#!/usr/bin/env sh

set -e

# Make sure we can connect to apt repos
apt-get update

# Networking & Firewall
apt-get -y install network-manager netcat-openbsd rsync curl wget \
        avahi-daemon net-tools ufw whois network-manager-openvpn sipcalc \
        ifupdown- connman- cmst- netcat-traditional-

if [ -w /etc/network/interfaces ]; then
    mv /etc/network/interfaces /etc/network/interfaces.OLD
    touch /etc/network/interfaces
fi

# Can only give ufw one arg at a time...
for service in mdns dhcpv6-client; do
    ufw allow $service
done
ufw limit ssh

ufw --force enable

# Disallow root login via ssh
echo 'PermitRootLogin no' > /etc/ssh/sshd_config.d/permit_root_login.conf
systemctl restart sshd

# Make sure NetworkMangler is doing its thing
systemctl restart NetworkManager NetworkManager-wait-online

# Pause here til it's good or it won't make it much further
until nc -w 5 -z mirror.swagg.net 80; do
    echo "Couldn't ping SwaggNet... Trying again in 5 seconds..."
    sleep 5
done

# NTP
cat >> /etc/systemd/timesyncd.conf <<'EOF'
NTP=pfswagg.swaggnet.real swaggcore0.swaggnet.real
FallbackNTP=time-a-g.nist.gov time-b-g.nist.gov time-c-g.nist.gov time-d-g.nist.gov time-e-g.nist.gov
EOF

systemctl restart systemd-timesyncd

# Shared drives
if grep -q 'swaggnet\.real' /etc/resolv.conf; then
    apt-get -y install cifs-utils smbclient autofs

    if ! [ -d /var/autofs/swagg ]; then
        mkdir -p /var/autofs/swagg
    fi

    if ! [ -d "$HOME"/misc ]; then
        mkdir "$HOME"/misc
    fi

    (cd "$HOME"/misc
     wget --content-disposition \
          'http://mirror.swagg.net/cgi-bin/iso9660.cgi'
     tar xf samba_swagg_debian.tar.gz
     cp samba_swagg/etc/auto.master.d/swagg.autofs /etc/auto.master.d/
     cp samba_swagg/etc/auto.swagg /etc/
     cp samba_swagg/root/.samba /root/.samba)

    systemctl restart autofs
fi

# AppArmor (disable for now)
cat > /etc/default/grub.d/apparmor.cfg <<'EOF'
GRUB_CMDLINE_LINUX_DEFAULT="$GRUB_CMDLINE_LINUX_DEFAULT apparmor=0"
EOF

update-grub

# Development stuff
apt-get -y install git libsecret-1-0 libsecret-1-dev build-essential vim \
        emacs crun podman podman-docker podman-compose ruby-full rbenv   \
        perl perlbrew cpanminus rakudo raku-* postgresql-15 shellcheck   \
        postgresql-server-dev-15 emacs-goodies-extra-el                  \
        elpa-dockerfile-mode elpa-web-mode elpa-yaml-mode docker-compose-

# Need this for rootless podman
if grep -q '^daniel:' /etc/shadow; then
    loginctl enable-linger daniel
fi

# Credential helper for git
(cd /usr/share/doc/git/contrib/credential/libsecret
 make)

# Logging
apt-get -y install rsyslog

if [ -d /var/log/journal ]; then
    rm -rf /var/log/journal
fi

# Firmware (if available)
if apt-get -s install firmware-linux-nonfree > /dev/null 2>&1; then
    apt-get -y install firmware-linux-nonfree
fi

# Various things
apt-get -y install unifont bsdgames fortune-mod fortunes-bofh-excuses      \
        fortunes-mario fortunes fortunes-min neofetch screen beep apt-file \
        htop iftop lm-sensors gcal pinentry-curses

apt-file update

# systemd cope
perl -i.bak -pe 's/^#// if /Timeout/ && /\ds$/' /etc/systemd/system.conf

# fwupd
apt-get -y install udisks2 fwupd

# Set locale for date/time display
localectl set-locale LC_TIME='C.UTF-8'

# Stop here if there's no graphical UI
if [ "$(systemctl is-active display-manager)" = 'inactive' ]; then
    apt-get -y autoremove
    exit
fi

# User-specific DESKTOP stuff
if who -u | grep '\(:0\)' | grep -q '^daniel'; then
    # PipeWire
    apt-get -y install wireplumber libspa-0.2-bluetooth \
            pipewire-media-session- pulseaudio-
    apt-mark hold pulseaudio
    systemctl --user -M daniel@ enable wireplumber.service

    # Flatpak
    apt-get -y install flatpak
    su daniel -c 'flatpak --user remote-add --if-not-exists flathub \
            "https://flathub.org/repo/flathub.flatpakrepo"'
    su daniel -c 'flatpak -y install com.slack.Slack im.riot.Riot \
            com.discordapp.Discord com.sindresorhus.Caprine       \
            com.bitwarden.desktop'
fi

# Various DESKTOP things
apt-get -y install lxqt-archiver caffeine picom vlc thunderbird redshift   \
        kitty libopengl-xscreensaver-perl xscreensaver-data-extra          \
        xscreensaver-data xscreensaver-gl-extra xscreensaver-gl            \
        xscreensaver-screensaver-bsod xscreensaver-screensaver-dizzy       \
        xscreensaver-screensaver-webcollage chromium nm-tray gimp quassel- \
        transmission-qt liblxqt-backlight-helper xserver-xorg-video-intel- \
        openbox obconf-qt menu xfwm4-

# Steam (if available)
(cd /tmp
 # I can't do a simulated install due to the multilib requirement
 if apt-get download steam-installer > /dev/null 2>&1; then
     dpkg --add-architecture i386
     apt-get update
     apt-file update

     apt-get -y install steam-installer

     rm ./steam-installer*.deb
 fi)

# Laptop stuff
if ! command -v laptop-detect > /dev/null 2>&1; then
    apt-get -y install laptop-detect
fi

if laptop-detect; then
    apt-get -y install tlp modemmanager modem-manager-gui powertop-
fi

# Clean up before exiting
apt-get -y autoremove