#!/bin/bash
# config script for linuxmuster.net
#
# thomas@linuxmuster.net
# 11.07.2014
# GPL v3
#

# read dist.conf
. /usr/share/linuxmuster/config/dist.conf

# read helperfunctions
. $HELPERFUNCTIONS

# read debconf database
echo "Reading debconf database ..."
for i in country state location servername domainname schoolname \
         internsubrange fwconfig opsi smtprelay sambasid adminpw opsipw \
         ipcoppw workgroup iface_lan serverexternname subnetting; do
  eval $i="$(echo get linuxmuster-base/$i | debconf-communicate | awk '{ print $2 }')"
done

# clear admin user passwords from debconf db
for i in adminpw ipcoppw opsipw; do
  RET=`echo set linuxmuster-base/$i "" | debconf-communicate`
done

# escaping special characters in passwords
esc_spec_chars "$adminpw"
adminpw=$RET
esc_spec_chars "$opsipw"
opsipw=$RET
esc_spec_chars "$ipcoppw"
ipcoppw=$RET

# compute md5sum for adminpw
adminpw_md5=`echo -n $adminpw | md5sum | cut -c -32`

# only in modify mode
if [ "$1" != "--first" ]; then
 # reading old values
 echo "Checking for modified values ..."
 . $OLDVALUES || exit 1
 rm $OLDVALUES
fi

# install firewall pkgs
echo 'DPkg::Options {"--force-confold";"--force-confdef";"--force-bad-verify";"--force-overwrite";};' > /etc/apt/apt.conf.d/99upgrade
echo 'apt-get::CmdLine::Ignore-Trust-Violations "true";' >> /etc/apt/apt.conf.d/99upgrade
if [ "$fwconfig" = "custom" ]; then
 for i in ipfire ipcop; do
  dpkg -l | grep linuxmuster-$i | grep -q ^i && apt-get -y remove linuxmuster-$i
 done
else
 DEBIAN_FRONTEND=noninteractive apt-get -y install linuxmuster-$fwconfig
fi
rm -f /etc/apt/apt.conf.d/99upgrade

# compute ip's
maxsub=`echo $internsubrange | awk -F\- '{ print $2 }'`
let maxsub+=1
internsub=`echo $internsubrange | cut -f1 -d"-"`
internsub_old=`echo $internsubrange_old | cut -f1 -d"-"`
orangesub=$(( $internsub+1 ))
ovpnsub=$(( $internsub+2 ))
serverip=10.$internsub.1.1
serverip_old=10.$internsub_old.1.1
serverrev_short=1.1.$internsub
ipcopip=10.$internsub.1.254
ipcopip_old=10.$internsub_old.1.254
ipcoprev_short=254.1.$internsub
internalnet=10.$internsub.0.0
internalnet_old=10.$internsub_old.0.0
broadcast="$(ipcalc -b "$internalnet/$INTERNMASK" | grep ^Broadcast | awk '{ print $2 }')"
broadcast_old="$(ipcalc -b "$internalnet_old/$INTERNMASK" | grep ^Broadcast | awk '{ print $2 }')"
ipcopblue=172.16.$internsub
ipcoporange=172.16.$orangesub
ipcopovpn=172.16.$ovpnsub
if [ "$opsi" = "true" ]; then
 opsiip=10.$internsub.1.2
else
 opsiip=""
fi
# save opsi ip from former setup, less work later if not set
[ -e "$NETWORKSETTINGS" ] && opsiip_old="$(grep ^opsiip "$NETWORKSETTINGS" | awk -F\= '{ print $2 }' | sed -e 's|\"||g')"

# values for subnetting
srvnetip=10.$internsub.1.0
srvnetip_old=10.$internsub_old.1.0
srvnetgw=10.$internsub.1.253
srvnetgw_old=10.$internsub_old.1.253
srvnetbc="$(ipcalc -b "$srvnetip/$SUBNETMASK" | grep ^Broadcast | awk '{ print $2 }')"
srvnetbc_old="$(ipcalc -b "$srvnetip_old/$SUBNETMASK" | grep ^Broadcast | awk '{ print $2 }')"
if [ "$subnetting" = "true" ]; then
 dhcpbc="$srvnetbc"
 dhcpmask="$SUBNETMASK"
else
 dhcpbc="$broadcast"
 dhcpmask="$INTERNMASK"
fi

