#!/bin/sh

# Vars
## Define the hard drive to use
if [ -b '/dev/sda' ]; then
	hdd="/dev/sda"
else
	printf '%b\n' "Please check the hard drive to use"
	exit 0
fi
## Which version of Debian should be installed
debian_version="bullseye"
## Computer hostname
## If empty, the script will try to get one with nslookup
new_hostname=""
## Volume Group name to use for LVM
vgname="${new_hostname}vg"
## If the script should manage the partitions (delete, add,…)
manage_part=0
## If the script should use BTRFS
manage_btrfs=1
## If the script should create extra volume (eg. backup, virt, Proxmox,…)
manage_extra_lv=0
## If the script should cipher data with LUKS
manage_luks=1
## You need to set a new passphrase after the installation or at least change this one
luks_passphrase="generic key"
luks_key_file="/tmp/luks.keyfile.temp"
luks_pv_name=$(basename "${hdd}"_crypt)
## If the script should manage everything (partition, package,…) related to grub
manage_grub=0
## Colors definition {{{
BLACK='\033[49;30m'
BLACKB='\033[49;90m'
RED='\033[0;31m'
REDB='\033[1;31m'
GREEN='\033[0;32m'
YELLOW='\033[0;33m'
BLUE='\033[94;49m'
MAGENTA='\033[0;35m'
CYAN='\033[36;49m'
WHITE='\033[0;37m'
BOLD='\033[1m'
RESET='\033[0m'
## }}}

## Package to exclude from debootstrap install
dbs_pkg_exclude="vim-tiny"
## Package to include to debootstrap install
dbs_pkg_include="aptitude,btrfs-progs,bzip2,cryptsetup,debconf-i18n,dialog,dmsetup,htop,isc-dhcp-client,isc-dhcp-common,locales,lvm2,openssh-server,pciutils,thin-provisioning-tools,tmux,vim-nox,wget,zsh"

# Prepare host system {{{
apt update
apt install -y coreutils e2fsprogs gawk ipcalc lvm2 thin-provisioning-tools parted util-linux wget || exit 1

## Install a recent version of debootstrap
wget http://ftp.de.debian.org/debian/pool/main/d/debootstrap/debootstrap_1.0.114_all.deb -O /tmp/debootstrap.deb
dpkg -i /tmp/debootstrap.deb || exit 2

## Install a recent version of debian-archive-keyring
wget http://ftp.de.debian.org/debian/pool/main/d/debian-archive-keyring/debian-archive-keyring_2019.1+deb10u1_all.deb -O /tmp/debian-archive-keyring.deb
dpkg -i /tmp/debian-archive-keyring.deb || exit 3
# }}}
# Partitionning {{{
if [ "${manage_part}" -eq 0 ]; then
	## Remove all old partitions {{{
	for part_number in 1 2 3 4 5 6 7 8; do
		[ -b "${hdd}""${part_number}" ] && parted "${hdd}" rm "${part_number}"
	done
	## }}}
	## Recreate partition (/boot and LV) {{{
	### Partition type
	parted "${hdd}" mklabel gpt || exit 1

	if [ "${manage_grub}" -eq 0 ]; then
		### /boot
		parted "${hdd}" mkpart primary 0% 512MB || exit 1
		parted "${hdd}" set 1 boot on
		sleep 2
		mkfs.ext3 -F -L boot -- "${hdd}"1 || exit 4

		### LV
		root_part_id="2"
		parted "${hdd}" mkpart primary 512MB 100% || exit 1
		parted "${hdd}" set "${root_part_id}" lvm on
		sleep 2
	else
		### LV
		root_part_id="1"
		parted "${hdd}" mkpart primary 0% 100% || exit 1
		parted "${hdd}" set "${root_part_id}" lvm on
		sleep 2
	fi

