#!/usr/bin/env bash
#
# Copyright (C) 2024  Jason Graham <jgraham@compukix.net>
#
# Version 1.0
#
# Performs a post-install bootstrap of system setup for Slackware 15.0
# 
# It configures a KVM virtual machine (VM) for ansible management. This script
# must be run before ansible can be used on the VM.
#
set -xuo pipefail

SLACKPKGPLUS_SHA256="b4e7bca6d4cdd426096fff548bf81d70147572e6a021f78110cb20235dba2a6f"

if (( $# == 0 )); then
    echo "Usage $(basename $0) ssh-pub [ssh-pub-2..]"
    exit 1
fi

# Install ssh keys
keys=( "$@" )
mkdir -p /root/.ssh
for (( i=0; i<${#keys[@]}; ++i ))
do
    k="${keys[$i]}"
    if ! grep "$k" /root/.ssh/authorized_keys &> /dev/null; then
        echo "$k" >> /root/.ssh/authorized_keys || exit 1
    fi
done
chmod 0600 /root/.ssh/authorized_keys || exit 1

# Set the slackpkg mirror
if [ ! -f /etc/slackpkg/mirrors.orig ]; then
    cp -a /etc/slackpkg/mirrors{,.orig} || exit 1
fi
echo 'http://slackware.compukix.net/mirrors/slackware/slackware64-15.0/' > \
    /etc/slackpkg/mirrors || exit 1

# Disable slackpkg DIALOG
sed -i 's/^DIALOG=.*/DIALOG=off/' /etc/slackpkg/slackpkg.conf && \
# Temorarily disable gpg check
sed -i 's/^CHECKGPG=.*/CHECKGPG=off/' /etc/slackpkg/slackpkg.conf || exit 1

# Install CA packages
slackpkg -batch=on -default_answer=y update
slackpkg -batch=on -default_answer=y install \
    ca-certificates-[0-9]\\+ \
    perl-[0-9]\\+ \
    openssl \
    glibc 
(( $? == 1 )) && exit 1

# Update SSL certificates
update-ca-certificates --fresh || exit 1

# Reenable gpg check
sed -i 's/^CHECKGPG=.*/CHECKGPG=on/' /etc/slackpkg/slackpkg.conf || exit 1

# Install slackpkgplus
if [ -f /etc/slackpkg/slackpkgplus.conf ]; then
    mv /etc/slackpkg/slackpkgplus.conf{,.orig} || exit 1
fi
wget -qc https://newcontinuum.dl.sourceforge.net/project/slackpkgplus/slackpkg%2B-1.8.0-noarch-7mt.txz &&
if [ "$SLACKPKGPLUS_SHA256" != "$(echo $(sha256sum slackpkg+-1.8.0-noarch-7mt.txz | cut -d\s -f1))" ]; then
    echo "slackpkg+ checksum is invalid" 1>&2
    exit 1
fi && 
upgradepkg --install-new --reinstall slackpkg+-1.8.0-noarch-7mt.txz || exit 1

# Configure slackpkgplus
cat >> /etc/slackpkg/slackpkgplus.conf<<EOF
WGETOPTS="--timeout=20 --tries=2 --passive-ftp --quiet"
PKGS_PRIORITY=( cx )
REPOPLUS=( slackpkgplus cx )
MIRRORPLUS['cx']=https://slackware.compukix.net/packages/cx/15.0/x86_64/
EOF

# Install ansible
slackpkg -batch=on -default_answer=y update 
slackpkg -batch=on -default_answer=y install \
    sudo-[0-9]\\+ \
    ansible-[0-9]\\+ \
    cryptography-[0-9]\\+  \
    python-Jinja2-[0-9]\\+  \
    python-MarkupSafe-[0-9]\\+  \
    python-PyYAML-[0-9]\\+  \
    python3-[0-9]\\+  \
    python3-asn1crypto-[0-9]\\+  \
    python3-flit_core-[0-9]\\+  \
    python3-installer-[0-9]\\+ \
    python3-pyasn1-[0-9]\\+ \
    python3-semantic-version-[0-9]\\+ \
    python3-setuptools-rust-[0-9]\\+ \
    python3-toml-[0-9]\\+  \
    python3-wheel-[0-9]\\+
(( $? == 1 )) && exit 1

# Configure ansible user
if ! getent group ansible &> /dev/null; then
    groupadd -g 994 ansible || exit 1
fi

if ! getent passwd ansible &> /dev/null; then
    useradd -u 994 -g 994 -m -d /var/lib/ansible -s /bin/false -c "Ansible User" ansible &&
    chpasswd <<< "ansible:$(openssl rand -base64 15)" && 
    chsh -s /bin/bash ansible || exit 1
fi

echo 'ansible ALL=(ALL) NOPASSWD: ALL' > /etc/sudoers.d/99_ansible &&
chmod 0440 /etc/sudoers.d/99_ansible &&

mkdir -p /var/lib/ansible/.ssh && 
chmod 0700 /var/lib/ansible/.ssh && 
touch /var/lib/ansible/.ssh/authorized_keys &&

for (( i=0; i<${#keys[@]}; ++i ))
do
    k="${keys[$i]}"
    if ! grep "$k" /var/lib/ansible/.ssh/authorized_keys &> /dev/null; then
        echo "$k" >> /var/lib/ansible/.ssh/authorized_keys || exit 1
    fi
done
chmod 0600 /var/lib/ansible/.ssh/authorized_keys &&
chown -R ansible:ansible /var/lib/ansible/.ssh || exit 1

# Install base packages
slackpkg -batch=on -default_answer=y install \
    openssh-[0-9]\\+ \
    vim-[0-9]\\+ \
    libsodium-[0-9]\\+ \
    mkinitrd-[0-9]\\+ \
    kernel-generic \
    qemu-guest-agent-[0-9]\\+
(( $? == 1 )) && exit 1

slackpkg -batch=on -default_answer=y remove kernel-huge kernel-source
(( $? == 1 )) && exit 1

# Upgrade all packages
if slackpkg -batch=on -default_answer=y upgrade-all; then
    yes "O" | slackpkg new-config 2> /dev/null
fi

# Enable services
chmod +x /etc/rc.d/rc.sshd
/etc/rc.d/rc.sshd start
chmod +x /etc/rc.d/rc.qemu-ga
/etc/rc.d/rc.qemu-ga start
if ! grep -w "/etc/rc.d/rc.qemu-ga start" /etc/rc.d/rc.local; then
    cat >> /etc/rc.d/rc.local<<EOF
#
# Start qemu-ga:
#
if [ -x /etc/rc.d/rc.qemu-ga ]; then
    /etc/rc.d/rc.qemu-ga start
fi
EOF
fi

# Generate initrd
geninitrd

# Configure lilo
sed -i 's/^timeout\s*=.*/timeout = 50/' /etc/lilo.conf && 
sed -i 's/\(\s*image\)\s*=.*/\1 = \/boot\/vmlinuz-generic/' /etc/lilo.conf && 
if ! grep 'initrd = ' /etc/lilo.conf 1> /dev/null; then
    sed -i '/\s*root\s*=.*/a \ \ initrd = \/boot\/initrd.gz' /etc/lilo.conf || exit 1
fi &&
lilo || exit 1