#!/bin/bash

set -x

# log all commands
exec > >(tee -a "output.log") 2>&1

# Query first disk, ssd, and select third partition
#MAIN_DISK=$(lsblk -ndo NAME,TYPE | grep 'disk' | grep -vE 'loop|rom' | head -n1)
#if [[ "$MAIN_DISK" == nvme* ]]; then
#    PARTITION="/dev/${MAIN_DISK}p3"
#else
#    PARTITION="/dev/${MAIN_DISK}3"
#fi

apt update && apt upgrade -y && apt install -y sudo curl
usermod -aG sudo shyciii

# Add contrib, non-free
apt install -y software-properties-common
apt-add-repository -y contrib non-free non-free-firmware

# Enable backports for libheif1
echo "deb http://deb.debian.org/debian trixie-backports main" | tee -a /etc/apt/sources.list
apt update

# Sound and bluetooth
apt install -y pulseaudio pavucontrol
#apt install -y pipewire-audio pipewire-pulse wireplumber

# Window management software and add-ons
apt install -y i3lock xautolock xclip rofi dunst libnotify-bin sxhkd polybar acpi yad xdo

# Fonts
apt install -y fonts-font-awesome fonts-dejavu ttf-mscorefonts-installer

# File manager add-ons
apt install -y unrar-free libfuse3-3 ifuse sshfs mediainfo zip unzip zstd 7zip poppler-utils ffmpegthumbnailer xlsx2csv bat catdoc docx2txt jq libimage-exiftool-perl w3m feh

# Other programs
apt install -y imagemagick libreoffice libreoffice-l10n-hu transmission-gtk gnome-calculator mpv rsync grsync btop inxi ffmpeg ncdu zoxide fastfetch fd-find

# For compiles
apt install -y libxft-dev build-essential cmake make pkg-config fontconfig libxinerama-dev libxcb-res0 libimlib2-dev libdbus-1-dev libx11-xcb-dev libxcb-res0-dev libyajl-dev libevent-dev bison ncurses-dev libcurl3-nss libxcb-util-dev libxcb-icccm4-dev libxcb-keysyms1-dev libxcb-ewmh-dev libxcb-randr0-dev libxcb-cursor-dev libxcb-xinerama0-dev automake 

# Others
apt install -y apt-file testdisk duf tealdeer ripgrep xdotool pmount freerdp2-x11 libsecret-tools wmctrl cuetools shntool flac maim eza psmisc dbus-x11 gnome-keyring policykit-1-gnome light heif-gdk-pixbuf bc x11-apps
apt-file update

# Install LocalSend
wget https://github.com/localsend/localsend/releases/download/v1.17.0/LocalSend-1.17.0-linux-x86-64.deb
apt install -y ./LocalSend-1.17.0-linux-x86-64.deb
rm -rfv LocalSend-1.17.0-linux-x86-64.deb

# For Android
# apt install -y adb fastboot

# Install Chrome Browser
cat <<'EOF' > /etc/apt/sources.list.d/google-chrome.list
deb [arch=amd64] http://dl.google.com/linux/chrome/deb/ stable main
EOF
wget -O- https://dl.google.com/linux/linux_signing_key.pub | gpg --dearmor > /etc/apt/trusted.gpg.d/google.gpg
apt update
apt install -y google-chrome-stable

# Mount Data partition and privilege settings
mkdir -p /home/Data
chmod 744 /home/Data
chown shyciii:users /home/Data
#mount "$PARTITION"

# Modify fstab
sed -i 's/errors=remount-ro/defaults,relatime/g' /etc/fstab
sed -i 's/home\/Data      ext4    defaults/home\/Data      ext4    defaults,relatime/g' /etc/fstab
#echo "$PARTITION      /home/Data      ext4     defaults,relatime    0    2" >> /etc/fstab

# Modify grub timeout
sed -i 's/GRUB_TIMEOUT=5/GRUB_TIMEOUT=2/g' /etc/default/grub
sed -i 's/quiet/loglevel=3/g' /etc/default/grub
update-grub

# Create and set swap file
dd if=/dev/zero of=/swapfile bs=1M count=2048 status=progress
chmod 600 /swapfile
mkswap /swapfile
swapon /swapfile
echo "/swapfile     none     swap    sw    0    0" >> /etc/fstab

# Enable BBR network congestion
echo "net.core.default_qdisc = fq" >> /etc/sysctl.d/local.conf
echo "net.ipv4.tcp_congestion_control = bbr" >> /etc/sysctl.d/local.conf

