#!/usr/bin/env sh

# author:   Daniel Sommer <daniel.sommer@velvettear.de>
# license:  MIT

# variables 
swappiness="25"
tmpfs_size="1G"
repository_protocol="https"
repository_version="v3.18"

# execution
printf "|>> executing alpine install script...\n"

[[ "$INSTALL_USERNAME" ]] && printf "|> username set to '$INSTALL_USERNAME' via environment variable'...\n" && user="$INSTALL_USERNAME"
if [[ ! "$user" ]]; then
    read -p "|> enter your desired username: " user                                                                                                                                       
    [[ ! "$user" ]] && printf "|> error: no username entered\n" && exit 1                                                                                                  
fi

[[ "$INSTALL_PASSWORD" ]] && printf "|> password set to '$(printf "$INSTALL_PASSWORD\n" | sed "s/./\*/g")' via environment variable'...\n" && password="$INSTALL_PASSWORD"
if [[ ! "$password" ]]; then
    read -s -p "|> enter the password for '$user': " password && printf "\n"                                                                                                                 
    [[ ! "$password" ]] && printf "|> error: no password entered\n" && exit 1                                                                                              
    read -s -p "|> confirm the password: " password_confirmation && printf "\n"                                                                                       
    [[ "$password_confirmation" != "$password" ]] && printf "|> error: passwords do not match\n" && exit 1
fi

[[ "$repository_protocol" ]] && printf "|> setting protocol for all repositories to '"$repository_protocol"'\n" && sed -i "s/http:/$repository_protocol:/g" "/etc/apk/repositories"
[[ "$repository_version" ]] && printf "|> setting version for all repositories to '"$repository_version"'\n" && sed -i "s/\/v.*\//\/$repository_version\//g" "/etc/apk/repositories"

printf "|> updating packages...\n"
apk update --progress

printf "|> upgrading installed packages...\n"
apk upgrade --progress --no-cache

printf "|> installing base packages...\n"
apk add --force-refresh --no-cache --progress  \
    sudo \
    tzdata \
    zsh \
    htop \
    iotop \
    iftop \
    neovim \
    curl \
    wget \
    git \
    unzip \
    rsync \
    dropbear \
	openssh-client \
    rxvt-unicode-terminfo

read -p "|> enter additional packages to install: " packages
[[ "$packages" ]] && packages="$(printf "$packages" | tr '\n' ' ')" && apk add --force-refresh --no-cache --progress $packages

printf "|> setting timezone...\n"
setup-timezone -z "Europe/Berlin"

printf "|> changing shell from 'ash' to 'zsh'...\n"
sed -i "s/\/bin\/ash/\/bin\/zsh/g" "/etc/passwd"

printf "|> creating user '$user'...\n"
adduser -D -G users -s "/bin/zsh" "$user"

printf "|> setting password for user '$user'...\n"
echo -e "$password\n$password" | passwd "$user"

printf "|> adding user '$user' to group 'disk'...\n" && addgroup "$user" disk
printf "|> adding user '$user' to group 'lp'...\n" && addgroup "$user" lp
printf "|> adding user '$user' to group 'wheel'...\n" && addgroup "$user" wheel
printf "|> adding user '$user' to group 'floppy'...\n" && addgroup "$user" floppy
printf "|> adding user '$user' to group 'audio'...\n" && addgroup "$user" audio
printf "|> adding user '$user' to group 'cdrom'...\n" && addgroup "$user" cdrom
printf "|> adding user '$user' to group 'dialout'...\n" && addgroup "$user" dialout
printf "|> adding user '$user' to group 'tape'...\n" && addgroup "$user" tape
printf "|> adding user '$user' to group 'video'...\n" && addgroup "$user" video
printf "|> adding user '$user' to group 'netdev'...\n" && addgroup "$user" netdev
printf "|> adding user '$user' to group 'games'...\n" && addgroup "$user" games
printf "|> adding user '$user' to group 'cdrw'...\n" && addgroup "$user" cdrw
printf "|> adding user '$user' to group 'usb'...\n" && addgroup "$user" usb

printf "|> modifying sudoers...\n"
sed -i "s/# %wheel ALL=(ALL:ALL) ALL/%wheel ALL=(ALL:ALL) ALL/" "/etc/sudoers"

printf "|> disabling root login via ssh...\n"
sed -i "s/DROPBEAR_OPTS.*/DROPBEAR_OPTS=\"-w\"/" "/etc/conf.d/dropbear"

