#!/bin/bash


echo "Welcome to the CentOS to SME Server script. Are you sure you have at least one ethernet interface before proceeding ? Hit Ctrl+C if unsure, press 'enter' if you are OK to proceed."
read testme

echo "disabling and removing SELinux"
sed -i -e 's/rhgb quiet/selinux=0/g' /boot/grub2/grub.cfg
sed -i -e 's/^SELINUX=.*/SELINUX=disabled/g' /etc/selinux/config
setenforce 0
yum remove selinux-policy-targeted -y 1>/dev/null

echo "##########################################################################"
echo "setting yum repo for SME Server"
mkdir -p /tmp/repo.bak
mv /etc/yum.repos.d/*.repo /tmp/repo.bak/
cp /etc/yum.prosmerepos.d/* /etc/yum.repos.d/

echo "##########################################################################"
echo "importing rpm gpg keys"
#yum install wget -y 1>/dev/null
for i in $( ls /usr/share/doc/smeserver-centos2sme/keys ); do
	rpm --import /usr/share/doc/smeserver-centos2sme/keys/$i
done

echo "##########################################################################"
echo "cleaning yum cache"
yum --enablerepo=* clean all 1>/dev/null

#echo "##########################################################################"
#echo "Removing dhcp-common"
# from https://forums.contribs.org/index.php/topic,53304.msg276453/topicseen.html#msg276453
# Stefano found deps issues
#rpm -e --nodeps dhcp-common

echo "##########################################################################"
echo "yum upgrade to install last updates, this may take a while, output is hidden unless there is an error, be patient:"
#echo "****log noise is expected about modified RPMDB outside of yum. and missing dhcp-common. That is expected.****"
yum upgrade -y 1>/dev/null

# they might have come back with upgrade...
rm /etc/yum.repos.d/CentOS*.repo -rf

echo "##########################################################################"
echo "cleaning rpm not necessary or possibly conflicting: postfix, sendmail"
yum remove sendmail postfix -y 1>/dev/null

# would make a test here to check if initscript was updated or not ...
echo "##########################################################################"
echo "yum groupinstall, installing SME Server ... this may take a while:"
yum --disablerepo=* --enablerepo=smeos,smeupdates groupinstall base -y

echo "##########################################################################"
echo "add missing rpms, in case "
yum install net-tools bind-utils vim-common vim-enhanced vim-filesystem wget yum-plugin-changelog wodim yum-cron zip traceroute tokyocabinet tmpwatch time telnet tdb-tools tcpdump sysfsutils syslinux strace setserial  rsync rp-pppoe  redhat-rpm-config unzip urlview usbutils usermode at bc  boost-iostreams boost-random bzip2 cyrus-sasl cyrus-sasl-md5 device-mapper-multipath device-mapper-multipath-libs dwz ed elfutils fetchmail ftp gdb glib hdparm hesiod iptraf-ng iptstate iscsi-initiator-utils iscsi-initiator-utils-iscsiuio  isdn4k-util librados2 lm_sensors lockdev logwatch lrzsz lsof mhash minicom mkbootdisk mlocate mtools mt-st mutt OpenIPMI OpenIPMI-libs OpenIPMI-modalias patch perl-srpm-macros perl-Sys-CPU perl-Sys-MemInfo perl-Thread-Queue psmisc  python-dateutil python-srpm-macros redhat-rpm-config rpm-build isdn4k-utils qmail -y 1>/dev/null

echo "##########################################################################"
echo "removing unwanted rpm, in case "
yum remove snappy selinux-policy wpa_supplicant virt-what tuned centos-logos chrony dracut-config-rescue dracut-network ebtables ethtool expect firewalld firewalld-filesystem fxload gobject-introspection iprutils ipset ipset-libs polkit-pkla-compat -y 1>/dev/null