# Other sysctl config
echo "net.core.rmem_max=4194304" >> /etc/sysctl.d/local.conf
echo "net.core.wmem_max=1048576" >> /etc/sysctl.d/local.conf
echo "vm.swappiness=10" >> /etc/sysctl.d/local.conf
echo "vm.vfs_cache_pressure=75" >> /etc/sysctl.d/local.conf
echo "kernel.nmi_watchdog=0" >> /etc/sysctl.d/local.conf
echo "vm.dirty_ratio=5" >> /etc/sysctl.d/local.conf
echo "vm.dirty_background_ratio=3" >> /etc/sysctl.d/local.conf
echo "vm.min_free_kbytes=41943" >> /etc/sysctl.d/local.conf

# Video drivers + graphical interface + keyboard + mouse + Intel processor addons
apt install -y xorg xserver-xorg-video-intel xserver-xorg-core xserver-xorg-input-synaptics xserver-xorg-input-mouse xserver-xorg-input-libinput xserver-xorg-input-kbd xinit xfonts-encodings intel-media-va-driver-non-free

# Intel driver settings
#cat <<'EOF' > /etc/X11/xorg.conf.d/20-intel.conf
#Section "Device"
#    Identifier "Intel Graphics"
#    Driver "intel"
#    Option "TearFree" "true"
#    Option "TripleBuffer" "true"
#EndSection
#EOF

# change log settings
echo "MaxRetentionSec=15day" >> /etc/systemd/journald.conf

# Set notebook's touchpad functions
cat <<'EOF' > /etc/X11/xorg.conf.d/40-libinput.conf
Section "InputClass"
        Identifier "libinput pointer catchall"
        MatchIsPointer "on"
        MatchDevicePath "/dev/input/event*"
        Driver "libinput"
EndSection
Section "InputClass"
        Identifier "libinput keyboard catchall"
        MatchIsKeyboard "on"
        MatchDevicePath "/dev/input/event*"
        Driver "libinput"
EndSection
Section "InputClass"
        Identifier "libinput touchpad catchall"
        MatchIsTouchpad "on"
        Option "Tapping" "on"
        Option "TappingButtonMap" "lmr"
        MatchDevicePath "/dev/input/event*"
        Driver "libinput"
EndSection
Section "InputClass"
        Identifier "libinput touchscreen catchall"
        MatchIsTouchscreen "on"
        MatchDevicePath "/dev/input/event*"
        Driver "libinput"
EndSection
Section "InputClass"
        Identifier "libinput tablet catchall"
        MatchIsTablet "on"
        MatchDevicePath "/dev/input/event*"
        Driver "libinput"
EndSection
EOF

# Set timeout
sed -i 's/#DefaultTimeoutStopSec=90s/DefaultTimeoutStopSec=5s/' /etc/systemd/system.conf

# Set notebook's lid settings
sed -i 's/#HandleLidSwitch=suspend/HandleLidSwitch=ignore/' /etc/systemd/logind.conf
sed -i 's/#HandleLidSwitchExternalPower=suspend/HandleLidSwitchExternalPower=ignore/' /etc/systemd/logind.conf
sed -i 's/#HandleLidSwitchDocked=ignore/HandleLidSwitchDocked=ignore/' /etc/systemd/logind.conf

# Lock screen after sleep
cat <<'EOF' > /etc/systemd/system/suspend@.service
[Unit]
Description=User suspend actions
Before=sleep.target

[Service]
User=shyciii
Type=oneshot
RemainAfterExit=yes
Environment=DISPLAY=:0
ExecStart=/bin/sh -c '/usr/bin/i3lock --color=000000 -i ~/Pictures/Meghan.png'

[Install]
WantedBy=sleep.target
EOF
systemctl daemon-reload
systemctl enable --now suspend@service

# Disable services
systemctl mask suspend-then-hibernate.target hibernate.target hybrid-sleep.target

# Install Fastfetch
#wget https://github.com/fastfetch-cli/fastfetch/releases/download/2.46.0/fastfetch-linux-amd64.deb
#apt install -y ./fastfetch-linux-amd64.deb
#rm -rfv fastfetch-linux-amd64.deb

