#!/bin/bash
# script for installing a Debian Edu Workstation with ITZkS modifications

set -e

# Add user locadm if not already there
if [ -z $"(getent passwd locadm)" ]; then
	adduser --gecos "Local Administrator" locadm
	adduser locadm sudo
fi

# Enlarge root-fs

if [ -e /dev/vg_system/usr ]; then
	lvextend -L 18G /dev/vg_system/usr
	resize2fs /dev/vg_system/usr
else
	lvextend -L 22G /dev/vg_system/root
	resize2fs /dev/vg_system/root
fi

# Retrieve LDAP CA certificate
invoke-rc.d fetch-ldap-cert start

# Add itzks.list and its contents if file not already there
if [ ! -e "/etc/apt/sources.list.d/itzks.list" ]; then
	touch /etc/apt/sources.list.d/itzks.list
	echo "deb http://packages.it-zukunft-schule.de/debian stretch main contrib non-free" >> /etc/apt/sources.list.d/itzks.list
	echo "deb http://packages.it-zukunft-schule.de/debian stretch-backports main contrib non-free" >> /etc/apt/sources.list.d/itzks.list
fi

# Export proxy-settings for first install
export https_proxy=http://webcache:3128
export http_proxy=http://webcache:3128
export ftp_proxy=http://webcache:3128

# Get update and add itzks-keyring and itzks-systems-common package
apt-get update
apt-get install itzks-keyring  && apt-get update && apt-get install itzks-systems-common && apt-get update

# Install the itzks-systems-workstation package
apt-get install --yes --force-yes ocsinventory-agent
itzks-systems.do_preseed
apt-get install itzks-systems-workstation

# Install wireless-tools for configuration of WiFi
apt-get install wireless-tools uuid-runtime

# Install libpacparser1
apt-get install libpacparser1

# Alternate install libdvdcss2 if needed
read -p "Verfügt der Rechner über ein DVD-Laufwerk bzw. sollen DVDs abgespielt werden könnne? (j/n)? " answer
case ${answer:0:1} in
	y|Y|j|J )
		apt install libdvdcss2
	;;
	*)
		:
	;;
esac

####################

# FIXME: this should be scripted; manage with puppet instead
#read -p '''!   Änderung in Network-Interfaces
#Ändere die bestehenden Einträge für eth0 auf
#
#   #NetworkManager iface eth0 inet dhcp
#
#Starte nun den Editor mit [Enter]
#'''
#editor /etc/network/interfaces

# Alternate: scripted edit to /etc/network/interfaces when script is run
sed -i 's/auto eth0//' /etc/network/interfaces
sed -i 's/iface eth0 inet dhcp/#NetworkManager iface eth0 inet dhcp/' /etc/network/interfaces

####################

# FIXME: this should be scripted; manage with puppet instead
#read -p '''!   Änderung in NFS-Common
#Ändere die Datei /etc/default/nfs-common am Ende:
#   NEED_GSSD= (leer lassen)
#Starte nun den Editor mit [Enter]
#'''
#editor /etc/default/nfs-common

# Alternate: scripted edit to /etc/default/nfs-common when script is run
sed -i 's/NEED_GSSD=.*/NEED_GSSD=/' /etc/default/nfs-common

####################

# Add system-wide WiFi-config
# echo '!   WIFI-Netzwerk hinzufügen'
# read -p 'Wie lautet die SSID? ' ssid
# read -p 'Wie lautet das zugehörige Passwort? ' passw
# export WIFIDEV=wlan0
# wpa_passphrase $ssid $passw >> /etc/wpa_supplicant/wpa_supplicant-$WIFIDEV.conf

# Alternate: Check for WiFi-Interface before asking for SSID and PW

#FOUND=`iwconfig | grep "IEE 802.11"`
#WIFIDEV=$(echo "$FOUND" | awk '{print $1}')

# FIXME: this works for systemd-networkd, but not for NetworkManager
#if  [ -n "$FOUND" ]; then
#	export WIFIDEV
#	# Add system-wide WiFi-config
#	echo '!   WIFI-Netzwerk hinzufügen'
#	read -p 'Wie lautet die SSID? ' ssid
#	read -p 'Wie lautet das zugehörige Passwort? ' passw
#	wpa_passphrase $ssid $passw >> /etc/wpa_supplicant/wpa_supplicant-$WIFIDEV.conf
#fi