# check 
if [[ -f /sbin/e-smith/console ]]; then
	echo "... all seems good untill now"
else
	echo "... exiting something is missing, try again yum --disablerepo=* --enablerepo=smeos,smeupdates groupinstall base -y"
	exit 1
fi

echo "##########################################################################"
echo "yum upgrade"
yum upgrade -y 1>/dev/null

echo "##########################################################################"
echo "starting runit, so we can run a few services"
/etc/runit/2 &

echo "##########################################################################"
echo "cleaning /var/service/"
find /var/service/ -type f -iname control -exec rm {} \;

echo "##########################################################################"
echo "start syslog"
#/etc/init.d/rsyslog start
/usr/bin/systemctl restart rsyslog

echo "##########################################################################"
echo "running post-install event for SME..."
echo "but before, we unlink the S10init-passwords action"
unlink  /etc/e-smith/events/post-install/S10init-passwords
/sbin/e-smith/signal-event post-install

echo "##########################################################################"
echo "set admin password as set"
#need syslog to work. so just in case
#/etc/init.d/rsyslog restart
/usr/bin/systemctl restart rsyslog
/sbin/e-smith/db accounts setprop admin PasswordSet yes
/sbin/e-smith/db configuration set PasswordSet yes
/sbin/e-smith/db configuration setprop bootstrap-console Restore disabled

echo "... as we copy your current root password as admin password"
# here copy root password to admin user !!!
grep $USER /etc/shadow | cut -f 2 -d ':'>/tmp/encrypted
usermod -p $(cat /tmp/encrypted) admin
rm /tmp/encrypted -f
# to test, there is chances it is salted, alternatively
# echo "Please give now the password for the created admin user :"
# passwd admin

echo "##########################################################################"
echo "Cleaning /service subfolders"
find /var/service/ -type f -iname control -exec rm {} \;

echo "##########################################################################"
echo "force quota check"
touch /forcequotacheck

#start rsyslogd service in case , as console needs it to run...
#/etc/init.d/rsyslog restart
/usr/bin/systemctl restart rsyslog.service

echo "##########################################################################"
echo "now time to configure your server using the SME Server console"
# maybe improve here to launch the configure this server directly
#/sbin/e-smith/console
/usr/bin/perl -Mesmith::console -Mesmith::console::configure -e "esmith::console::configure->new->doit(esmith::console->new,esmith::ConfigDB->open)"

echo "##########################################################################"
echo "set SSHD to accept root login with rsa key"
/sbin/e-smith/db configuration setprop  sshd status enabled PermitRootLogin yes access public
/sbin/e-smith/expand-template /etc/ssh/ssh_config
/sbin/e-smith/expand-template /etc/ssh/sshd_config
/usr/bin/systemctl restart sshd.service
# a sshd reload does not regenerate the keys and failed
# doing one after to do the rest (masq etc.)
/sbin/e-smith/signal-event  remoteaccess-update

echo "##########################################################################"
echo "Enable access to server-manager to the following IPs:"
echo "Please type IP.IP.IP.IP/255.255.255.255,IP2.IP2.IP2.IP2/255.255.255.255  to allow access to the manager from the desired IP. Leave blank if you do want to have access to the manager from outside the lan. Fill with 0.0.0.0/0.0.0.0 if you live on the edge!"
read validfrom
if [ ! -z "$validfrom" ]; then
	/sbin/e-smith/db configuration setprop httpd-admin ValidFrom  $validfrom
	/sbin/e-smith/signal-event post-upgrade
else
	echo "nothing to do"
fi


echo "##########################################################################"
echo "Last cleaning:"
# last tidying
find /var/service/ -type f -iname control -exec rm {} \;
yum remove NetworkManager-libnm libteam teamd  python-configobj  parted python-decorator  python-linux-procf python-perf  python-pyude python-schedutils python-slip python-slip-dbu  mozjs17 microcode_ctl  -y


# just in case before reboot
/sbin/e-smith/db configuration set PasswordSet yes
/sbin/e-smith/db configuration setprop bootstrap-console Restore disabled


echo "##########################################################################"
echo "you just have to issue a '/sbin/e-smith/signal-event reboot'; or simply 'reboot' and enjoy your SME"
echo "But before that, are you sure you have added a working SSH key to ~/.ssh/authorized_keys ?"
echo "##########################################################################"