#!/bin/bash

RED='\033[0;31m'
GREEN='\033[0;32m'
NC='\033[0m' # No Color

clear

# Function to print status with a checkmark
print_status() {
    echo -e "${GREEN}✔${NC} ${1} completed."
}

echo -e "${RED}→${NC} Starting System Update..."
sudo apt update >>/var/log/install 2>&1 && print_status "System Update"
sudo apt upgrade -y >>/var/log/install 2>&1 && print_status "System Upgrade"
sudo apt dist-upgrade -y >>/var/log/install 2>&1 && print_status "System Dist-Upgrade"

echo -e "${RED}→${NC} Installing required packages..."
sudo apt install --no-install-recommends xserver-xorg x11-xserver-utils xinit chromium-browser fonts-noto-color-emoji nfs-common watchdog xdotool rsync -y >>/var/log/install 2>&1 && print_status "Required packages installed"
sudo apt install realvnc-vnc-server overlayroot -y >>/var/log/install 2>&1 && print_status "VNC and Overlayroot installed"
sudo apt autoremove -y >>/var/log/install 2>&1 && print_status "Autoremove"
sudo apt clean >>/var/log/install 2>&1 && print_status "Clean"
rm -rf /var/lib/apt/lists/* >>/var/log/install 2>&1 && print_status "Clear cache"

echo -e "${GREEN}→${NC} Configuring Raspberry Pi settings..."
sudo raspi-config nonint do_camera 0 >> /var/log/install 2>&1 && print_status "Camera disabled"
sudo raspi-config nonint do_vnc 0 >> /var/log/install 2>&1 && print_status "VNC enabled"
sudo raspi-config nonint do_spi 0 >> /var/log/install 2>&1 && print_status "SPI disabled"
sudo raspi-config nonint do_i2c 0 >> /var/log/install 2>&1 && print_status "I2C disabled"
sudo raspi-config nonint do_serial 0 0 >> /var/log/install 2>&1 && print_status "Serial port disabled"
sudo raspi-config nonint do_onewire 0 >> /var/log/install 2>&1 && print_status "1-Wire disabled"
sudo raspi-config nonint do_remote_gpio 0 >> /var/log/install 2>&1 && print_status "Remote GPIO disabled"
sudo raspi-config nonint do_gpu_memory 256 >> /var/log/install 2>&1 && print_status "GPU memory set to 256MB"
sudo raspi-config nonint do_locale "de_DE.UTF-8" "de_DE.UTF-8" >> /var/log/install 2>&1 && print_status "Locale set to de_DE.UTF-8"
sudo raspi-config nonint do_timezone "Europe/Berlin" >> /var/log/install 2>&1 && print_status "Timezone set to Europe/Berlin"
sudo raspi-config nonint do_boot_order 3 >> /var/log/install 2>&1 && print_status "Boot order set to network boot"

echo -e "${RED}→${NC} Configuring VNC..."
sudo systemctl enable vncserver-x11-serviced.service >>/var/log/install 2>&1 && print_status "VNC service enabled"
sudo systemctl start vncserver-x11-serviced.service >>/var/log/install 2>&1 && print_status "VNC service started"
CONFIG_FILE="/root/.vnc/config.d/vncserver-x11"
if [ ! -d "$(dirname "$CONFIG_FILE")" ]; then
    mkdir -p "$(dirname "$CONFIG_FILE")"
    print_status "Created directory for VNC config." >> /var/log/install 2>&1
fi
read -p "Do you want to set a VNC password? (y/n): " -r
if [[ $REPLY =~ ^[Yy](e[Ss]?)?$ ]]; then
    vncpasswd
    print_status "VNC password has been set." >> /var/log/install 2>&1
else
    echo -e "${RED}✖${NC} No VNC password will be set." >> /var/log/install 2>&1
fi
if [ "$(vncpasswd -o)" = 'none' ]; then
    echo "Authentication=None" >> "$CONFIG_FILE"
    echo "Geometry=1920x1080" >> "$CONFIG_FILE"
    echo "#  Version 1.0:" >> "$CONFIG_FILE"
    echo "#  Created 2024 by Tim Eertmoed, Christian Hampp @ WiS IT-Solutions GmbH, Germany to work on Raspbian as custom PXE init script." >> "$CONFIG_FILE"
    print_status "VNC config set to no authentication with geometry 1920x1080." >> /var/log/install 2>&1
else
    echo "Authentication=VNC" >> "$CONFIG_FILE"
    echo "Geometry=1920x1080" >> "$CONFIG_FILE"
    echo "#  Version 1.0:" >> "$CONFIG_FILE"
    echo "#  Created 2024 by Tim Eertmoed, Christian Hampp @ WiS IT-Solutions GmbH, Germany to work on Raspbian as custom PXE init script." >> "$CONFIG_FILE"
    print_status "VNC password is set. Authentication will be required." >> /var/log/install 2>&1
fi
sudo raspi-config nonint do_vnc 0 >>/var/log/install 2>&1 && print_status "VNC enabled in raspi-config"