# Install Oh-my-posh
curl -s https://ohmyposh.dev/install.sh | bash -s -- -d /usr/local/bin

# Install yazi file manager
#wget https://github.com/sxyazi/yazi/releases/download/nightly/yazi-x86_64-unknown-linux-musl.zip
#unzip yazi-x86_64-unknown-linux-musl.zip -d /usr/local/bin/
#rm -v yazi-x86_64-unknown-linux-musl.zip
#mv -v /usr/local/bin/yazi-x86_64-unknown-linux-musl/yazi /usr/local/bin/yazi-x86_64-unknown-linux-musl/ya /usr/local/bin/
#rm -rfv /usr/local/bin/yazi-x86_64-unknown-linux-musl/
#ya pack -a yazi-rs/plugins#full-border
#ya pack -a yazi-rs/plugins#chmod
#ya pack -a yazi-rs/plugins#hide-preview
#ya pack -a yazi-rs/plugins#max-preview
#ya pack -a yazi-rs/plugins#smart-filter
#ya pack -a yazi-rs/plugins#jump-to-char
#ya pack -a dawsers/dual-pane
#ya pack -a dawsers/fuse-archive
#ya pack -a KKV9/compress
#ya pack -a TD-Sky/sudo
#xdg-mime default yazi.desktop inode/directory

# Automount for USB drives
cd /home/Data/Linux/Compile/automount-usb
bash configure.sh
cd -

# Eligibility for a regular user when attaching a fusemount
sed -i 's/#user_allow_other/user_allow_other/' /etc/fuse.conf

# Firewall configuration
cat <<'EOF' > /etc/nftables.conf
#!/usr/sbin/nft -f

flush ruleset

table inet filter {
	chain input {
	      type filter hook input priority 0; policy drop;

	      # accept any localhost traffic
	      iif lo accept

          # Drop invalid connections
          ct state invalid drop

	      # accept traffic originated from us
	      ct state { established, related } accept
	
	      # accept neighbour discovery otherwise IPv6 connectivity breaks
	      icmpv6 type { nd-neighbor-solicit, nd-router-advert, nd-neighbor-advert } accept

          # SMB
          #ip saddr 192.168.0.0/24 tcp dport { 139, 445 } ct state new accept	
		  #ip saddr 192.168.0.0/24 udp dport { 137, 138 }	ct state new accept

          # Localsend
          ip saddr 192.168.0.0/24 tcp dport 53317 ct state new accept
          # Torrent
          ip daddr 192.168.0.0/24 tcp dport 51413 ct state new accept
          ip daddr 192.168.0.0/24 udp dport 51413 ct state new accept
	}
	chain forward {
          type filter hook forward priority 0; policy drop;
	}
	chain output {
          type filter hook output priority 0; policy accept;
	}
}
EOF
systemctl enable --now nftables.service

# Restore own config files
tar -xvf /home/Data/Linux/Backup/home_backup_debian.tar.zst --directory /home/shyciii

chown -R shyciii:users /home/shyciii/

cp -vr /home/shyciii/.config/lf /root/.config/
cp -vr /home/shyciii/.config/micro /root/.config/
cp -vr /home/shyciii/usr/local/bin/* /usr/local/bin
rm -rfv /home/shyciii/usr

# Set default terminal emulator
#update-alternatives --install /usr/bin/x-terminal-emulator x-terminal-emulator /usr/local/bin/st 100
update-alternatives --install /usr/bin/x-terminal-emulator x-terminal-emulator /usr/local/bin/alacritty 100

# Set default text editor
update-alternatives --install /usr/bin/editor editor /usr/local/bin/micro 100

# Set nano config file for root user
#mkdir /root/.config/nano
#cp -v /home/shyciii/.config/nano/nanorc /root/.config/nano

# Trash folder settings
mkdir -p /home/Data/.Trash
chmod a+rw /home/Data/.Trash
chmod +t /home/Data/.Trash

# Install Delta (diff program instead of)
wget https://github.com/dandavison/delta/releases/download/0.18.2/git-delta_0.18.2_amd64.deb
apt install -y ./git-delta_0.18.2_amd64.deb
rm -rfv git-delta_0.18.2_amd64.deb

# Printing
apt install -y cups system-config-printer printer-driver-escpr
usermod -aG lp,lpadmin shyciii
#lpadmin -p EpsonL3060 -E -v socket://192.168.0.105:9100 -m escpr:0/cups/model/epson-inkjet-printer-escpr/Epson-L3060_Series-epson-escpr-en.ppd

