#!/bin/bash
set -e

function setup_vim {
	[[ -z $1 ]] && echo error: function $0 requires arg user && exit 1
	user=$1

	[[ $user = root ]] && homedir=/root && grp=wheel
	[[ ! $user = root ]] && homedir=/home/$user && grp=users

	if [[ -d $homedir/ ]]; then
		echo -n tuning $homedir/.vimrc ...
		[[ ! -f /home/$homedir/.vimrc ]] && cat > $homedir/.vimrc <<EOF && echo done || echo already
set mouse=
set paste
syn on

filetype plugin indent on
autocmd FileType yaml,yml,json,tf,hcl setlocal ts=2 sts=2 sw=2 expandtab
EOF
		chown $user:$grp $homedir/.vimrc

		[[ ! -f $homedir/.selected_editor ]] && cat > $homedir/.selected_editor <<EOF
SELECTED_EDITOR="/usr/bin/vim.nox"
EOF
		chown $user:$grp $homedir/.selected_editor

		changed=1
	else
		echo error: could not fine $homedir/ -- cannot setup .vimrc .selected_editor
	fi
}

[[ -z $1 ]] && echo " usage: ${0##*/} <timezone> [ansible_user]" && exit 1
timezone=$1 && echo timezone is $timezone
[[ -n $2 ]] && ansible_user=$2 && echo ansible_user is $ansible_user

# ansible.builtin.script:
#   chdir: /root

# just in case one runs the script outside ansible
[[ `pwd` != /root ]] && echo error: assuming current working directory /root/ && exit 1

[[ ! -x `which lsb_release` ]]  && echo error: lsb_release executable not found && exit 1
[[ ! -x `which systemctl` ]]    && echo error: systemctl executable not found && exit 1

# used for initial upgrade and for installing a few packages
export DEBIAN_FRONTEND=noninteractive
export LANG=en_US.UTF-8
export LANGUAGE=en_US:en
export LC_ALL=en_US.UTF-8

# no need for graphical startup on a server
echo -n disable X11 at boot-time ...
[[ `systemctl get-default` != multi-user.target ]] && systemctl set-default multi-user && echo done || echo already

distro=`lsb_release -is 2>/dev/null`

if [[ $distro = Ubuntu ]]; then
	echo -n remove ubuntu-advantage-tools package ...
	[[ -n `dpkg -l | grep advantage` ]] && \
		apt-get -q -y purge ubuntu-advantage-tools >/dev/null 2>&1 && echo done || echo already
	rm -rf /etc/ubuntu-advantage/
	rm -rf /var/lib/ubuntu-advantage/
	rm -rf /var/lib/update-manager/
fi

echo -n setting up time zone ...
timedatectl set-timezone $timezone && echo done

if [[ -n `pgrep ntp` ]]; then
	echo stop and disable ntp
	systemctl stop ntp
	systemctl disable ntp
	echo done

	changed=1
fi

echo -n available clocks:\ 
cat /sys/devices/system/clocksource/clocksource0/available_clocksource

echo -n current clock:\ 
cat /sys/devices/system/clocksource/clocksource0/current_clocksource # tsc

echo -n enable kvm-clock ...
echo kvm-clock > /sys/devices/system/clocksource/clocksource0/current_clocksource && echo done

echo -n check:\ 
cat /sys/devices/system/clocksource/clocksource0/current_clocksource # kvm-clock

if [[ ! -f /etc/default/grub.dist ]]; then
	mv -f /etc/default/grub /etc/default/grub.dist
	grep -vE '^$|^#' /etc/default/grub.dist > /etc/default/grub.clean

	echo -n tune grub ...
	sed -r '
		s/^GRUB_TIMEOUT=.*/GRUB_TIMEOUT=3/;
		s/^GRUB_CMDLINE_LINUX=.*/GRUB_CMDLINE_LINUX="notsc clocksource=kvm-clock"/;
		' /etc/default/grub.clean > /etc/default/grub && echo done

	# note images already have GRUB_CMDLINE_LINUX_DEFAULT="net.ifnames=0 biosdevname=0 console=ttyS0"

	echo GRUB_DISABLE_OS_PROBER=true >> /etc/default/grub

	[[ -f /etc/grub.d/30_os-prober ]] && rm -f /etc/grub.d/30_os-prober

	update-grub2

	changed=1
fi

echo -n setup wheel group ...
if [[ -n `grep ^wheel: /etc/group` ]]; then
	echo already
else
	# 10 already taken by uucp
	groupadd -g 14 wheel && echo done || echo FAIL
	usermod -aG wheel root
	[[ -n $ansible_user ]] && usermod -aG wheel $ansible_user
fi

echo -n setup sudoers ...
if [[ -f /etc/sudoers && -f /etc/sudoers.dist ]]; then
	echo already
elif [[ -f /etc/sudoers && ! -f /etc/sudoers.dist ]]; then
	mv -i /etc/sudoers /etc/sudoers.dist
	grep -vE '^#|^$' /etc/sudoers.dist > /etc/sudoers.clean
	grep -vE '^#|^$' /etc/sudoers.dist > /etc/sudoers
	cat >> /etc/sudoers <<EOF && echo done