	if [ "${manage_luks}" -eq 0 ]; then
		rm -f -- "${luks_key_file}" && printf '%b' "${luks_passphrase}" > "${luks_key_file}"
		cryptsetup -c aes-xts-plain64 -s 512 --use-random -y luksFormat "${hdd}${root_part_id}" "${luks_passphrase}" --key-file "${luks_key_file}" || exit 2
		cryptsetup luksOpen "${hdd}${root_part_id}" "${luks_pv_name}" --key-file "${luks_key_file}" || exit 2
		pvcreate /dev/mapper/"${luks_pv_name}" || exit 3
		vgcreate "${vgname}" /dev/mapper/"${luks_pv_name}" || exit 3
	else
		pvcreate "${hdd}${root_part_id}" || exit 3
		vgcreate "${vgname}" "${hdd}${root_part_id}" || exit 3
	fi
## }}}
	## Create Logical Volumes {{{
	if [ "${manage_btrfs}" -eq 0 ]; then
		### Create only 1 LV for btrfs base system
		[ ! -b /dev/mapper/"${vgname}"-root ] && lvcreate -n root -L 70g  "${vgname}"
	else
		### Otherwise create differents LVs
		[ ! -b /dev/mapper/"${vgname}"-home ] && lvcreate -n home -L 20g  "${vgname}"
		[ ! -b /dev/mapper/"${vgname}"-opt  ] && lvcreate -n opt  -L 2g   "${vgname}"
		[ ! -b /dev/mapper/"${vgname}"-root ] && lvcreate -n root -L 5g   "${vgname}"
		[ ! -b /dev/mapper/"${vgname}"-srv  ] && lvcreate -n srv  -L 2g   "${vgname}"
		[ ! -b /dev/mapper/"${vgname}"-tmp  ] && lvcreate -n tmp  -L 10g  "${vgname}"
		[ ! -b /dev/mapper/"${vgname}"-usr  ] && lvcreate -n usr  -L 15g  "${vgname}"
		[ ! -b /dev/mapper/"${vgname}"-var  ] && lvcreate -n var  -L 10g  "${vgname}"
	fi
	### Create extra LVs
	if [ "${manage_extra_lv}" -eq 0 ]; then
		[ ! -b /dev/mapper/"${vgname}"-vz   ] && lvcreate -n vz   -L 150g "${vgname}"
		[ ! -b /dev/mapper/"${vgname}"-bkp  ] && lvcreate -n bkp  -L 150g "${vgname}"
	fi
	[ ! -b /dev/mapper/"${vgname}"-swap ] && lvcreate -n swap -L 4g   "${vgname}"
	## }}}
	## Format Logical Volumes {{{
	### Format LVs in ext4
	cd -- /dev/"${vgname}" || exit 1
	for lvname in *; do
		mkfs.ext4 -F -L "${lvname}" -- "${lvname}" || exit 4
	done
	cd -- - || exit 1

	### (re)format Btrfs LV
	if [ "${manage_btrfs}" -eq 0 ]; then
		### Ensure to format Btrfs LV
		mkfs.btrfs --force -L root -- /dev/"${vgname}"/root || exit 4
	fi

	### And format the swap
	mkswap -L sw01 -- /dev/mapper/"${vgname}"-swap || exit 4
	## }}}
fi

# }}}
# Debootstrap {{{
## Create and mount the system {{{
### Root
mkdir -p -- /target
mountpoint -q /target            || mount -- /dev/mapper/"${vgname}"-root /target

if [ "${manage_grub}" -eq 0 ]; then
	### boot - grub
	mkdir -p -- /target/boot
	mountpoint -q /target/boot       || mount -- ${hdd}1 /target/boot
	boot_uuid=$(blkid | grep "${hdd}1" | sed 's/.*1.*UUID="\(.*\)" TYPE.*/\1/')
	### Prepare an fstab file
	printf '%b\n' "UUID=${boot_uuid}               /boot       ext3 defaults                   0 0" > /tmp/target.fstab
fi

### Prepare the base system tree according to the expected file system
if [ "${manage_btrfs}" -eq 0 ]; then
	#### Download an extra script for Btrfs
	wget -O /tmp/part.btrfs.sh "https://git.101010.fr/gardouille-dotfiles/scripts/raw/master/debian/part.btrfs.sh"
	#### Create several subvolumes
	chmod +x /tmp/part.btrfs.sh && /tmp/part.btrfs.sh

