#!/bin/bash

#if [[ "$(hostname -f)" =~ \.crute\.me$ ]]; then
#    echo "This host appears to already be bootstrapped"
#    exit 1
#fi

if [ ! -f "/etc/default/bootstrap" ]; then
	cat > /etc/default/bootstrap <<EOF
UNCONFIGURED="true"
VM_HOST="false"
SHORT_HOSTNAME=""
AWS_ACCESS_KEY_ID=""
AWS_SECRET_ACCESS_KEY=""
REGION=""
ROLE=""
EOF
	echo "Edit /etc/default/bootstrap and try again"
	exit 1
else
	source /etc/default/bootstrap
	if [ "$UNCONFIGURED" == "true" ]; then
		echo "Edit /etc/default/boootstrap and try again"
		exit 1
	fi

    if [ ! -z "$AWS_ACCESS_KEY_ID" ]; then
        export AWS_ACCESS_KEY_ID
    fi
    if [ ! -z "$AWS_SECRET_ACCESS_KEY" ]; then
        export AWS_SECRET_ACCESS_KEY
    fi
fi

# Figure out the region if AWS or internal
if [ -z "$REGION" ]; then
    export REGION=$(curl -s http://169.254.169.254/latest/dynamic/instance-identity/document | python3 -c "import json, sys; print(json.load(sys.stdin)['region'])")
fi

export DEBIAN_FRONTEND=noninteractive

# Configure APT to use the local cache if there is one
if [ "$REGION" = "sea1" ]; then
    echo 'Acquire::http::Proxy "http://genesis.sea1.crute.me:3142";' >> /etc/apt/apt.conf
fi

# Get all the latest updates and remove junk
apt-get update && apt-get dist-upgrade -y && apt-get autoremove --purge -y

# Set hostname and network settings
export HOSTNAME="${SHORT_HOSTNAME}.${REGION}.crute.me"

if [[ "$(hostname -f)" != "$HOSTNAME" ]]; then
    echo $SHORT_HOSTNAME > /etc/hostname
    hostnamectl set-hostname $SHORT_HOSTNAME
    systemctl restart systemd-logind.service
fi

# Setup /etc/hosts
if ! grep "$HOSTNAME" /etc/hosts 2>&1 > /dev/null; then
    sed -i "s/127.0.0.1 localhost/127.0.0.1 localhost\n127.0.1.1 ${HOSTNAME} ${SHORT_HOSTNAME}/" /etc/hosts
fi

# Setup /etc/resolv.conf
if ! grep "search ${REGION}.crute.me" /etc/resolv.conf 2>&1 > /dev/null; then
    sed -i "s/search .*/search ${REGION}.crute.me/" /etc/resolv.conf
fi

# Install standard packages
apt-get install -y \
    ssmtp \
    iptables-persistent \
    vim \
    htop \
    curl

# If this is a KVM host setup KVM and bridge
if [[ "$VM_HOST" == "true" ]]; then
    apt-get install -y --no-install-recommends \
        qemu-kvm \
        libvirt-bin \
        virtinst \
        bridge-utils \
        libosinfo-bin \
        genisoimage \
        qemu-utils \
        unzip

    MAIN_INTF=$(ip link | awk '/^2:/ { split($2, a, ":"); print a[1]; }')
    sed -i -e "s/\(.*$MAIN_INTF.*\)/#\1/" /etc/network/interfaces

    if ! grep 'auto br0' /etc/network/interfaces 2>&1>/dev/null; then
    cat >> /etc/network/interfaces <<EOF

auto br0
iface br0 inet dhcp 
    bridge_ports $MAIN_INTF
    bridge_stp off
    bridge_fd 0
    bridge_maxwait 0
EOF
fi
fi

# Setup Automatic Updates
sed -i 's/APT::Periodic::Download-Upgradeable-Packages "0";/APT::Periodic::Download-Upgradeable-Packages "1";/' /etc/apt/apt.conf.d/10periodic
sed -i 's/APT::Periodic::AutocleanInterval "0";/APT::Periodic::AutocleanInterval "7";/' /etc/apt/apt.conf.d/10periodic 
echo 'APT::Periodic::Unattended-Upgrade "1";' >> /etc/apt/apt.conf.d/10periodic
sed -i 's#//Unattended-Upgrade::Mail "root";#Unattended-Upgrade::Mail "mike@crute.us";#' /etc/apt/apt.conf.d/50unattended-upgrades
echo -e '\nUnattended-Upgrade::Sender "updates-no-reply@crute.me";' >> /etc/apt/apt.conf.d/50unattended-upgrades
sed -i 's#//Unattended-Upgrade::MailOnlyOnError "true";#Unattended-Upgrade::MailOnlyOnError "false";#' /etc/apt/apt.conf.d/50unattended-upgrades