# check for modified values
if [ "$1" != "--first" ]; then
 [ "$country" = "$country_old" ] || update_certs=yes
 [ "$state" = "$state_old" ] || update_certs=yes
 [ "$location" = "$location_old" ] || update_certs=yes
 [ "$schoolname" = "$schoolname_old" ] || update_certs=yes
 [ "$workgroup" = "$workgroup_old" ] || update_ldap=yes
 if [ "$servername" != "$servername_old" ]; then
  update_certs=yes && update_ldap=yes
 fi
 if [ "$domainname" != "$domainname_old" ]; then
  update_certs=yes
  update_ldap=yes
  [ "$fwconfig" != "custom" ] && update_fw_cert=yes
 fi
 [ "$serverexternname" = "$serverexternname_old" ] || update_extern=yes
 [ "$smptrelay" = "$smtprelay_old" ] || update_smtp=yes
 [ "$ipcopip" = "$ipcopip_old" ] || update_ssh=yes
fi

# compute basedn from domainname
basedn="dc=`echo $domainname|sed 's/\./,dc=/g'`"
basedn_old="dc=`echo $domainname_old|sed 's/\./,dc=/g'`"

# write network settings
(
cat <<EOF
# linuxmuster.net settings
servername="$servername"
serverip="$serverip"
ipcopip="$ipcopip"
opsiip="$opsiip"
domainname="$domainname"
serverexternname="$serverexternname"
fwconfig="$fwconfig"
internalnet="$internalnet"
broadcast="$broadcast"
ipcopblue="$ipcopblue"
ipcoporange="$ipcoporange"
ipcopovpn="$ipcopovpn"
basedn="$basedn"
smtprelay="$smtprelay"
iface_lan="$iface_lan"
admin="$ADMINISTRATOR"
schoolname="$schoolname"
location="$location"
state="$state"
country="$country"
imaging="linbo"
subnetting="$subnetting"
srvnetip="$srvnetip"
srvnetgw="$srvnetgw"
srvnetbc="$srvnetbc"
EOF
) > "$NETWORKSETTINGS"
chmod 755 "$NETWORKSETTINGS"

# compute iface_lan's macaddress
adminmac="$(ifconfig $iface_lan | grep -o -E '([[:xdigit:]]{1,2}:){5}[[:xdigit:]]{1,2}' | tr a-z A-Z)"

# handle samba SID
if [ -z "$sambasid" ]; then

  sambasid=`net getlocalsid | cut -f6 -d" "`

  if [ -z "$sambasid" ]; then
    echo "Fatal! Cannot get samba SID!" | tee -a $LOGDIR/setup.log
    exit 1
  fi

  RET=`echo set linuxmuster-base/sambasid $sambasid | debconf-communicate` | tee -a $LOGDIR/setup.log

fi

# substitute spaces in schoolname, location and distro
schoolname=${schoolname// /_}
location=${location// /_}
distro="$DISTNAME"
distro=${distro// /-}

# escaping /
dsluser=${dsluser//\//\\\/}

# messages for config file headers
message1="##### Do not change this file! It will be overwritten!"
message2="##### This configuration file was automatically created by linuxmuster-setup!"
message3="##### Last Modification: `date`"

# set a new random password for cyrus user
$SCRIPTSDIR/cyradmpw.sh
cyradmpw=`cat /etc/imap.secret`

if [ "$1" = "--first" ]; then
 # save opsi workstations entry
 [ -n "$opsiip" ] && grep ^[a-zA-Z0-9] "$WIMPORTDATA" | grep ";$opsiip_old;" | sed -e "s|;$opsiip_old;|;$opsiip;|" > "$CACHEDIR/workstations.opsi"
 # copying default configuration an remove installed flag for first time installation
 echo "Copying default static configuration files ..." | tee -a $LOGDIR/setup.log
 cp -a $STATICTPLDIR/* /
 # delete installed flag
 if [ -e "$INSTALLED" ]; then
  echo "Removing installed flag $INSTALLED ..." | tee -a $LOGDIR/setup.log
  rm -f $INSTALLED
 fi
 # remove backup files
 if ! check_empty_dir $BACKUPDIR; then
  echo "Cleaning up $BACKUPDIR ..." | tee -a $LOGDIR/setup.log
  rm -rf $BACKUPDIR/*
 fi
 # set a ldap admin password
 ldapadminpw=`pwgen -s 24 1`
 echo -n $ldapadminpw > /etc/ldap.secret
 chmod 600 /etc/ldap.secret
else
 ldapadminpw="$(cat /etc/ldap.secret)"
fi