	#### root
	grep "btrfs" /etc/mtab >> /tmp/target.fstab

else  ### Or for ext4, create mountpoint and mount LV
	#### root
	printf '%b\n' "/dev/mapper/${vgname}-root /           ext4 defaults                   0 0" >> /tmp/target.fstab
	#### home LV
	mkdir -p -- /target/home
	mountpoint -q /target/home       || mount -- /dev/mapper/"${vgname}"-home /target/home
	printf '%b\n' "/dev/mapper/${vgname}-home /home       ext4 defaults                   0 0" >> /tmp/target.fstab
	#### opt LV
	mkdir -p -- /target/opt
	mountpoint -q /target/opt        || mount -- /dev/mapper/"${vgname}"-opt /target/opt
	printf '%b\n' "/dev/mapper/${vgname}-opt  /opt        ext4 defaults                   0 0" >> /tmp/target.fstab
	#### srv LV
	mkdir -p -- /target/srv
	mountpoint -q /target/srv        || mount -- /dev/mapper/"${vgname}"-srv /target/srv
	printf '%b\n' "/dev/mapper/${vgname}-srv  /srv        ext4 defaults                   0 0" >> /tmp/target.fstab
	#### tmp LV
	mkdir -p -- /target/tmp
	chmod 0777 -- /target/tmp
	mountpoint -q /target/tmp        || mount -- /dev/mapper/"${vgname}"-tmp /target/tmp
	printf '%b\n' "/dev/mapper/${vgname}-tmp  /tmp        ext4 defaults                   0 0" >> /tmp/target.fstab
	#### usr LV
	mkdir -p -- /target/usr
	mountpoint -q /target/usr        || mount -- /dev/mapper/"${vgname}"-usr /target/usr
	printf '%b\n' "/dev/mapper/${vgname}-usr  /usr        ext4 defaults                   0 0" >> /tmp/target.fstab
	#### var LV
	mkdir -p -- /target/var
	mountpoint -q /target/var        || mount -- /dev/mapper/"${vgname}"-var /target/var
	printf '%b\n' "/dev/mapper/${vgname}-var  /var        ext4 defaults                   0 0" >> /tmp/target.fstab
fi

### Ensure to remove any occurence to /target mountpoint
sed -i 's;target/;;' /tmp/target.fstab
sed -i 's;target;;' /tmp/target.fstab

if [ "${manage_extra_lv}" -eq 0 ]; then
	### Extra bkp LV
	mkdir -p -- /target/srv/backup
	mountpoint -q /target/srv/backup || mount -- /dev/mapper/"${vgname}"-bkp /target/srv/backup
	printf '%b\n' "/dev/mapper/${vgname}-bkp  /srv/backup ext4 defaults                   0 0" >> /tmp/target.fstab
	### Extra vz LV
	mkdir -p -- /target/var/lib/vz
	mountpoint -q /target/var/lib/vz || mount -- /dev/mapper/"${vgname}"-vz /target/var/lib/vz
	printf '%b\n' "/dev/mapper/${vgname}-vz   /var/lib/vz ext4 defaults                   0 0" >> /tmp/target.fstab
fi

### Swap
swapon -- /dev/mapper/"${vgname}"-swap
## }}}
## Run debootstrap
debootstrap --arch amd64 --include="${dbs_pkg_include}" --exclude="${dbs_pkg_exclude}" "${debian_version}" /target http://ftp.fr.debian.org/debian || exit 1

# }}}
# Configure system {{{
## Fstab {{{
### Copy the temp fstab file to target
cp -- /tmp/target.fstab /target/etc/fstab
## }}}
## Ensure to (re)mount devices for chroot {{{
mkdir -p --   /target/dev
mountpoint -q /target/dev        || mount -t devtmpfs -- none      /target/dev
mkdir -p --   /target/dev/pts
mountpoint -q /target/dev/pts    || mount -t devpts   -- /dev/pts  /target/dev/pts
mkdir -p --   /target/proc
mountpoint -q /target/proc       || mount -t proc     -- none      /target/proc
mkdir -p --   /target/sys
mountpoint -q /target/sys        || mount -t sysfs    -- none      /target/sys
### FIXME : /run/lvm needs to be manually set in debootstrap|chroot for Buster {{{
### See :
### https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=918590
### https://bbs.archlinux.org/viewtopic.php?pid=1820949#p1820949
mkdir -p --   /target/run/lvm
mountpoint -q /target/run/lvm    || mount --bind      -- /run/lvm  /target/run/lvm
mkdir -p --   /target/run/udev
mountpoint -q /target/run/udev   || mount --bind      -- /run/udev /target/run/udev
### }}}
## }}}
## Luks {{{
if [ "${manage_luks}" -eq 0 ]; then
	luks_part_uuid=$(blkid | grep "${hdd}2.*TYPE=\"crypto_LUKS\"" | sed 's/.*UUID="\(.*\)" TYPE.*/\1/')
	### Ensure crypttab file contains the LUKS informations
	printf '%b\n' "${luks_pv_name} UUID=${luks_part_uuid} none luks,discard" >> /target/etc/crypttab
fi