# Setup mcrute user
if ! id mcrute 2>&1>/dev/null; then
    useradd -p '$6$qOlvVfUc$Ij86v15mQnvoPSv1KCStgEBCLvrbLLp6hszvvs857yTGfJ.tu4Qm1u1GONeJayfNAVEOF1CV9mClTlnuiR5KU.' -m -s /bin/bash -G sudo mcrute
    mkdir ~mcrute/.ssh
    cat > ~mcrute/.ssh/authorized_keys <<EOF
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC/XsFRMvZVDrWEz3/Ssvh+yeTEhlEVRXSJIaOmMzoDAm+XZ17dOwjpj25MqGmYt/60n5rKRBj5GyoaURrPi/s4ml+VLeVY0OsR22Vv5zSB4fY5SZtPhHqti5sNA07SvbFI905BUF6kn6G6SVlQMruXqdi9ALJkxiCaz1gR7+cwk9CoFXtQRtlo6l99Y2TWfvt/BwUiZWbFmESIOXHmkpaFOuptnqpprDz0mLzmebQyscu6vqpDsu/dOC/VAmECyJZxAgMR2KX9B3ytCvIA7DMqNKFJSaRGhkX0Dh6giitxz711CcoGw0Qt0wA4koe3VH0Ozf9zYFY7UpxohpljzAJx mcrute@yubikey
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCT/+YbYVS1eJ+ah6BjVA1gU31kKZGhlmqXfi9CBeJNmgO9DC9q9zOZkkT4ULSe0w3xKMIOxPzLAkarA/ErmqaEcc4PMPb3BxX2l1VktqE9GLpjmGX9TFvqsXr4D5axYiaQveuNkaJDZS4O7Wl68zb9WAuCqrYgK7hm5SBkcRkGsbWbDMo6VH7u4vzUQuc7Cch4BI6Tpbv3B98sCpVXVNdz/pb/p0j21S4qpV2MELCtSBAGEVPBfnGa7tSmDfenIr0KfGiYIeX0KC5ZJSKrqqzJqF8BYmp2ooWwWivFYtk08hfDxiJ23AsiLLMuA2WJ11X5TJJYg4z4b51UMJ8SRXgR mcrute@yubikey2
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCiNw8DoEsevMj7UhtcAqaCmO9h+baMkbiE3KJsi5iZWVAlqRZIgYisBGfmOdrkt0N3yKG9Gqg/DEEw4PWWul+k/O+zkWd/jVvaqVNyQnoNOdPAa3oGr39agMd30bOrYtHP3Lzaajn3cwaT7E+F05lw0+IIXV1TwSa0GzxqAYq+2raSXQsQWkzVFsU+DuxgBE9F2ieqOw6rvxdT/cVjnBZD/zmj6WnwM7qgylPvt9AOtsvq6MYoMOwOK41ilG8M2Cay/NXAr+o1g2y+cBt4s5YVzkxQ6Lub9Gusj0QgolQ5wJj7W+GqfzY5kndDOIuaiLDk3mI9/kAB8Ws0PYOhXTP/ mcrute@Michaels-MacBook-Pro.local
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCoJRoSmMAqsQYYcQLYpSUngcVNtBrYxmM45hN974LoStoDXzW+qw0hOIqTU2GH93XmTC1HSIgMWTen9zNWuIaqADdt5obVmBPrOdpkwaPJ1zayykA5MHN8+8lYVkZ86b7hjy0NwnhlrkAyPQ9C30nQDlzw/AqOYiURwCK/20+slgvCpd5LYwBZndbwILg5EoEqpEksUxjzgRQzM6t1q0vzzige4jyE5jNKgsFJ2fajZq7yShweLuz2D4vHClwlgN9dY3oF25C8EWjwT8sfC2AK1Qlc/vYCwq6NoxOSiifPlo8Wiltr7WAqIQSUwzzXdpBm3F8lV0aYPLxKJRWq0ntOJg/z73oRE+cRUvzyqWn96OzKMIQWwDcRlKxemiv/i57Sm+cYg1wxjKJfWjrUOchBWfOIspk7kmaJsuhN26WNkNWbWYl5/pY7yPiZhqm2Th9vgOH4Rk0HTy25zZyT7EZoljyYpRLtrBVOWpXK7LN33v2Qdm2m2ctWfQytsj5s8Y6uPOR9uwVahnCou8M6YQhz5n6bsIfLhLDBpUvQL+9ONM9FsFMFk9RuhbsA3jbxeeuwqPkMmY27it5hbkVGpKd0M9Zv+JSvKtA2/agl/6zVhm+/TplHNBhj3B2uGe/3LakdxeVP3cyde8QcfyAQMRr+CE7NSFzETYj6Yvg3z24FuQ== mcrute@iphone6
EOF
    chmod 644 ~mcrute/.ssh/authorized_keys
    chown -R mcrute:mcrute ~mcrute/.ssh
    chmod 700 ~mcrute/.ssh
fi

# Setup SSMTP
curl -sO https://code.crute.me/mcrute/dotfiles/plain/bin/configure_ssmtp.sh
chmod +x configure_ssmtp.sh
./configure_ssmtp.sh
rm configure_ssmtp.sh

# Clean out default user
rm /etc/sudoers.d/90-cloud-init-users
userdel -rf ubuntu

# Reboot to apply updates
echo "Reboot in 10 seconds"
sleep 10
shutdown -r now