#!/usr/bin/env bash
#
# Basic provision example
#
# Copyright (C) 2017 Silvio Rhatto - rhatto at riseup.net
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published
# by the Free Software Foundation, either version 3 of the License,
# or any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program.  If not, see <http://www.gnu.org/licenses/>.
#

# Parameters
DIRNAME="`dirname $0`"
BASENAME="`basename $0`"
HOSTNAME="$1"
DOMAIN="$2"
MIRROR="$3"
APT_INSTALL="sudo LC_ALL=C DEBIAN_FRONTEND=noninteractive apt-get install -y"

# Ensure we're in the home folder
cd

# Dependencies
echo "Installing basic dependencies..."
$APT_INSTALL git curl make wipe man zsh || exit 1

# Set user shell
if [ -x "/bin/zsh" ]; then
  sudo chsh -s /bin/zsh `whoami`
fi

# Tools
if [ ! -e "apps/infection" ]; then
  rm -rf apps
  git clone --recursive https://git.fluxo.info/rhatto/apps
  apps/infection init
else
  echo "Updating locally-installed apps and dotfiles..."
  apps/infection fetch
  apps/infection merge
  apps/metadot/metadot fetch
  apps/metadot/metadot merge
fi

# Load basic config
apps/metadot/metadot load-bundle console
apps/metadot/metadot deps-bundle console

# Install hydra system-wide
apps/hydra/hydractl install

# Install trashman system-wide
sudo apps/trashman/trashman install trashman

# Upgrade
if which hydractl &> /dev/null; then
  hydractl upgrade
else
  sudo apt-get update && sudo apt-get upgrade -y && sudo apt-get autoremove -y && sudo apt-get clean || exit 1
fi

#
# System tuning
#

# Configure some system behavior using trashman
sudo apps/trashman/trashman install swapfile
sudo apps/trashman/trashman install grub-serial-console

# Security
sudo sysctl kernel.unprivileged_bpf_disabled=1
echo "kernel.unprivileged_bpf_disabled=1" | sudo tee /etc/sysctl.d/kernel.unprivileged_bpf_disabled.conf > /dev/null

# Configuring APT
sudo apt-get update
$APT_INSTALL apt-transport-https || exit 1
sudo sed -i -e "s|http://http.debian.net|https://deb.debian.org|g" /etc/apt/sources.list || exit 1
sudo sed -i -e "s|http://deb.debian.org|https://deb.debian.org|g"  /etc/apt/sources.list || exit 1
sudo sed -i -e "s|main$|main contrib non-free|g"                   /etc/apt/sources.list || exit 1

# GRUB timeout
if ! grep -q "GRUB_TIMEOUT=1" /etc/default/grub; then
  sudo sed -i -e 's|GRUB_TIMEOUT=5|GRUB_TIMEOUT=1|' /etc/default/grub
  sudo update-grub
fi

# Fstrim
# See https://pve.proxmox.com/wiki/Shrink_Qcow2_Disk_Files
sudo fstrim -av
sudo sync