#!/bin/sh

#
# fixup system configuration for meeting unikl nuk installation policies
#

# source defaults file
if [ -s /etc/default/unikl-nuk-policy ] ; then
	. /etc/default/unikl-nuk-policy
fi

# reference file for timestamps
reffile=/var/lib/dpkg/info/unikl-nuk-policy.postinst

# remove cron-apt config.d from package < 1.2
if [ -s /etc/cron-apt/config.d/local ] ; then
	rm -f /etc/cron-apt/config.d/local
fi

# move sources.list away since we have sources.list.d files included
if [ -s /etc/apt/sources.list ] ; then
	mv /etc/apt/sources.list /etc/apt/sources.list.dpkg-old
fi
# same for preferences
if [ -s /etc/apt/preferences ] ; then
	mv /etc/apt/preferences /etc/apt/preferences.dpkg-old
fi
# same for apt.conf
if [ -s /etc/apt/apt.conf ] ; then
	mv /etc/apt/apt.conf /etc/apt/apt.conf.dpkg-old
fi

# fix locales settings
if [ "`diff -q /usr/share/unikl-nuk-policy/locale.gen /etc/locale.gen`" ] ; then
	cp -af /usr/share/unikl-nuk-policy/locale.gen /etc/locale.gen
fi
echo 'locales locales/locales_to_be_generated select de_DE ISO-8859-1, de_DE.UTF-8 UTF-8, de_DE@euro ISO-8859-15, en_US ISO-8859-1, en_US.ISO-8859-15 ISO-8859-15, en_US.UTF-8 UTF-8, ja_JP.UTF-8 UTF-8' | debconf-set-selections
DEBIAN_FRONTEND=noninteractive dpkg-reconfigure locales
if [ -r /etc/environment -a ! -s /etc/environment ] ; then
	:> /etc/environment
	touch -r $reffile /etc/environment
fi

# fixup root's .bashrc, .profile and /etc/profile
if [ "`diff -q /etc/skel/.profile /root/.profile`" ] ; then
	cp -af /etc/skel/.profile /root/.profile
fi
if [ "`diff -q /usr/share/base-files/profile /etc/profile`" ] ; then
	cp -af /usr/share/base-files/profile /etc/profile
fi
if [ "`diff -q /usr/share/base-files/dot.bashrc /root/.bashrc`" ] ; then
	cp -af /usr/share/base-files/dot.bashrc /root/.bashrc
fi
test -f /root/.bashrc && cat <<-EOF | sed -f - -i /root/.bashrc
	/export LS_OPTIONS/ s/^#\s*//
	/eval ..dircolors/ s/^#\s*//
	/alias ls/ s/^#\s*//
	/alias ll/ s/^#\s*//
	$ a \
	export HISTCONTROL=ignoredups\nshopt -s checkwinsize\n[ -x /usr/bin/lesspipe ] && eval "\$(lesspipe)"
EOF
touch -r $reffile /root/.bashrc

# fixup maint's .bashrc
test -f ~maint/.bashrc && cat <<-EOF | sed -f - -i ~maint/.bashrc
	/alias ls/ s/^#//
	/^xterm-color)/,/;;/ s/^/#/
	/^xterm\*|rxvt\*)/,/;;/ s/^/#/
EOF
test -f ~maint/.bashrc && touch -r $reffile ~maint/.bashrc

# fixup ntp configuration
if [ "$FIXUP_NTP" != "no" ] ; then
	if [ "`diff -q /usr/share/unikl-nuk-policy/ntp.conf /etc/ntp.conf`" ] ; then
		cp -af /usr/share/unikl-nuk-policy/ntp.conf /etc/ntp.conf
	fi
fi

# fixup kernel-img.conf
if [ "`diff -q /usr/share/unikl-nuk-policy/kernel-img.conf /etc/kernel-img.conf`" ] ; then
	cp -af /usr/share/unikl-nuk-policy/kernel-img.conf /etc/kernel-img.conf
fi
# but drop inst hooks on sparc systems
if [ "`uname -r | fgrep sparc`" ] ; then
	sed -i '/^post.*_hook/d' /etc/kernel-img.conf
	touch -r /usr/share/unikl-nuk-policy/kernel-img.conf /etc/kernel-img.conf
fi
# grub2 text mode
sed -i 's/#GRUB_TERMINAL=console/GRUB_TERMINAL=console/;s/^#GRUB_DISABLE_LINUX_RECOVERY="true"/GRUB_DISABLE_LINUX_RECOVERY="true"/;s/^GRUB_CMDLINE_LINUX_DEFAULT="quiet"/GRUB_CMDLINE_LINUX_DEFAULT=""/' /etc/default/grub

# fixup syslog.conf
if [ "$FIXUP_SYSLOG" != "no" -a -s /etc/rsyslog.conf ] ; then
	if [ "`diff -q /usr/share/unikl-nuk-policy/rsyslog.conf /etc/rsyslog.conf`" ] ; then
		cp -af /usr/share/unikl-nuk-policy/rsyslog.conf /etc/rsyslog.conf
	fi
fi

# fixup fsck / bootlog
sed -i 's/^FSCKFIX=.*/FSCKFIX=yes/;s/^VERBOSE=.*/VERBOSE=yes/' /etc/default/rcS
touch -r $reffile /etc/default/rcS

# adduser.conf
sed -i 's/^USERGROUPS=.*/USERGROUPS=no/' /etc/adduser.conf
touch -r $reffile /etc/adduser.conf

# openssh
if [ "$FIXUP_SSH" != "no" ] ; then
	sed -i 's/^#\s*ForwardAgent.*$/    ForwardAgent yes/' /etc/ssh/ssh_config
	sed -i 's/^#\?\s*HashKnownHosts\s\+yes/    HashKnownHosts no/' /etc/ssh/ssh_config
	touch -r $reffile /etc/ssh/ssh_config
	cp -af /usr/share/unikl-nuk-policy/sshd_config /etc/ssh/sshd_config
	if [ -e /etc/ssh/ssh_host_dsa_key -o -e /etc/ssh/ssh_host_dsa_key.pub ] ; then
		echo 'WARNING: removing SSH DSA host keys (see DSA 1571-1).'
		rm -f /etc/ssh/ssh_host_dsa_key /etc/ssh/ssh_host_dsa_key.pub
	fi
fi

# login.defs
sed -i 's/^#\?\s*ENCRYPT_METHOD\s\+.*$/ENCRYPT_METHOD SHA512/' /etc/login.defs
touch -r $reffile /etc/login.defs

# vimrc
sed -i 's/^"syntax on.*$/syntax on/;s/^"set background=dark.*$/set background=dark/' /etc/vim/vimrc
touch -r $reffile /etc/vim/vimrc

# call local fixup script
if [ -s /etc/unikl-nuk-policy-local.sh ] ; then
	. /etc/unikl-nuk-policy-local.sh
fi

exit 0