echo -e "${RED}→${NC} Creating user 'loginuser'..."
sudo adduser --disabled-password --gecos "" loginuser >>/var/log/install 2>&1 && print_status "User 'loginuser' created"

echo -e "${RED}→${NC} Setting permissions for 'loginuser'..."
sudo tee /etc/sudoers.d/loginuser >/dev/null << 'EOF'
loginuser ALL=(ALL) NOPASSWD: /usr/bin/systemctl start watchdog, /usr/bin/systemctl stop watchdog, /usr/bin/systemctl restart watchdog
loginuser ALL=(ALL) NOPASSWD: /usr/bin/systemctl stop watchdog-monitor
loginuser ALL=(ALL) NOPASSWD: /usr/bin/cat /var/lib/dhcp/*
loginuser ALL=(ALL) NOPASSWD: /usr/bin/cp /etc/watchdog.conf /etc/watchdog.conf.bak
loginuser ALL=(ALL) NOPASSWD: /usr/bin/tee /etc/watchdog.conf, /usr/bin/tee -a /etc/watchdog.conf
loginuser ALL=(ALL) NOPASSWD: /usr/bin/sed -i
loginuser ALL=(ALL) NOPASSWD: /usr/bin/sed -r 's/[x]+/,/g'
loginuser ALL=(ALL) NOPASSWD: /usr/bin/fbset -s
loginuser ALL=(ALL) NOPASSWD: /usr/bin/hostnamectl set-hostname
loginuser ALL=(ALL) NOPASSWD: /usr/sbin/dhclient eth0
loginuser ALL=(ALL) NOPASSWD: /usr/sbin/reboot
EOF
sudo usermod -aG video loginuser >>/var/log/install 2>&1 && print_status "Permissions for 'loginuser' set"

echo -e "${RED}→${NC} Disabling root login..."
sudo tee /etc/ssh/sshd_config >/dev/null << 'EOF'
PermitRootLogin no
EOF
sudo passwd -l root >>/var/log/install 2>&1 && print_status "Root login disabled"

echo -e "${RED}→${NC} Copy requiered files..."
declare -A files=(
    ["/root/rps-client/boot/ro-root.sh"]="/boot/ro-root.sh"
    ["/root/rps-client/boot/firmware/ro-root.sh"]="/boot/firmware/ro-root.sh"
    ["/root/rps-client/etc/dhcp/dhclient.conf"]="/etc/dhcp/dhclient.conf"
    ["/root/rps-client/etc/systemd/system/hostname.service"]="/etc/systemd/system/hostname.service"
    ["/root/rps-client/etc/systemd/system/watchdog-monitor.service"]="/etc/systemd/system/watchdog-monitor.service"
    ["/root/rps-client/etc/systemd/system/chromium-monitor.service"]="/etc/systemd/system/chromium-monitor.service"
    ["/root/rps-client/etc/systemd/system/getty@tty1.service.d/override.conf"]="/etc/systemd/system/getty@tty1.service.d/override.conf"
    ["/root/rps-client/etc/chromium/policies/managed/disable_password_saving.json"]="/etc/chromium/policies/managed/disable_password_saving.json"
    ["/root/rps-client/home/loginuser/.bash_profile"]="/home/loginuser/.bash_profile"
    ["/root/rps-client/home/loginuser/.xinitrc"]="/home/loginuser/.xinitrc"
    ["/root/rps-client/home/wis/.ssh/id_rsa.pub"]="/home/wis/.ssh/id_rsa.pub"
    ["/root/rps-client/root/remove_unused_kernel.sh"]="/root/remove_unused_kernel.sh"
    ["/root/rps-client/root/.vnc/config.d/vncserver-x11"]="/root/.vnc/config.d/vncserver-x11"
    ["/root/rps-client/usr/bin/custom/hostname"]="/usr/bin/custom/hostname"
    ["/root/rps-client/usr/bin/custom/chromium-monitor"]="/usr/bin/custom/chromium-monitor"
    ["/root/rps-client/usr/bin/custom/watchdog-monitor"]="/usr/bin/custom/watchdog-monitor"
)
RSYNC_OPTS="-a --numeric-ids --info=progress2 --no-owner --no-group"
for src in "${!files[@]}"; do
    dst="${files[$src]}"
    echo "Copying $src to $dst..."
    sudo rsync $RSYNC_OPTS "$src" "$dst" >>/var/log/install 2>&1 && print_status "$src copied to $dst"
done
print_status "All files have been successfully copied"