### Regenerate initramfs
chroot /target update-initramfs -k all -u
## }}}
## Network {{{
### Get all informations from current network configuration in rescue mode
net_device=$(ip r | grep "^default" | head -1 | cut -d" " -f5)
#### TODO: Switch to ip a to get ip address
net_address=$(ip r | grep -vE "(^default|metric)" | grep "${net_device}.*src" | head -1 | awk -F" " '{print $NF}')
read -r net_mac_address </sys/class/net/"${net_device}"/address
net_netmask=$(ipcalc "${net_address}" | awk '/Netmask:/{print $2;}')
net_netmask_cidr=$(ipcalc "${net_address}" | awk '/Netmask:/{print $4;}')
net_broadcast=$(ip a s dev "${net_device}" | awk '/inet.*brd/{print $4}')
net_network=$(ip r | grep -vE "(^default|metric)" | grep "src ${net_address}" | head -1 | cut -d"/" -f1)
net_gateway=$(ip r | grep "^default" | head -1 | cut -d" " -f3)

### Create a network unit for systemd-networkd
printf '%b' "[Match]
MACAddress=${net_mac_address}

[Network]
Description=network interface with default route without dhcp
DHCP=no
Address=${net_address}/${net_netmask_cidr}
Gateway=${net_gateway}
IPv6AcceptRA=no
DNS=80.67.169.12
" > /target/etc/systemd/network/50-default.network

### Ensure to enable systemd-networkd at startup
chroot /target systemctl enable systemd-networkd

## }}}
## Locale {{{
### Enable locale(s)
sed -i 's/^# \(en_US.UTF-8 UTF-8\)/\1/' /target/etc/locale.gen
#sed -i 's/^# \(fr_FR.UTF-8 UTF-8\)/\1/' /target/etc/locale.gen
chroot /target locale-gen

## }}}
## Timezone {{{
### Set timezone
printf '%b\n' "Europe/Paris" > /target/etc/timezone
ln -fs /usr/share/zoneinfo/Europe/Paris /target/etc/localtime
chroot /target dpkg-reconfigure --frontend noninteractive tzdata

## }}}
## Kernel and Grub {{{
### Install
if [ "${manage_grub}" -eq 0 ]; then
	chroot /target aptitude install --assume-yes --without-recommends -- linux-image-amd64 grub-pc
	chroot /target grub-install "${hdd}"
	chroot /target update-grub
else
	chroot /target aptitude install --assume-yes --without-recommends -- linux-image-amd64
fi
## }}}
## Hostname {{{

if [ -z "${new_hostname}" ]; then
	lookup_hostname=$(nslookup "${net_address}" || echo "server name = new_server")
	get_hostname=$(echo "${lookup_hostname}" | awk '/name =/{print $4;}' | cut -d. -f1)
	printf '%b\n' "${get_hostname}" > /target/etc/hostname
else
	printf '%b\n' "${new_hostname}" > /target/etc/hostname
fi
#printf '%b\n' "127.0.0.1       ${new_hostname}" >> /target/etc/hosts

## }}}
# }}}
# Finish {{{
## Call a latecommand script {{{
wget -O /tmp/latecommand.tar.gz "https://git.ipr.univ-rennes1.fr/cellinfo/tftpboot/raw/master/scripts/latecommand.tar.gz" --no-check-certificate
tar xzf /tmp/latecommand.tar.gz -C /target/tmp/
chroot /target /usr/bin/env debian_version="${debian_version}" /bin/sh /tmp/latecommand/post."${debian_version}".sh

## }}}
## SSH {{{
### Allow root connections - this should be fixed if it works
sed -i 's/\(^\|^\#\)\(PermitRootLogin\).*/\2 yes/g' /target/etc/ssh/sshd_config
### Add current authorized_keys from the rescue system if present
if [ -f /root/.ssh/authorized_keys ]; then
	mkdir -p -- /target/root/.ssh
	cp -- /root/.ssh/authorized_keys /target/root/.ssh/authorized_keys
else
	printf '%b\n' "${REDB}You might want to define an authorized key for SSH/root in /target/etc/ssh/sshd_config${RESET}"
fi
## }}}
printf '%b\n' "${REDB}Please change the root's password :${RESET}"
chroot /target passwd

# Ensure to umount everything
#umount /target/var/lib/vz/ /target/var/ /target/usr/ /target/tmp/ /target/sys/ /target/srv/backup/ /target/srv/ /target/proc/ /target/opt/ /target/home/ /target/dev/pts/ /target/dev /target/boot/ /target/

printf '%b\n' "${GREEN}The system is still available on /target but you can now try to reboot the hardware.${RESET}"

exit 0
# }}}