$wheel ALL= (ALL) NOPASSWD: ALL

EOF
elif [[ ! -f /etc/sudoers ]]; then
	echo does not seem to be installed
fi

echo -n setup repositories for $distro ...
if [[ $distro = Debian ]]; then
	if [[ -f /etc/apt/sources.list.dist ]]; then
		echo already
	else
		mv -f /etc/apt/sources.list /etc/apt/sources.list.dist
		rm -f /etc/apt/sources.list~
		grep -vE '^$|^#' /etc/apt/sources.list.dist | grep -v ^deb-src > /etc/apt/sources.list.clean
		sed -r 's/ main$/ main contrib non-free non-free-firmware/' /etc/apt/sources.list.clean > /etc/apt/sources.list && echo done
	fi

	changed=1
elif [[ $distro = Ubuntu ]]; then
	echo warning: sources.list setup TBD for system type: $distro
else
	echo warning: unknown system type: $distro
fi

echo -n update package cache \(/var/tmp/few_packages_cache.log\) ...
apt-get -q -y update > /var/tmp/few_packages_cache.log 2>&1 && echo done || echo FAIL

# this takes a while to unfold - skip that during deployment for now
#if [[ ! -f /var/tmp/initial_upgrade.log ]]; then
#	echo upgrading the system - see /var/tmp/initial_upgrade.log
#	apt-get -q -y dist-upgrade >> /var/tmp/initial_upgrade.log
#	apt-get -q -y autoremove --purge >> /var/tmp/initial_upgrade.log
#	echo done
#fi

echo -n install a few packages \(/var/tmp/few_packages_install.log\) ...
apt-get -q -y install \
	bash-completion \
	bind9-dnsutils \
	colordiff \
	curl \
	gnupg1 \
	ifupdown \
	inetutils-syslogd \
	jq \
	lsb-release \
	man-db \
	manpages \
	mlocate \
	net-tools \
	vim-nox \
	wget > /var/tmp/few_packages_install.log 2>&1 && echo done || echo FAIL

if [[ ! -f /etc/bash.bashrc.dist ]]; then
	cp -i /etc/bash.bashrc /etc/bash.bashrc.dist

	echo -n tuning bash ...
	# WARNING ESCAPES ARE IN HERE: \$
	cat >> /etc/bash.bashrc <<EOF && echo done

export DEBIAN_FRONTEND=noninteractive
export LANG=en_US.UTF-8
export LANGUAGE=en_US:en
export LC_ALL=en_US.UTF-8
export MAKEFLAGS=-j\$((`grep ^processor /proc/cpuinfo | tail -1 | awk '{print $NF}'` + 1))

case "\$-" in *i*)
	source /usr/share/bash-completion/bash_completion
	alias ll='ls --color=auto -alh'
	alias ls='ls --color=auto'
	alias diff='colordiff'
	alias cp='cp -i'
	alias mv='mv -i'
	alias rm='rm -i'
	w
	;;
esac

EOF
	changed=1
fi

echo -n vim-nox as default vi ...
update-alternatives --set vi /usr/bin/vim.nox && echo done || echo FAIL

echo -n vim-nox as default editor ...
update-alternatives --set editor /usr/bin/vim.nox && echo done || echo FAIL

setup_vim root

# we take advantage of connecting username - if there is any (we are sometimes root already)
if [[ -n $ansible_user ]]; then
	setup_vim $adminuser
fi

echo -n override /root/log helper ...
if [[ -f /root/log ]]; then
	echo already
else
	cat > /root/log <<EOF && echo done || echo FAIL
tail -n0 -F /var/log/* /var/log/*/*
EOF
	chmod +x /root/log
	changed=1
fi

# assuming w/o oslogin
echo -n cleaning-up sshd_config ...
if [[ -f /etc/ssh/sshd_config.dist ]]; then
	echo already
else
	mv -i /etc/ssh/sshd_config /etc/ssh/sshd_config.dist
	grep -vE '^#|^$' /etc/ssh/sshd_config.dist > /etc/ssh/sshd_config.clean
	grep -vE '^#|^$' /etc/ssh/sshd_config.dist > /etc/ssh/sshd_config && echo done

	changed=1
fi

# ok=1 changed=0
[[ -z $changed ]] && echo ok - almost nothing changed && exit 0

# ok=1 changed=1
echo changed - all done