#!/usr/bin/bash

# called by dracut
check() {
	local _fs

	# if cryptsetup is not installed, then we cannot support encrypted devices.
	require_binaries cryptsetup || return 1

	# hostonly mode check
	[[ $hostonly ]] && {
		for _fs in "${host_fs_types[@]}"; do
			# include when a crypto_LUKS fs is present
			[[ $_fs = "crypto_LUKS" ]] && return 0
		done

		# include if required by other module
		return 255
	}

	# include by default
	return 0
}

# called by dracut
depends() {
	# depend on crypt for /etc/crypttab
	# depend on systemd-networkd for rd.neednet=1
	echo crypt systemd-networkd

	return 0
}

# called by dracut
cmdline() {
	local _fs

	for _fs in "${host_fs_types[@]}"; do
		if [[ "$_fs" == "crypto_LUKS" ]]; then
			#XXX we used to include ip=dhcp as well (replaced by systemd-networkd configuration)
			printf "%s" " rd.neednet=1"
			break
		fi
	done
}

# called by dracut
install() {
	local _ihttpdconf=$(cmdline)

	#XXX: rd.neednet=1 is mandatory to have active network in initrd
	[[ $_ihttpdconf ]] && printf "%s\n" "$_ihttpdconf" >> "${initdir}/etc/cmdline.d/99ihttpd.conf"

	# Install required dirs
	inst_dir \
		/etc/pki/tls/certs \
		/etc/pki/tls/private \
		/etc/systemd/network \
		$systemdsystemunitdir/ihttpd.service.wants \
		$systemdsystemunitdir/sysinit.target.wants \
		/var/www/html

	# Install all files
	#XXX: force cryptsetup install until systemd-cryptsetup implement a method that don't rely on password ending with \0
	inst_multiple \
		/etc/hosts \
		/etc/localtime \
		/etc/mime.types \
		/etc/nsswitch.conf \
		/etc/pki/tls/certs/ihttpd.pem \
		/etc/pki/tls/private/ihttpd.pem \
		$systemdsystemunitdir/systemd-networkd.service \
		'/sbin/cryptsetup' \
		'/usr/bin/false' \
		'/usr/bin/reboot' \
		'/usr/sbin/ihttpd'

	# Install favicon
	inst_simple -o /var/www/html/favicon.ico

	# Include all ihttpd deps
	inst_libdir_file \
		"ld-linux-*.so.*" \
		"libapr-1.so.*" \
		"libaprutil-1.so.*" \
		"libcrypto.so.*" \
		"libcrypt.so.*" \
		"libc.so.*" \
		"libdb-*.so" \
		"libdl.so.*" \
		"libexpat.so.*" \
		"libnsl.so.*" \
		"libpcre.so.*" \
		"libpthread.so.*" \
		"libresolv.so.*" \
		"librt.so.*" \
		"libuuid.so.*" \
		"libz.so.*" \
		"libnss_files.so.*" \
		"libnss_dns.so.*" \
		"libnss_myhostname.so.*" \
		{"tls/$_arch/",tls/,"$_arch/",}"libssl.so.*" 

	# Install ihttpd.conf index.bin reboot.bin ihttpd.service
	for nc in /etc/ihttpd.conf /var/www/html/index.bin /var/www/html/reboot.bin $systemdsystemunitdir/ihttpd.service; do
		inst_simple /usr/lib/ihttpd/${nc##*/} $nc
	done

	# Force load of ihttpd.service
	ln -fs ../ihttpd.service $initdir$systemdsystemunitdir/sysinit.target.wants/

	# Copy systemd-networkd config
	for nc in `ls /etc/systemd/network/`; do
		inst_simple /etc/systemd/network/$nc
	done

	# Install resolv.conf as symlink
	grep -vE '^($|#|nameserver 127.0.0.1|nameserver ::1)' /etc/resolv.conf > $initdir/etc/resolv.conf

	# Install in ihttpd.service.wants
	ln -fs \
		../systemd-networkd.service \
		$initdir$systemdsystemunitdir/ihttpd.service.wants/

	# Cleanup nsswitch.conf
	perl -pne 'undef $_ if /^(?:#|$)/;s/compat/files/;s/ ?(?:nis|wins|mdns4_minimal |mdns4)( )?/\1/g' \
		-i "$initdir/etc/nsswitch.conf"

	# Require root user and group for our ihttpd process
	`egrep -q '^root:' $initdir/etc/group` || egrep '^root:' /etc/group >> "$initdir/etc/group"
	`egrep -q '^root:' $initdir/etc/passwd` || egrep '^root:' /etc/passwd >> "$initdir/etc/passwd"

	# For debug only
	if false; then
		# Install ihttpd log
		ln -fs ../../../run/ihttpd/log/{http,https,child.{askpassword,ihttpd},error}.log $initdir/var/www/html/

		# Install sshd dirs
		inst_dir \
			/etc/pam.d \
			/etc/profile.d \
			/etc/security \
			/etc/ssh \
			/etc/sysconfig \
			$systemdsystemunitdir/basic.target.wants \
			$systemdsystemunitdir/emergency.target.wants \
			$systemdsystemunitdir/rescue.target.wants \
			/usr/lib64/security \
			/usr/share/terminfo/x \
			/var/empty

		# Install sshd files
		inst_multiple \
			/etc/bashrc \
			/etc/environment \
			/etc/gshadow \
			/etc/pam.d/sshd \
			/etc/pam.d/system-auth \
			/etc/profile.d/*.sh \
			/etc/security/limits.conf \
			/etc/security/pam_env.conf \
			/etc/shadow \
			/etc/ssh/denyusers \
			/etc/ssh/moduli \
			/etc/ssh/ssh_config \
			/etc/ssh/sshd_config \
			/etc/ssh/ssh_host_* \
			/root/.bash_profile \
			/root/.bashrc \
			/usr/bin/cat \
			/usr/bin/id \
			'/usr/bin/kill' \
			/usr/bin/ps \
			/usr/lib64/security/pam_cracklib.so \
			/usr/lib64/security/pam_deny.so \
			/usr/lib64/security/pam_env.so \
			/usr/lib64/security/pam_keyinit.so \
			/usr/lib64/security/pam_limits.so \
			/usr/lib64/security/pam_listfile.so \
			/usr/lib64/security/pam_nologin.so \
			/usr/lib64/security/pam_succeed_if.so \
			/usr/lib64/security/pam_systemd.so \
			/usr/lib64/security/pam_tcb.so \
			/usr/sbin/sshd \
			/usr/share/terminfo/x/*

		# Disable pam
		#perl -pne 's%^UsePAM yes$%UsePAM no%;s%^PermitRootLogin .*$%PermitRootLogin yes%' -i "$initdir/etc/ssh/sshd_config"
		perl -pne 's%^PermitRootLogin .*$%PermitRootLogin yes%' -i "$initdir/etc/ssh/sshd_config"

		# Install debug sshd service
		inst_simple /usr/lib/ihttpd/debug-sshd.service $initdir$systemdsystemunitdir/debug-sshd.service

		# Install in sysinit.target.wants
		ln -fs ../debug-sshd.service $initdir$systemdsystemunitdir/sysinit.target.wants/

		# Install sshd user and group
		`grep -Eq '^sshd:' $initdir/etc/passwd` || grep -E '^sshd:' /etc/passwd >> "$initdir/etc/passwd"
		`grep -Eq '^sshd:' $initdir/etc/group` || grep -E '^sshd:' /etc/group >> "$initdir/etc/group"
	fi
}