[[ -r "$HOME/.ssh/authorized_keys" ]] && printf "|> moving authorized ssh keys from '$USER' to '$user'...\n" && mkdir -p "/home/$user/.ssh" &> /dev/null && mv "$HOME/.ssh/authorized_keys" "/home/$user/.ssh/authorized_keys" && chown -R "$user":users "/home/$user/.ssh"

printf "|> creating dropbear keys...\n"
mkdir -p "/etc/dropbear" &> /dev/null
dropbearkey -t "rsa" -s "4096" -f "/etc/dropbear/dropbear_rsa_host_key"
dropbearkey -t "dss" -s "1024" -f "/etc/dropbear/dropbear_dss_host_key"
dropbearkey -t "ecdsa" -s "521" -f "/etc/dropbear/dropbear_ecdsa_host_key"

printf "|> enabling and starting dropbear...\n"
rc-update add "dropbear"
rc-service "dropbear" restart

[[ "$swappiness" ]] && printf "|> tuning swappiness...\n" && printf "vm.swappiness="$swappiness"" > "/etc/sysctl.d/99-swappiness.conf"

printf "|> cleaning '/etc/fstab'...\n"
rm -rf "/etc/fstab"
touch "/etc/fstab"

options="defaults,noatime"
[[ "$tmpfs_size" ]] && options="$options,size=$tmpfs_size"
printf "|> setting up '/var/cache' as tmpfs...\n" && rm -rf "/var/cache/*" &> /dev/null && printf "cache\t/var/cache\ttmpfs\t$options 0 0\n" >> "/etc/fstab"
printf "|> setting up '/var/log' as tmpfs...\n" && rm -rf "/var/log/*" &> /dev/null && printf "logs\t/var/log\ttmpfs\t$options 0 0\n" >> "/etc/fstab"
printf "|> setting up '/tmp' as tmpfs...\n" && rm -rf "/tmp/*" &> /dev/null && printf "tmp\t/tmp\ttmpfs\t$options,mode=1777 0 0\n" >> "/etc/fstab"
printf "|> setting up '/root/.cache' as tmpfs...\n" && rm -rf "/root/.cache/*" &> /dev/null && printf "root-cache\t/root/.cache\ttmpfs\t$options 0 0\n" >> "/etc/fstab"
printf "|> setting up '/home/$user/.cache' as tmpfs...\n" && rm -rf "/home/$user/.cache/*" &> /dev/null && printf "user-cache\t/home/$user/.cache\ttmpfs\t$options 0 0\n" >> "/etc/fstab"

printf "|> modifying '/etc/init.d/localmount'...\n"
sed -i 's/keyword -docker -jail -lxc -prefix -systemd-nspawn -vserver/keyword -docker -jail -prefix -systemd-nspawn -vserver/' "/etc/init.d/localmount"

printf "|> remounting '/etc/fstab' entries...\n"
mount -a

printf "|> customizing environment...\n"                                                                        
git clone -b "lxc-alpine" "https://git.velvettear.de/velvettear/etc.git" "/etc/velvettear"                             
chown -R "$user":users "/etc/velvettear"
ln -s "/etc/velvettear/shell/zshrc.sh" "/home/$user/.zshrc"
ln -s "/etc/velvettear/shell/zshrc_root.sh" "/root/.zshrc"
ln -s "/etc/velvettear/shell/zprofile" "/home/$user/.zprofile"
ln -s "/etc/velvettear/shell/zprofile" "/root/.zprofile"

printf "|> removing motd...\n"
rm -f "/etc/motd"

printf "|>> alpine install script finished!\n"
printf "|>> remote access: 'ssh $user@$(ip -f inet -o address | awk '/eth0/ {print $4}' | cut -d "/" -f1)'\n"

read -p "|> would you like to delete the install script? [YES/no] " prompt
[[ "$prompt" ]] && prompt="$(printf "$prompt" | tr "[:lower:]")"
[[ ! "$prompt" ]] || [[ "$prompt" == "y" ]] || [[ "prompt" == "yes" ]] && printf "|> deleting script '$0'...\n" && rm -f "$0"

read -p "|> would you like to reboot now? [YES/no] " prompt
[[ "$prompt" ]] && prompt="$(printf $prompt | tr "[:lower:]")"
[[ ! "$prompt" ]] || [[ "$prompt" == "y" ]] || [[ "$prompt" == "yes" ]] && printf "|> rebooting now!\n" && reboot