#!/bin/bash

SOURCE_DIR=$(realpath $(dirname "${0}"))

# Uninstall unnecessary packages
apt-get -y purge bsdmainutils dictionaries-common emacsen-common iamerican ibritish ienglish-common installation-report ispell laptop-detect nano os-prober pinentry-curses task-english tasksel tasksel-data wamerican

# Install useful packages
apt-get -y update
apt-get -y --no-install-recommends install bash-completion ca-certificates git ntp openssl sudo unzip vim


######
# OpenSSH and user settings
#####

# Install OpenSSH server
apt-get -y --no-install-recommends install openssh-server

# Copy profile files
cp ${SOURCE_DIR}/basic/root/.bashrc /root/.bashrc
cp ${SOURCE_DIR}/basic/root/.vimrc /root/.vimrc
cp ${SOURCE_DIR}/basic/root/.ssh/authorized_keys /root/.ssh/authorized_keys

# Remove default user
deluser --remove-all-files user 2>/dev/null


#####
# System boot
#####

# Rename encrypted partition
sed -i 's/sda2_crypt/system/' /etc/crypttab
dmsetup rename sda2_crypt system

# Suppress warnings during boot
cp ${SOURCE_DIR}/basic/usr/share/initramfs-tools/scripts/local-top/lvm2 /usr/share/initramfs-tools/scripts/local-top/lvm2
cp ${SOURCE_DIR}/basic/usr/share/initramfs-tools/scripts/local-top/cryptroot /usr/share/initramfs-tools/scripts/local-top/cryptroot

# Set GRUB options
cp ${SOURCE_DIR}/basic/etc/default/grub /etc/default/grub

# Set legal banner with URL + latin2 character set
cp ${SOURCE_DIR}/basic/etc/default/console-setup /etc/default/console-setup
cp ${SOURCE_DIR}/basic/etc/issue /etc/issue

# Forbid login on tty1, disable tty2-6
cp ${SOURCE_DIR}/basic/lib/systemd/system/getty@.service /lib/systemd/system/getty@.service
systemctl mask getty-static

# Update initramfs and GRUB
update-initramfs -u
update-grub


#####
# LXC
#####

# Install packages
apt-get -y --no-install-recommends install lxc debootstrap rsync dnsmasq-base xz-utils

# Configure LXC
cp ${SOURCE_DIR}/basic/etc/default/lxc-net /etc/default/lxc-net
cp ${SOURCE_DIR}/basic/etc/lxc/default.conf /etc/lxc/default.conf

# Restart services
systemctl start lxc-net lxc


#####
# Nginx + uWSGI
#####

# Install packages
apt-get -y --no-install-recommends install nginx-light uwsgi uwsgi-plugin-python

# Create a self-signed certificate
openssl req -x509 -new -out /etc/ssl/certs/services.pem -keyout /etc/ssl/private/services.key -nodes -days 3654 -subj "/C=CZ/CN=$(hostname -f)"
chmod 640 /etc/ssl/private/services.key

# Modify default nginx site
mkdir /etc/nginx/apps-available /etc/nginx/apps-enabled
mkdir /srv/portal
cp ${SOURCE_DIR}/basic/etc/nginx/sites-available/default /etc/nginx/sites-available/default
cp ${SOURCE_DIR}/basic/srv/portal/index.html /srv/portal/index.html
chown -R www-data:www-data /srv/portal

# Restart
systemctl restart nginx


#####
# PostgreSQL + PostGIS
#####

# Install packages
apt-get -y --no-install-recommends -y install postgresql-9.6 postgresql-9.6-postgis postgresql-contrib-9.6

# Configure
cp ${SOURCE_DIR}/basic/etc/postgresql/9.6/main/postgresql.conf /etc/postgresql/9.6/main/postgresql.conf
cp ${SOURCE_DIR}/basic/etc/postgresql/9.6/main/pg_hba.conf /etc/postgresql/9.6/main/pg_hba.conf

# Restart
systemctl restart postgresql