#!/usr/bin/env bash

# $1: CPU Vendor (AMD/Intel)
# $2: Device that is mounted at "$ESP_PATH"


################################################################################
ROOT_CRONTAB="# remove cache every 2 hours and update local db
0 */2 * * * paccache -r > /dev/null 2>&1
0 */2 * * * pacman -Sc > /dev/null 2>&1
0 * * * * pacman --sync --refresh > /dev/null 2>&1
0 * * * * pacman --files --refresh > /dev/null 2>&1

# update the on-disk database every 6 hours
0 */6 * * * updatedb > /dev/null 2>&1

# zfs scrub
0 12 1,15 * * /usr/bin/zpool scrub > /dev/null 2>&1
"
################################################################################

tput -x clear

################################################################################
# BASIC CHROOT SETUP
################################################################################

# exit early if mirrorlist does not exist
if [[ ! -f "/etc/pacman.d/mirrorlist" ]]; then
    echo "A mirrorlist does not exist :("
    exit 1
fi

# exit early if $1 is an unknown vendor
if [[ "$1" == "nanyabusiness" ]]; then
    echo "CPU Vendor is not AMD nor Intel. This will interfere with generating \"\$ESP_PATH\"/loader/entries/arch.conf"
    exit 1
fi

# set timezone
ln -sf /usr/share/zoneinfo/Asia/Kolkata /etc/localtime
hwclock --systohc

# generate locale
echo "en_IN UTF-8" > /etc/locale.gen
locale-gen

# set the machine hostname
echo "flameboi" > /etc/hostname

# create a new initramfs just to be safe
mkinitcpio -P
echo "initramfs successfully created"


################################################################################
# BASIC CHROOT SETUP
################################################################################

# pacman config
sed -i "s/#ParallelDownloads = 5/ParallelDownloads = 6/" /etc/pacman.conf || echo "ParallelDownloads = 6" | tee -a /etc/pacman.conf
sed -i "s/#Color/Color/" /etc/pacman.conf

# update pacman db
pacman --sync --refresh --refresh --sysupgrade


################################################################################
# USER SETUP
################################################################################

# setup the user pratham
useradd -m -G adm,ftp,games,http,kvm,libvirt,log,rfkill,sys,systemd-journal,uucp,wheel -s /bin/zsh pratham
usermod --password $(echo pratham | openssl passwd -1 -stdin) pratham

# don't expire the password, for now
# https://github.com/sddm/sddm/issues/716
#passwd -e pratham

# setup the root user
usermod --password $(echo root | openssl passwd -1 -stdin) root

# setup root user's cron jobs
echo "${ROOT_CRONTAB}" | crontab -

# copy dotfiles
sudo -u pratham /chroot-scripts/doas-pratham.sh
#cp -vr /home/pratham/my-git-repos/dotfiles/_OTHER/flameboi/* /
#rm -rf /home/pratham/my-git-repos


################################################################################
# SSH SETUP
################################################################################

sed -i 's/#PasswordAuthentication yes/PasswordAuthentication no/g' /etc/ssh/sshd_config
sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin no/g' /etc/ssh/sshd_config
sed -i 's/#PermitEmptyPasswords no/PermitEmptyPasswords no/g' /etc/ssh/sshd_config
sed -i 's/#ClientAliveInterval 0/ClientAliveInterval 300/g' /etc/ssh/sshd_config
sed -i 's/#ClientAliveCountMax 3/ClientAliveCountMax 2/g' /etc/ssh/sshd_config
sed -i 's/#X11Forwarding no/X11Forwarding no/g' /etc/ssh/sshd_config


################################################################################
# LIBVIRT/KVM/QEMU SETUP
################################################################################

sed -i 's/FirewallBackend=nftables/FirewallBackend=iptables/g' /etc/firewalld/firewalld.conf
sed -i 's@#uri_default = "qemu:///system"@uri_default = "qemu:///system"@g' /etc/libvirt/libvirt.conf
sed -i 's/#user = "libvirt-qemu"/user = "pratham"/g' /etc/libvirt/qemu.conf
sed -i 's/#group = "libvirt-qemu"/group = "pratham"/g' /etc/libvirt/qemu.conf


################################################################################
# LOCATEDB SETUP
################################################################################

sed -i 's@PRUNEPATHS = "@&/heathen_disk/personal/media/camera_roll @g' /etc/updatedb.conf


################################################################################
# NVIDIA SETUP
################################################################################

systemctl unmask nvidia-suspend nvidia-hibernate nvidia-resume
systemctl enable nvidia-suspend nvidia-hibernate nvidia-resume

mkdir -p /etc/pacman.d/hooks
cp /chroot-scripts/nvidia.hook /etc/pacman.d/hooks/nvidia.hook


################################################################################
# BOOT MANAGER
################################################################################

ESP_PATH="/boot"

# install a boot manager
bootctl --esp-path="$ESP_PATH" --path="$ESP_PATH" install

# configure systemd-boot
mkdir -p "$ESP_PATH"/loader/entries

cat <<EOF > "$ESP_PATH"/loader/loader.conf
default          arch-04-lts.conf
timeout          10
console-mode     auto
editor           no
auto-firmware    no
EOF

cat <<EOF > "$ESP_PATH"/loader/entries/arch-04-lts.conf
title   Arch Linux LTS kernel
linux   /vmlinuz-linux-lts
initrd  /$1-ucode.img
initrd  /initramfs-linux-lts.img
options root=UUID=$(blkid $2 -s UUID -o value) rw mem_sleep_default=deep ignore_loglevel audit=0 nvidia_drm.modeset=1
EOF

cat <<EOF > "$ESP_PATH"/loader/entries/arch-03-non-lts.conf
title   Arch Linux latest kernel
linux   /vmlinuz-linux
initrd  /$1-ucode.img
initrd  /initramfs-linux.img
options root=UUID=$(blkid $2 -s UUID -o value) rw mem_sleep_default=deep ignore_loglevel audit=0 nvidia_drm.modeset=1
EOF

# option "ignore_loglevel" displays all kernel messages, very useful in fallback
cat <<EOF > "$ESP_PATH"/loader/entries/arch-02-lts-fallback.conf
title   Arch Linux LTS kernel (FALLBACK)
linux   /vmlinuz-linux-lts
initrd  /$1-ucode.img
initrd  /initramfs-linux-lts-fallback.img
options root=UUID=$(blkid $2 -s UUID -o value) rw ignore_loglevel audit=0
EOF

cat <<EOF > "$ESP_PATH"/loader/entries/arch-01-non-lts-fallback.conf
title   Arch Linux latest kernel (FALLBACK)
linux   /vmlinuz-linux
initrd  /$1-ucode.img
initrd  /initramfs-linux-fallback.img
options root=UUID=$(blkid $2 -s UUID -o value) rw ignore_loglevel audit=0
EOF

# enable services
systemctl enable firewalld.service
systemctl enable systemd-timesyncd.service
systemctl enable systemd-boot-update.service
systemctl enable sddm.service
systemctl enable libvirtd.service
systemctl enable NetworkManager.service
systemctl enable sshd.service
# custom services
systemctl enable hdd-standby-on-boot.service
systemctl enable hdd-standby-on-resume.service
systemctl enable import-flameboi-st.service
systemctl enable import-heathen-disk.service
systemctl enable virt-pool-online.service

# enable bspwm hook
cp /chroot-scripts/bspwm.hook /etc/pacman.d/hooks/bspwm.hook

# update bootloader
bootctl update

# check bootloader config
bootctl list
read wait_until_input