#!/bin/sh

#
# fixup system configuration for meeting unikl nuk installation policies
#

# source defaults file
if [ -s /etc/default/unikl-nuk-policy ] ; then
	. /etc/default/unikl-nuk-policy
fi

# reference file for timestamps
reffile=/var/lib/dpkg/info/unikl-nuk-policy.postinst

# remove cron-apt config.d from package < 1.2
if [ -s /etc/cron-apt/config.d/local ] ; then
	rm -f /etc/cron-apt/config.d/local
fi

# move sources.list away since we have sources.list.d files included
if [ -s /etc/apt/sources.list ] ; then
	mv /etc/apt/sources.list /etc/apt/sources.list.dpkg-old
fi
# same for preferences
if [ -s /etc/apt/preferences ] ; then
	mv /etc/apt/preferences /etc/apt/preferences.dpkg-old
fi
# same for apt.conf
if [ -s /etc/apt/apt.conf ] ; then
	mv /etc/apt/apt.conf /etc/apt/apt.conf.dpkg-old
fi

# fix locales settings
if [ "`diff -q /usr/share/unikl-nuk-policy/locale.gen /etc/locale.gen`" ] ; then
	cp -af /usr/share/unikl-nuk-policy/locale.gen /etc/locale.gen
fi
DEBIAN_FRONTEND=noninteractive dpkg-reconfigure locales

# fix environment
if [ -r /etc/environment -a ! -s /etc/environment ] ; then
	:> /etc/environment
	touch -r $reffile /etc/environment
fi

# fixup root's .bashrc, .profile and /etc/profile
if [ "`diff -q /etc/skel/.profile /root/.profile`" ] ; then
	cp -af /etc/skel/.profile /root/.profile
fi
if [ "`diff -q /usr/share/base-files/profile /etc/profile`" ] ; then
	cp -af /usr/share/base-files/profile /etc/profile
fi
if [ "`diff -q /usr/share/base-files/dot.bashrc /root/.bashrc`" ] ; then
	cp -af /usr/share/base-files/dot.bashrc /root/.bashrc
fi
test -f /root/.bashrc && sed -f - -i /root/.bashrc <<-EOF 
	/export LS_OPTIONS/ s/^#\s*//
	/eval ..dircolors/ s/^#\s*//
	/alias ls/ s/^#\s*//
	$ a \
	export HISTCONTROL=ignoreboth\nshopt -s checkwinsize\n[ -x /usr/bin/lesspipe ] && eval "\$(lesspipe)"
EOF
touch -r $reffile /root/.bashrc

# fixup kernel-img.conf
if [ "`diff -q /usr/share/unikl-nuk-policy/kernel-img.conf /etc/kernel-img.conf`" ] ; then
	cp -af /usr/share/unikl-nuk-policy/kernel-img.conf /etc/kernel-img.conf
fi

# grub2 text mode
sed -i 's/#GRUB_TERMINAL=console/GRUB_TERMINAL=console/;s/^#GRUB_DISABLE_RECOVERY="true"/GRUB_DISABLE_RECOVERY="true"/;s/^GRUB_CMDLINE_LINUX_DEFAULT=".*/GRUB_CMDLINE_LINUX_DEFAULT="earlyprintk=vga,keep consoleblank=0 fsck.repair=yes"/' /etc/default/grub

# fixup syslog.conf
if [ "$FIXUP_SYSLOG" != "no" -a -s /etc/rsyslog.conf ] ; then
	if [ "`diff -q /usr/share/unikl-nuk-policy/rsyslog.conf /etc/rsyslog.conf`" ] ; then
		cp -af /usr/share/unikl-nuk-policy/rsyslog.conf /etc/rsyslog.conf
	fi
fi

# adduser.conf
sed -i 's/^USERGROUPS=.*/USERGROUPS=no/' /etc/adduser.conf
touch -r $reffile /etc/adduser.conf

# openssh
if [ "$FIXUP_SSH" != "no" ] ; then
	sed -i 's/^#\s*ForwardAgent.*$/    ForwardAgent yes/' /etc/ssh/ssh_config
	sed -i 's/^#\?\s*HashKnownHosts\s\+yes/    HashKnownHosts no/' /etc/ssh/ssh_config
	touch -r $reffile /etc/ssh/ssh_config
	if [ -e /etc/ssh/ssh_host_dsa_key -o -e /etc/ssh/ssh_host_dsa_key.pub ] ; then
		echo 'WARNING: removing SSH DSA host keys (see DSA 1571-1).'
		rm -f /etc/ssh/ssh_host_dsa_key /etc/ssh/ssh_host_dsa_key.pub
	fi
fi

# call local fixup script
if [ -s /etc/unikl-nuk-policy-local.sh ] ; then
	. /etc/unikl-nuk-policy-local.sh
fi

exit 0
