp_tls_session_cache" >> /etc/postfix/main.cf
        echo "smtp_tls_session_cache_timeout = 3600s" >> /etc/postfix/main.cf
        echo "smtp_header_checks = pcre:/etc/postfix/smtp_header_checks" >> /etc/postfix/main.cf
        echo "" >> /etc/postfix/main.cf
        postfix reload
        echo "This is a test message sent from postfix on $(hostname)" | mail -s "Test Email from $(hostname)" akanealw@gmail.com
    else
        echo "Email already configured."
fi

# configure unattended upgrades
isInFile=$(cat /etc/apt/apt.conf.d/20auto-upgrades | grep -c 'APT::Periodic::Unattended-Upgrade "1";')
if [ $isInFile -eq 0 ]
    then
        apt install -y apt-listchanges unattended-upgrades
        sed -i 's@//      "origin=Debian,codename=${distro_codename}-updates";@        "origin=Debian,codename=${distro_codename}-updates";@g' /etc/apt/apt.conf.d/50unattended-upgrades
        sed -i 's!//Unattended-Upgrade::Mail "";!Unattended-Upgrade::Mail "akanealw@gmail.com";!g' /etc/apt/apt.conf.d/50unattended-upgrades
        sed -i 's@//Unattended-Upgrade::MailReport "on-change";@Unattended-Upgrade::MailReport "on-change";@g' /etc/apt/apt.conf.d/50unattended-upgrades
        sed -i 's@//Unattended-Upgrade::Remove-Unused-Dependencies "false";@Unattended-Upgrade::Remove-Unused-Dependencies "true";@g' /etc/apt/apt.conf.d/50unattended-upgrades
        echo "APT::Periodic::Update-Package-Lists \"1\";" > /etc/apt/apt.conf.d/20auto-upgrades
        echo "APT::Periodic::Unattended-Upgrade \"1\";" >> /etc/apt/apt.conf.d/20auto-upgrades
        systemctl enable unattended-upgrades
        systemctl start unattended-upgrades
        systemctl status unattended-upgrades
    else
        echo "Unattended upgrades already configured."
fi