#!/bin/bash

[[ -v installbase ]] || source /var/tmp/install/common.sh

set_root_pw() {
  local rootpw
  rootpw=$(get_profile .rootpw)
  if [[ -z $rootpw ]]; then
    return 0
  fi
  chmod 600 /etc/shadow
  sed -i -E "s@^root:\!unprovisioned:(.*)@root:$rootpw:\1@" /etc/shadow
  chmod 000 /etc/shadow
}

get_users() {
  jq -M -r '.user // {} | keys[]' "$installbase/profile.json"
}

create_user() {
  local userhome_exists sshkey pw user=$1 useradd_opts=()
  if [[ -e /home/$user ]]; then
    userhome_exists=1
  fi
  if [[ ! $userhome_exists ]]; then
    useradd_opts+=(-m)
  fi
  if [[ $(get_profile .user.$user.system) = "true" ]]; then
    useradd_opts+=(--system)
  fi
  pw=$(get_profile .user.$user.password)
  if [[ $pw ]]; then
    useradd_opts+=(-p "$pw")
  fi
  useradd -U "${useradd_opts[@]}" "$user"
  if [[ $(get_profile .user.$user.admin) = "true" ]]; then
    usermod -a -G wheel "$user"
  fi
  if [[ $userhome_exists ]]; then
    chown -R $user: /home/$user
    return 0
  fi
  sshkey="$(get_profile .user.$user.sshkey)"
  mkdir -p /home/$user/.ssh
  chmod 700 /home/$user/.ssh
  if [[ $sshkey ]]; then
    echo "$sshkey" > /home/$user/.ssh/authorized_keys
    chmod 600 /home/$user/.ssh/authorized_keys
  fi
  chown -R $user: /home/$user
}

create_users() {
  local user users=$(get_users)
  for user in $users; do
    create_user $user
  done
}

configure_locale_postinstall() {
  local lang
  lang=$(get_profile .lang)
  lang=${lang:-C}
  lang=${lang%.*}.UTF-8
  if [[ -f /etc/locale.conf ]]; then
    if grep -q ^LANG= /etc/locale.conf; then
      sed -i -E "s/^LANG=.*/LANG=\"$lang\"/" /etc/locale.conf
    else
      echo "LANG=\"$lang\"" > /etc/locale.conf
    fi
  else
    echo "LANG=\"$lang\"" > /etc/locale.conf
  fi
  localectl set-locale $lang || true
}

apply_hostname_config() {
  local hostname
  hostname="$(get_profile .hostname)"
  echo "configuring hostname: $hostname"
  [[ $hostname ]] || return
  echo "$hostname" > /etc/hostname
  hostnamectl hostname $hostname
}

set_permissive() {
  rpm --quiet -q selinux-policy || return 0
  sed -i -E 's/^SELINUX=.*/SELINUX=permissive/' /etc/selinux/config
}

any_firstboot() {
  local software storage
  storage=$(get_profile .storage)
  software=$(get_profile .software)
  for segment in storage/$storage software/$software; do
    if [[ -f $installbase/$segment/firstboot ]]; then
      return
    fi
  done
  return 1
}

set_target_firstboot() {
  if ! any_firstboot; then
    systemctl enable anyboot.service || return
    set_target_anyboot
    return
  fi
  [[ -f /usr/share/systemux/tmux.conf ]] || return
  systemctl set-default firstboot.target
  set_permissive
  # sesearch -s init_t -t screen_exec_t -c file -A
  # sesearch -s init_t -t init_t -c file -A
  if selinuxenabled && [[ -f /usr/bin/tmux ]]; then
    # still needed?
    chcon -t bin_t /usr/bin/tmux
  fi
}

configure_keyboard_postinstall() {
  local keyboard
  keyboard=$(get_profile .keyboard)
  keyboard=${keyboard:-us}
  if [[ -f /etc/vconsole.conf ]]; then
    if grep -q ^KEYMAP= /etc/vconsole.conf; then
      sed -i -E "s/^KEYMAP=.*/KEYMAP=\"$keyboard\"/" /etc/vconsole.conf
    else
      echo "KEYMAP=\"$keyboard\"" > /etc/vconsole.conf
    fi
  else
    echo "KEYMAP=\"$keyboard\"" > /etc/vconsole.conf
  fi
  keyboard=${keyboard%.*}
  keyboard=${keyboard%_*}
  if localectl list-x11-keymap-layouts | grep -q "^$keyboard$"; then
    localectl set-x11-keymap "$keyboard" || true
  fi
}

do_postinstall() {
  run set_root_pw || return
  run create_users || return
  run configure_keyboard_postinstall || return
  run configure_locale_postinstall || return
  run set_timezone || return # setting tz in postinstall seems to have effect
  run set_rtc_utc || return
  run configure_sdboot || return
  run apply_hostname_config || return
  run set_target_firstboot || return
}

return 2> /dev/null || {
  export NO_COLOR=1
  do_postinstall
}
