#!/bin/bash

######################
PSW=1 # setup password
######################

set -e

if [ $(id -u) -ne 0 ]
then
  sudo $(readlink -e $0)
  exit
fi

#####################################
APP=zmb-setup    # magic application
ZMB=/opt/zmb     # run under the root
KEY=$ZMB/.ssh/id_rsa.pub
RPM=$ZMB/www/os/x86_64
IMG=$ZMB/www/setup/$(basename $0).img
TMP=$(mktemp --directory $IMG.XXX)
#####################################
#
# OSTree building
#
source /etc/os-release
dnf --installroot $TMP \
    --assumeyes \
    --nodocs \
    --noplugins \
    --nogpgcheck \
    --setopt install_weak_deps=false \
    --releasever $VERSION_ID \
    --setopt=module_platform_id=$PLATFORM_ID \
    --setopt reposdir=/dev/null \
    --repofrompath $(basename $0),$RPM \
    install e2fsprogs kernel-core microdnf NetworkManager openssh-server

ln -sfvT usr/lib/systemd/systemd $TMP/init

#
# OSTree tuning
#
rm -rf \
    $TMP/boot \
    $TMP/dev/* \
    $TMP/etc/issue* \
    $TMP/etc/pki \
    $TMP/etc/services \
    $TMP/etc/systemd/system/* \
    $TMP/etc/systemd/user/* \
    $TMP/etc/yum.repos.d \
    $TMP/run/* \
    $TMP/usr/lib/dracut \
    $TMP/usr/lib/firmware \
    $TMP/usr/lib/locale \
    $TMP/usr/lib64/gconv \
    $TMP/usr/share/bash-completion \
    $TMP/usr/share/cracklib \
    $TMP/usr/share/crypto-policies \
    $TMP/usr/share/gnupg \
    $TMP/usr/share/hwdata \
    $TMP/usr/share/licenses \
    $TMP/usr/share/locale \
    $TMP/usr/share/misc \
    $TMP/usr/share/pki \
    $TMP/usr/share/python* \
    $TMP/usr/share/zoneinfo \
    $TMP/var/cache/dnf \
    $TMP/var/lib/dnf \
    $TMP/var/lib/rpm \
    $TMP/var/log/*.log \
    $TMP/var/log/journal

install -vDT -m 0600 $KEY $TMP/root/.ssh/authorized_keys
install -vDT -m 0755 $(readlink -m $0):1 $TMP/opt/$APP/$APP
install -vDT -m 0644 $(readlink -m $0):2 $TMP/opt/$APP/$APP:2

mkdir -pv $TMP/etc/systemd/system/getty@.service.d
cat   >   $TMP/etc/systemd/system/getty@.service.d/override.conf << EOF
[Service]
ExecStartPre=-/usr/bin/dmesg --console-off
ExecStart=
ExecStart=-/sbin/agetty --autologin adm %I \$TERM
EOF

usermod --root $TMP --shell /opt/$APP/$APP adm
echo "root:$PSW" | chpasswd --root $TMP

sed -i "s/^PermitRootLogin .*/PermitRootLogin without-password/gI" $TMP/etc/ssh/sshd_config
sed -i "s/.*ForwardToWall=.*/ForwardToWall=no/g"                   $TMP/etc/systemd/journald.conf

systemctl --root=$TMP enable getty@ NetworkManager sshd
systemctl --root=$TMP set-default multi-user.target

#
# vmlinuz
#
find $TMP/usr/lib/modules -name vmlinuz -exec mv -fv {} $TMP/.. \;

########
exit #
########

#
# initrd
#
cd $TMP
find . | cpio -cov | gzip --best > $IMG
cd ..

chmod -v 0644 vmlinuz $IMG
chown -v $(stat -c %U:%G $KEY) vmlinuz $IMG
du -h vmlinuz $(basename $IMG)

#
# The End
#
rm -rf $TMP
echo "OK"