echo -e "${RED}→${NC} Setting file permissions..."
sudo chown loginuser:loginuser -R /home/loginuser >>/var/log/install 2>&1 && print_status "File permissions set"

echo -e "${RED}→${NC} Creating log files..."
sudo touch /var/log/watchdog.log /var/log/chromium-monitor.log /var/log/hostname.log >>/var/log/install 2>&1 && print_status "Log files created"
sudo chown loginuser:loginuser /var/log/watchdog.log /var/log/chromium-monitor.log /var/log/hostname.log >>/var/log/install 2>&1 && print_status "Ownership set for log files"
sudo chmod 777 /var/log/watchdog.log /var/log/chromium-monitor.log /var/log/hostname.log >>/var/log/install 2>&1 && print_status "Permissions set for log files"
sudo chmod +x /usr/bin/custom/* >>/var/log/install 2>&1 && print_status "Permissions set for script files"

echo -e "${RED}→${NC} Enabling services..."
sudo systemctl daemon-reload >>/var/log/install 2>&1 && print_status "Daemon reloaded"
sudo systemctl enable hostname watchdog chromium-monitor vncserver-x11-serviced.service getty@tty1 >>/var/log/install 2>&1 && print_status "Services enabled"
sudo systemctl restart getty@tty1 >>/var/log/install 2>&1 && print_status "getty service restarted"

echo -e "${RED}→${NC} Do you want to clean up unused kernels? (yes/y/ye to proceed):"
read -r clean_kernels
if [[ "$clean_kernels" =~ ^[Yy](e[Ss]?)?$ ]]; then
    echo -e "${RED}→${NC} Cleaning up unused kernels..."
    sudo bash /root/remove_unused_kernel.sh -u -e >>/var/log/install 2>&1 && print_status "Unused kernels cleaned up"
else
    echo -e "${RED}→${NC} Skipping unused kernel cleanup..."
    print_status "Cleanup has been skipped" >> /var/log/install 2>&1
fi

echo -e "${RED}→${NC} Configuring Overlayroot..."
CONFIG_FILE="/etc/overlayroot.conf"
echo 'overlayroot_cfgdisk="disabled"' | sudo tee "$CONFIG_FILE"
echo 'overlayroot=""' | sudo tee -a "$CONFIG_FILE"
read -p "Do you want to activate overlayfs? (y/n): " -r
if [[ $REPLY =~ ^[Yy](e[Ss]?)?$ ]]; then
    echo 'overlayroot="tmpfs:overlayfs"' | sudo tee -a "$CONFIG_FILE"
    sudo raspi-config nonint do_overlayroot 0 >>/var/log/install 2>&1 && print_status "Overlayroot enabled in raspi-config"
    print_status "Overlayroot has been activated." >> /var/log/install 2>&1
else
    echo 'overlayroot=""' | sudo tee -a "$CONFIG_FILE"
    echo -e "${RED}✖${NC} Overlayroot has not been activated." >> /var/log/install 2>&1
fi

echo -e "${RED}→${NC} Cleaning up installer..."
sudo rm -rf ./rps-client >>/var/log/install 2>&1 && print_status "Installer cleaned up"

echo -e "${GREEN}✔${NC} Installation complete. Press any key to reboot..." >> /var/log/install 2>&1
read -n 1 -s
sudo reboot


echo "performance" | sudo tee /sys/devices/system/cpu/cpu0/cpufreq/scaling_governor
sudo systemctl mask sleep.target suspend.target hibernate.target hybrid-sleep.target

# Version 1.2:
# Created 2024 by Tim Eertmoed, Christian Hampp @ WiS IT-Solutions GmbH, Germany to work on Raspian as custom pxe init script.