#!/bin/sh
set -e
echo '=========== PROVISION ==========='
if [ "$(id -u)" -ne "0" ] ; then
    echo "This script must be executed with root privileges."
    exit 1
fi
if [ 'archiso' = $(hostnamectl hostname) ] ; then
	if [ '64' != $(cat /sys/firmware/efi/fw_platform_size) ] ; then
    	echo 'Not booted in 64 bit UEFI mode'
    	exit 1
	fi
	if [ ! -d /mnt/boot/ ] ; then
    	echo 'Make sure everything is formatted and mounted first'
    	lsblk
    	echo 'mkfs.ext4 /dev/sda3'
		echo 'mkswap /dev/sda2'
		echo 'mkfs.fat -F 32 /dev/sda1'
		echo 'mount /dev/sda3 /mnt'
		echo 'mount --mkdir /dev/sda1 /mnt/boot'
		echo 'swapon /dev/sda2'
    	exit 1
	fi
	echo 'Downloading cert'
	curl --silent provisioning.nusscraft.de/nas.crt --output /tmp/cert.cert
	echo 'Installing cert'
	trust anchor /tmp/cert.cert
	echo 'Setting mirror'
	echo 'Server = https://pkg.nusscraft.de/repo/archlinux/$repo/os/$arch' > /etc/pacman.d/mirrorlist
	echo 'Updating keyring'
	pacman -Sy --noconfirm archlinux-keyring
	echo 'Installing base system'
	pacstrap -K /mnt base linux-lts linux-firmware mkinitcpio python openssh ufw
	echo 'Generating fstab'
	genfstab -U /mnt > /mnt/etc/fstab
	echo 'Setting time zone'
	ln -sf /usr/share/zoneinfo/Europe/Berlin /mnt/etc/localtime
	echo 'Enabeling services'
	ln -sf /usr/lib/systemd/system/sshd.service /mnt/etc/systemd/system/multi-user.target.wants/sshd.service
	ln -sf /usr/lib/systemd/system/systemd-networkd.service /mnt/etc/systemd/system/multi-user.target.wants/systemd-networkd.service
	ln -sf /usr/lib/systemd/system/systemd-resolved.service /mnt/etc/systemd/system/dbus-org.freedesktop.resolve1.service
	ln -sf /usr/lib/systemd/system/systemd-resolved.service /mnt/etc/systemd/system/sysinit.target.wants/systemd-resolved.service
	ln -sf /usr/lib/systemd/system/systemd-resolved-varlink.socket /mnt/etc/systemd/system/sockets.target.wants/systemd-resolved-varlink.socket
	ln -sf /usr/lib/systemd/system/systemd-resolved-monitor.socket /mnt/etc/systemd/system/sockets.target.wants/systemd-resolved-monitor.socket
	echo 'Enabeling networkd on all interfaces'
	ln -sf /usr/lib/systemd/network/89-ethernet.network.example /mnt/etc/systemd/network/tmp-ethernet.network
	echo 'Preparing booloader config'
	mkdir -p /mnt/boot/loader/
	echo 'default @saved
timeout 5' > /mnt/boot/loader.conf
	echo 'Preparing arch boot entry'
	mkdir -p /mnt/boot/loader/entries
	echo 'title   Arch Linux
linux   /vmlinuz-linux-lts
initrd  /initramfs-linux-lts.img
options root=UUID='$(findmnt /mnt --output UUID --noheadings --first-only)' rw' > /mnt/boot/loader/entries/arch.conf
	echo 'Installing booloader'
	arch-chroot /mnt bootctl install
	echo 'Creating user nuss'
	useradd --create-home --user-group --root /mnt nuss
	echo 'Downloading ssh key'
	curl --silent 'https://provisioning.nusscraft.de/ssh.pub' --output /tmp/ssh.key
	echo 'Installing ssh key for root'
	mkdir -p /mnt/root/.ssh/
	cp /tmp/ssh.key /mnt/root/.ssh/authorized_keys
	echo 'Installing ssh key for nuss'
	mkdir -p /mnt/home/nuss/.ssh/
	cp /tmp/ssh.key /mnt/home/nuss/.ssh/authorized_keys
	chown --recursive 1000:1000 /mnt/home/nuss/.ssh
	echo 'Left to do:'
	echo 'arch-chroot /mnt'
	echo 'Check /etc/fstab!'
	echo 'passwd root'
	echo 'passwd nuss'
else
	echo 'Installing required packages'
	pacman -S --needed --noconfirm curl python
	echo 'Installing public key'
	mkdir -p ~/.ssh
	curl --silent 'https://provisioning.nusscraft.de/ssh.pub' --output ~/.ssh/authorized_keys
	echo 'Starting SSH tunnel on port 2222'
	ssh -N -R 0.0.0.0:2222:localhost:22 nuss@nusscraft.de -p 9940 -o 'StrictHostKeyChecking=accept-new'
	echo 'Tunnel closed'
fi