# check if sophomorix is installed
SOPHOMORIX="$(dpkg -l sophomorix2 | grep -q ^i)"

# patching conffiles
for i in $DYNTPLDIR/*; do
  cd $i
  echo "Processing $i ..."
  # do something before the configuration is patched
  [ -f prepatch ] && . prepatch $1 >> $LOGDIR/setup.log 2>&1
  # process all variables through all targets
  if ls *.target &> /dev/null; then
    for t in *.target; do
      eval target=`cat $t`
      conffile=${t%.target}
      [ "$1" = "--modify" ] && backup_file $target >> $LOGDIR/setup.log
      sed -e "s/@@message1@@/${message1}/g
              s/@@message2@@/${message2}/g
              s/@@message3@@/${message3}/g
              s/@@country@@/${country}/g
              s/@@state@@/${state}/g
              s/@@location@@/${location}/g
              s/@@schoolname@@/${schoolname}/g
              s/@@distro@@/${distro}/g
              s/@@servername@@/${servername}/g
              s/@@domainname@@/${domainname}/g
              s/@@serverip@@/${serverip}/g
              s/@@serverrev_short@@/${serverrev_short}/g
              s/@@ipcopip@@/${ipcopip}/g
              s/@@ipcoprev_short@@/${ipcoprev_short}/g
              s/@@ipcopblue@@/${ipcopblue}/g
              s/@@ipcoporange@@/${ipcoporange}/g
              s/@@ipcopovpn@@/${ipcopovpn}/g
              s/@@iface_lan@@/${iface_lan}/g
              s/@@fwconfig@@/${fwconfig}/g
              s/@@dhcpbc@@/${dhcpbc}/g
              s/@@dhcpmask@@/${dhcpmask}/g
              s/@@broadcast@@/${broadcast}/g
              s/@@internsub@@/${internsub}/g
              s/@@internalnet@@/${internalnet}/g
              s/@@internmask@@/${INTERNMASK}/g
              s/@@internbitmask@@/${INTERNBITMASK}/g
              s/@@srvnetip@@/${srvnetip}/g
              s/@@subnetmask@@/${SUBNETMASK}/g
              s/@@subnetbitmask@@/${SUBNETBITMASK}/g
              s/@@srvnetbc@@/${srvnetbc}/g
              s/@@srvnetgw@@/${srvnetgw}/g
              s/@@smtprelay@@/${smtprelay}/g
              s/@@adminmac@@/${adminmac}/g
              s/@@workgroup@@/${workgroup}/g
              s/@@basedn@@/${basedn}/g
              s/@@ldappassword@@/${ldapadminpw}/g
              s/@@adminpw@@/${adminpw}/g
              s/@@adminpw_md5@@/${adminpw_md5}/g
              s/@@cyradmpw@@/${cyradmpw}/g
              s/@@ipcoppw@@/${ipcopintpw}/g
              s/@@sambasid@@/${sambasid}/g
              s/@@pgmadmin@@/${PGMADMIN}/g
              s/@@domadmin@@/${DOMADMIN}/g
              s/@@domadmins@@/${DOMADMINS}/g
              s/@@administrator@@/${ADMINISTRATOR}/g
              s/@@printeradmins@@/${PRINTERADMINS}/g
              s/@@admingroup@@/${ADMINGROUP}/g
              s/@@teachersgroup@@/${TEACHERSGROUP}/g
              s/@@wwwadmin@@/${WWWADMIN}/g
              s/@@serverexternname@@/${serverexternname}/g" $conffile > $target
    done
  fi
  # do something after the configuration is patched
  [ -f postpatch ] && . postpatch $1 >> $LOGDIR/setup.log 2>&1
  # move nopatch files back
  for np in *.nopatch; do
    [ -e "$np" ] && mv $np ${np%.nopatch}
  done
done

# finish logging
echo >> $LOGDIR/setup.log
echo "####################################################" >> $LOGDIR/setup.log
echo "Setup session finished at" >> $LOGDIR/setup.log
date >> $LOGDIR/setup.log
echo "####################################################" >> $LOGDIR/setup.log

unset HISTSIZE HISTFILESIZE

exit 0
