#!/usr/bin/env bash

# Get absolute repository root (especially when symlinked)
ROOT="$(realpath "$(dirname "$(dirname "$(readlink -f "${BASH_SOURCE[0]}")")")")"

# Exit now if run as root user
assert-is-user

ROOT_DEV="$3" # Path to root block device
VOL_DEV="$2" # Path to volume block device
if [ -z "$ROOT_DEV" ] || [ -z "$VOL_DEV" ] || [ -n "$HELP" ] || [ "$1" = "-h" ] || [ "$1" = "--help" ]; then
  say "
  USAGE:
    $(g "${BASH_SOURCE##*/}")  $(c /dev/root-dev)  $(c /dev/srv-vol)

  DESCRIPTION:
    $(g "${BASH_SOURCE##*/}") creates partitions and installs components
    for a TechLit mirror on $(c /dev/root-dev) and $(c /dev/srv-vol).

    The hostname and role given ($(c hostname) and $(c client)) will be saved in the $(c /srv/secure)
    directory on the new USB (which should be used to initialize the system properly).
  "
  exit 1
fi

say "This script will need root access via $(c sudo)"
sudo echo thank you

# Always use default hostname
HOSTNAME="artix.techlitafrica.org"

# Mountpoint to use
PREFIX="${PREFIX:-"$(mktemp -d)"}"
TMP_PREFIX="${TMP_PREFIX:-"$(mktemp -d)"}"

say "Erasing devices"; {
  run sudo dd if="/dev/zero" of="$ROOT_DEV" status=progress bs=4M count=200
  run sudo dd if="/dev/zero" of="$VOL_DEV" status=progress bs=4M count=200
}

say "Partitioning devices"; {
  run sudo parted "$ROOT_DEV" -s mktable gpt || true
  run sudo parted "$ROOT_DEV" -s mkpart primary 0 10M || true
  run sudo parted "$ROOT_DEV" -s mkpart primary ext4 10M 100% || true
  run sudo parted "$ROOT_DEV" -s set 1 bios_grub on || true

  run sudo parted "$VOL_DEV" -s mktable gpt || true
  run sudo parted "$VOL_DEV" -s mkpart primary ext4 0 100% || true
}

say "Formatting filesystems"; {
  run sudo mkfs.ext4 "${ROOT_DEV}2"
  run sudo mkfs.ext4 "${VOL_DEV}1"
}

say "Mounting system (and un-mounting on errors or exit"; {
  cleanup() {
    say "Un-mounting system"
    if grep -q "$PREFIX" "/etc/mtab"; then
      run sudo umount -R "$PREFIX"
    fi
  }

  run sudo mount "${ROOT_DEV}2" "$PREFIX"
  run sudo rm -df "$PREFIX/lost+found"

  sudo mkdir -p "$PREFIX/srv"
  run sudo mount "${VOL_DEV}1" "$PREFIX/srv"
  run sudo rm -df "$PREFIX/srv/lost+found"
}

say "Initializing full mirror repo"
run sudo "$ROOT/bin/tl-repo-fetch" -abcX -d "$PREFIX/srv/techlit-artix"

say "Configuring secure storage"; {
  run sudo chmod 700 "$PREFIX/srv/secure"
  run sudo mkdir -p -m 700 "$PREFIX/srv/secure/ssh"
  run sudo touch "$PREFIX/srv/secure/bash_history"
  run sudo chown -R "$DEV_UID:$DEV_GID" "$PREFIX/srv"
}

say "Creating SSH identity"; {
  dir="$PREFIX/srv/secure/ssh"
  for algo in ecdsa ed25519 rsa; do
    key="$dir/ssh_host_${algo}_rsa"
    if [ -f "$key" ]; then
      say " >> Destroying existing keys: $(c "$key{,.pub}")"
      run sudo rm "$key"{,.pub}
    fi
    run sudo ssh-keygen -f "$key" -N "" -t "$algo" -C "admin@$HOSTNAME"
  done
  run sudo chown -R "$DEV_UID:$DEV_GID" "$PREFIX/srv"
}

say "Creating persistent system config"; {
  run write "$TMP_PREFIX/rc.conf" "
#
# Artix configuration
#
export HOSTNAME=\"$HOSTNAME\"
export TIMEZONE=\"$TIMEZONE\"
export TZ=\"\$TIMEZONE\"
export KEYMAP=\"$KEYMAP\"
export LOCALE=\"$LOCALE\"
export HARDWARECLOCK=\"UTC\"
export TTYS=4
export CGROUP_MODE=unified
export SEEDRING_SKIP_CREDIT=true

#
# TechLit configuration
#
export TL_ROLE=\"mirror\"
export TL_PORT=\"\"
export TL_SERVER=\"\"
export TL_IDENTITY=\"$(cat "$key.pub")\"
export TL_ACCESS=\"
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDvjPrKNZFEpMTcbcLdlESKSfG5DqT4inbxIhdLYb9CBm141y3L7UKMXgMaVirdRzU1YEebzSAyTfvuvsmIUumrM4olD4x+0cEj1Y5B8auCISprvP3auslVhqlITwLkhIu2HbraDLMS8HbYH+fYQyuYqQuKJQ8RtJrBkjOgUmnKuUSenFOZtpGIK6MmEkYbC9/mYxJz2gb+uKNRfF/YdGy1yb+r4fhxowXsP/AQTW5OCHyZPqaetTr220tCCbb/lxlbRETkOE0UF9X1Rtyp250YB1aY2kDIP7YNdJDI5eqK6ClXWUjO7wWu4ydQ+cIOVAy6Rh2GQkmML7hFbVcEZ1c52JdDgBayUp1R/o4mJ+TOAVgAaVYzzEad+j4GKrNreKr+wcaWJS3OE3y3krqp7mNaEW2/pk3Dv94gipBw7vbdoXxrI2vf4GZ/QeHaMtTRb8xEYZWgr0dS+m0R8ILQUoWt7C9WZO0yTK3ikK1ZoY5U40WNht2XFJrj0OpB7+Mut5U= tyler@macvoid
\"
"

  run sudo mv "$TMP_PREFIX/rc.conf" "$PREFIX/srv/secure/rc.conf"
}

say "Generating local fstab file"; {
  root_uuid=$(lsblk "${ROOT_DEV}2" -o UUID | tail -n1)
  vol_uuid=$(lsblk "${VOL_DEV}1" -o UUID | tail -n1)

  run write "$TMP_PREFIX/fstab" "
UUID=$root_uuid     /    ext4  defaults,errors=remount-ro        0 1
UUID=$vol_uuid     /srv ext4  defaults,errors=remount-ro        0 2
tmpfs              /tmp tmpfs rw,mode=1777,nosuid,nodev,noatime 0 0
"

  run sudo mv "$TMP_PREFIX/fstab" "$PREFIX/srv/secure/fstab"
}

say "Changing ownership"
run sudo chown -R "$DEV_UID:$DEV_GID" "$PREFIX/srv"

# Cleanup and quiet exit callback
cleanup; cleanup() { :; }

say "Done."