# Install SMB
#apt install -y samba cifs-utils
#cat <<'EOF' > /etc/samba/smb.conf
#[global]
#
#   workgroup = WORKGROUP
#   vfs object = fruit streams_xattr
#   fruit:copyfile = yes
#
#[Downloads]
#
#   comment = iphone share
#   path = /home/shyciii/Downloads
#   writable = yes
#   valid users = shyciii
#   guest ok = no
#   browseable = yes
#   create mask = 0644
#   directory mask = 0744
#EOF
#smbpasswd -a shyciii
#echo "shyciii" | sudo smbpasswd -s -a shyciii
#echo "A folyamat végén módosítsd a shyciii smbuser jelszavát!"
#mkdir /home/shyciii/Downloads
#chmod 750 /home/shyciii/Downloads/
#chown shyciii:shyciii /home/shyciii/Downloads/
#systemctl restart smbd.service

# Remove GTK package, because slow down startup GTK programs
apt purge -y xdg-desktop-portal-gtk

# Remove unnecessary programs
apt autoremove --purge -y nano vim-common firebird3.0-common bluez laptop-mode-tools laptop-detect

# Network management
apt install -y network-manager network-manager-gnome network-manager-openvpn network-manager-openvpn-gnome
head -n -5 /etc/network/interfaces > tmp.txt && mv tmp.txt /etc/network/interfaces

# Less boot-up time
systemctl disable NetworkManager-wait-online.service
systemctl mask NetworkManager-wait-online.service

# Turn off Wifi when an ethernet cable is connected
cat <<'EOF' > /etc/NetworkManager/dispatcher.d/70-wifi-wired-exclusive.sh
#!/bin/bash
export LC_ALL=C

enable_disable_wifi ()
{
    result=$(nmcli dev | grep "ethernet" | grep -w "connected")
    if [ -n "$result" ]; then
        nmcli radio wifi off
    else
        nmcli radio wifi on
    fi
}

if [ "$2" = "up" ]; then
    enable_disable_wifi
fi

if [ "$2" = "down" ]; then
    enable_disable_wifi
fi
EOF
chown root:root /etc/NetworkManager/dispatcher.d/70-wifi-wired-exclusive.sh
chmod 744 /etc/NetworkManager/dispatcher.d/70-wifi-wired-exclusive.sh
systemctl restart NetworkManager

# Turn off powersafe on wifi driver
cat <<'EOF' > /etc/NetworkManager/conf.d/wifi-powersave.conf
[connection]
wifi.powersave = 2
EOF

# Custom name resolution
cat <<'EOF' > /etc/NetworkManager/NetworkManager.conf
[main]
plugins=ifupdown,keyfile
dns=none
systemd-resolved=false

[ifupdown]
managed=false
EOF
cat <<'EOF' > /etc/resolv.conf
nameserver 1.1.1.1
nameserver 8.8.8.8
nameserver 8.8.4.4
EOF
chattr +i /etc/resolv.conf

# Default programs under root user
cat <<'EOF' > /root/.bashrc
export VISUAL=micro
export EDITOR=micro
EOF

# Stronger security setting for SSH client
cat <<'EOF' >> /etc/ssh/ssh_config
KexAlgorithms sntrup761x25519-sha512@openssh.com,curve25519-sha256,curve25519-sha256@libssh.org
HostKeyAlgorithms ssh-ed25519-cert-v01@openssh.com,ssh-ed25519
Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com
MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com
EOF

# sudo to add EDITOR environment
sed -i '/env_reset/a Defaults    env_keep += "EDITOR"' /etc/sudoers

# Possibility to restart and shutdown a given user without password
# echo "shyciii ALL=(ALL) NOPASSWD: /sbin/shutdown, /sbin/reboot, /bin/rmdir" >> /etc/sudoers
echo "shyciii ALL=(ALL) NOPASSWD: /bin/rmdir, /usr/bin/umount" >> /etc/sudoers

# Open Gnome keyring automatically on login
sed -i '96s/^/\nauth       optional     pam_gnome_keyring.so\nsession    optional     pam_gnome_keyring.so auto_start\n/' /etc/pam.d/login

#update-desktop-database /home/shciii/.local/share/applications
# Set brightness to 75%
light -S 75

mkdir -p /mnt/sshfs
chown shyciii:shyciii /mnt/sshfs

sysctl --system

rm -rfv /etc/wpa_supplicant.conf /usr/share/applications/btop.desktop /usr/share/applications/org.pulseaudio.pavucontrol.desktop 

set +x

echo "Jelentkezz be a felhasználóddal, és add ki a következő parancsot:"
echo "secret-tool store --label="RDP Password" rdp-server ipcim username felhasznalonev"
#echo "systemctl --user enable pipewire pipewire-pulse wireplumber"