# Alternate WiFi-config for NetworkManager

# Write standard config
touch /etc/NetworkManager/system-connections/SSID.in
cat <<EOT >> /etc/NetworkManager/system-connections/SSID.in
[connection]
id=@SSID@
uuid=@UUID@
type=wifi
permissions=
timestamp=@TIMESTAMP@
autoconnect=true

[wifi]
mac-address-blacklist=
mode=infrastructure
ssid=@SSID@

[wifi-security]
key-mgmt=wpa-psk
psk=@password@

[ipv4]
dns-search=
method=auto
ignore-auto-routes=false
ignore-auto-dns=false
never-default=false

[ipv6]
method=ignore
EOT

# Generate uuid and timestamp and overwrite in file

UUID=$(uuidgen -t)
sed -i 's/@UUID@/'"$UUID"'/' /etc/NetworkManager/system-connections/SSID.in

TIMESTAMP=$(date +%s )
sed -i 's/@TIMESTAMP@/'"$TIMESTAMP"'/' /etc/NetworkManager/system-connections/SSID.in

# Ask user for SSID and password
echo '!   WIFI-Netzwerk hinzufügen'
read -p 'Wie lautet die SSID? ' ssid
sed -i 's/@SSID@/'"$ssid"'/' /etc/NetworkManager/system-connections/SSID.in
# sed -i 's/id=<SSID>/id='"$ssid"'/' /etc/NetworkManager/system-connections/SSID.in
read -p 'Wie lautet das zugehörige Passwort? ' passw
sed -i 's/@password@/'"$passw"'/' /etc/NetworkManager/system-connections/SSID.in
mv /etc/NetworkManager/system-connections/SSID.in /etc/NetworkManager/system-connections/"$ssid"

# Set permissions on generated file
chmod go-rwx /etc/NetworkManager/system-connections/"$ssid"

# Write new content for /usr/share/debian-edu-config/tools/wpad-extract. 
# Workaround for Debian bug #888829. Probably fixed with debian-edu-config 1.929+deb9u1.

cat <<EOT > /usr/share/debian-edu-config/tools/wpad-extract
#!/bin/bash
#
# Detect proxy URL via WPAD
#
# Author: Wolfgang Schweer
# License: GNU General Public License v2 or later

# This version uses pactester from package libpacparser1.

# Look up one of the www.debian.org IP addresses to avoid hanging on
# DNS if the skolelinux machines are not connected to the Internet.
proxy_url=\$(curl -s http://wpad/wpad.dat | pactester -p - \\
            -u http://130.89.148.14 | awk '{print \$2}' | cut -d';' -f1)
echo http_proxy=http://\$proxy_url
EOT

# Run /usr/share/debian-edu-config/tools/update-proxy-from-wpad
/usr/share/debian-edu-config/tools/update-proxy-from-wpad

####################

# Install puppet-agent
echo '!   Puppet-Agent installieren'
read -p '''Bevor der Puppet-Agent installiert werden kann,
muss der Hostname geändert werden. Es darf kein "lan" im
Namen auftauchen, z.B. statt mw101-lan.intern muss
es mw101.intern heißen. [ENTER] '''

# Set hostname
read -p 'Wie lautet der Hostname (ohne Domain)? ' myhost
hostnamectl set-hostname $myhost
export HOSTNAME="$myhost"

# To be sure restart the following services
invoke-rc.d rsyslog restart
invoke-rc.d cron restart
invoke-rc.d puppet restart

# Install and enable puppet-agent on client
echo '!   Puppet-Agent wird installiert... '
apt-get install puppet
puppet agent --test --waitforcert 7200
puppet agent --enable
read -p '''Nun mit ssh auf den tjener wechseln und dort
mit   puppet cert --list   die am Master angemeldeten
Clients auflisten.

Anschließend mit   puppet cert --sign <myhost>.intern
den Puppet-Agent des Clients authorisieren. [ENTER] '''
# ssh tjener
echo '''!   FERTIG
Die Installation 
  - des Basissystems mit ITZKS-Anpassungen
  - des Puppet-Agents
ist abgeschlossen.'''