#!/bin/sh

# Set up a fresh system with the minimum requirements for remote configuration
# with Ansible. Except for non-root Termux, start with root user.

set -e
github_user=${1:-'mu40'}


# System detection (`uname -r` no good for WSL).
for f in /bsd /etc/*-release /data/data/com.termux; do
    if [ -e "$f" ]; then
        os="$f"
        break
    fi
done


# Requirements. Save 0.5 GB with `--no-install-recommends`.
case "$os" in
    /bsd)
        pkg_add -u
        pkg_add curl python3
    ;;
    /etc/arch-release)
        pacman --noconfirm -Syu
        pacman --noconfirm -S openssh python
    ;;
    /etc/alpine-release)
        apk -U upgrade
        apk add curl openssh python3
    ;;
    /etc/fedora-release)
        dnf -y upgrade
        dnf -y install openssh-server python3
    ;;
    /data/data/com.termux)
        pkg upgrade -y -o "Dpkg::Options::=--force-confnew"
        pkg install -y --no-install-recommends \
            openssh python python-apt termux-services
    ;;
    *)
        echo "ERROR: system not supported"
        exit 1
    ;;
esac


# SSH public key. Generate host keys if needed.
d=~/.ssh
mkdir -p "$d"
curl -L "https://github.com/$github_user.keys" >"$d/authorized_keys"
chmod -R u=rwX,go= "$d"
ssh-keygen -A


# SSH root login. Termux hard-codes non-root user. Test configuration.
if [ "$os" != /data/data/com.termux ]; then
    f=/etc/ssh/sshd_config
    [ -f "$f.bak" ] || cp "$f" "$f".bak
    sed 's/^#*\(PermitRootLogin\) .*$/\1 prohibit-password/' "$f.bak" >"$f"
    sshd -t
fi


# SSH daemon. Termux sources $PREFIX/etc/profile.d/start-services.sh to start
# runit. Manually start it to launch sshd without Termux restart. Preferred
# over directly invoking `sshd` so Ansible's service module can manage the
# daemon. Enable and start with `sv-enable`, as it will only run while Termux
# is running. Acquire wake lock to ensure we can connect: release it with
# `termux-wake-unlock` or in the notification panel.  Using `sv` will require
# restart to export SVDIR and LOGDIR.
case "$os" in
    /bsd)
        rcctl restart sshd
    ;;
    /etc/arch-release|/etc/fedora-release)
        systemctl restart sshd
    ;;
    /etc/alpine-release)
        rc-service sshd restart
    ;;
    /data/data/com.termux)
        . "$PREFIX/etc/profile.d/start-services.sh"
        until [ -e "$SVDIR/sshd/supervise/ok" ]; do sleep 1; done
        sv-enable sshd
        termux-wake-lock
    ;;
esac


# Username and IPs. Termux does not set $USER. Skip loopback device.
{
    user=$(whoami)
    echo "user: $user"
    if command -v ip >/dev/null; then
        ip a | awk '/^[^\t ]/ {f=$2} /inet / {sub(/\/.*/,"",$2); print f,$2}'
    else
        ifconfig 2>&1 | awk '/^[^\t ]/ {f=$1} /inet / {print f,$2}'
    fi
} | grep -v '^lo'