#!/usr/bin/env sh

set -e

# Make sure we can connect to apt repos
apt-get update

# Networking & Firewall
apt-get -y install network-manager netcat-openbsd rsync curl wget ufw \
        whois net-tools network-manager-openvpn sipcalc ifupdown- connman- \
        cmst- netcat-traditional-

if [ -w /etc/network/interfaces ]; then
    mv /etc/network/interfaces /etc/network/interfaces.OLD
    touch /etc/network/interfaces
fi

# Can only give ufw one arg at a time...
for service in mdns dhcpv6-client; do
    ufw allow $service
done
ufw limit ssh

ufw --force enable

# Disallow root login via ssh
echo 'PermitRootLogin no' > /etc/ssh/sshd_config.d/permit_root_login.conf
systemctl restart sshd

# Make sure NetworkMangler is doing its thing
systemctl restart NetworkManager NetworkManager-wait-online

nmcli device set eth0 managed true
nmcli connection modify Wired\ connection\ 1 ipv6.addr-gen-mode eui64

# Pause here til it's good or it won't make it much further
until nc -w 5 -z mirror.swagg.net 80; do
    echo "Couldn't ping SwaggNet... Trying again in 5 seconds..."
    sleep 5
done

# AppArmor (disable for now)
cat > /etc/default/grub.d/apparmor.cfg <<'EOF'
GRUB_CMDLINE_LINUX_DEFAULT="$GRUB_CMDLINE_LINUX_DEFAULT apparmor=0"
EOF

update-grub

# Logging
apt-get -y install rsyslog

if [ -d /var/log/journal ]; then
    rm -rf /var/log/journal
fi

# Various things
apt-get -y install unifont bsdgames fortune-mod fortunes-bofh-excuses      \
        fortunes-mario fortunes fortunes-min neofetch screen apt-file \
        htop iftop gcal pinentry-curses

apt-file update

# Set locale for date/time display
localectl set-locale LC_TIME='C.UTF-8'