#!/bin/bash

# Failsafe minimal text-mode firstboot

# Welcome

if [ "x$1" = "x--help" ]; then
    echo "Failsafe minimal text-mode firstboot"
    echo "For unattended mode use: $0 <username> <userpass> <vm-creation-option-number>"
    exit 0
fi

echo "########################################################"
echo "    Welcome to `cat /etc/qubes-release`"
echo "########################################################"
echo
echo "This is failsafe text-mode firstboot. If you see this message, you have"
echo "some problem with Xorg (most probably video driver)"
echo
echo "Anyway, some basic setup is needed to continue:"

# User creation

echo
echo "1. Setup user account"
exists=0
user=$1
while [ -z "$user" ]; do
    echo -n "Enter desired username (may already exist): "
    read user
    if echo "$user" | grep -q "[^a-z0-9]"; then
        echo "ERROR: Invalid characters in username, try again"
        user=
    elif id $user > /dev/null 2>&1; then
        if [ $(id -u ${user}) -ge 1000 ] && id -n -G ${user} | grep -q qubes; then
            echo "OK: Using an existing user: \"${user}\""
            exists=1
            break
        fi
        echo "ERROR: This user already exists or is not suitable. Please try again"
        user=
    else
        break
    fi
done

if [ ${exists} -eq 0 ]; then
    useradd -G qubes -m "$user" || exit 1
    if [ -n "$2" ]; then
        echo -e "$2\n$2" | passwd --stdin "$user"
    else
        while ! passwd "$user"; do true; done
    fi
fi

# Create default VMs

echo
echo "2. Create default VMs"
echo
echo "Choose one option:"
echo "  1. Create default service VMs, and pre-defined AppVMs (personal, work, untrusted, vault)"
echo "  2. Just create default service VMs"
echo "  3. Do not create any VMs right now, but configure template(s)"
echo "  4. Do not do anything (not recommended, for advanced users only)"
vms_option=$3
while true; do
    if [ -z "$vms_option" ]; then
        echo -n "Enter your choice (1/2/3/4): "
        read vms_option
    fi
    if [ "$vms_option" == "1" ]; then
        vms_template=yes
        vms_service=yes
        vms_app=yes
        break
    elif [ "$vms_option" == "2" ]; then
        vms_template=yes
        vms_service=yes
        break
    elif [ "$vms_option" == "3" ]; then
        vms_template=yes
        break
    elif [ "$vms_option" == "4" ]; then
        break
    else
        echo "ERROR: Invalid choice, try again"
        vms_option=
    fi
done

set -e

for service in rdisc kdump libvirt-guests salt-minion; do
    systemctl disable ${service}.service || :
    systemctl stop    ${service}.service || :
done

if [ "$vms_template" == "yes" ]; then
    for template in `ls /var/lib/qubes/vm-templates`; do
        echo "-> Configuring template $template..."
        qvm-start --no-guid $template
        su -g "qubes" -c "qvm-sync-appmenus $template" - $user
        qvm-shutdown --wait $template
    done

    qubes-prefs --set default-template 'fedora-23'
fi

if [ "$vms_service" == "yes" -o "$vms_app" == "yes" ]; then
    echo "-> Configuring Qubes OS management framework..."

    if test -e /var/log/salt/minion; then
        mv /var/log/salt/minion /var/log/salt/minion.install || :
    fi

    qubesctl saltutil.clear_cache -l quiet --out quiet
    qubesctl saltutil.sync_all -l quiet --out quiet
fi

states=()

if [ "$vms_service" == "yes" ]; then
    states=("${states[@]}" qvm.sys-net qvm.sys-firewall)
fi

if [ "$vms_app" == "yes" ]; then
    states=("${states[@]}" qvm.personal qvm.work qvm.untrusted qvm.vault)
fi

if [ "$vms_service" == "yes" -o "$vms_app" == "yes" ]; then
    for state in "${states[@]}"; do
        echo "-> Requesting creation of VM: ${state#qvm.}"
        qubesctl top.enable "${state}" -l quiet --out quiet
    done

    echo "-> Creating VMs"
    qubesctl "state.highstate"
fi

if [ "$vms_service" == "yes" ]; then
    echo "--> Configuring service VMs"
    default_netvm="sys-net"
    default_firewallvm="sys-firewall"

    su -g "qubes" -c "qvm-prefs   --set ${default_firewallvm} netvm ${default_netvm}" - $user
    su -g "qubes" -c "qubes-prefs --set default-netvm  ${default_firewallvm}" - $user
    su -g "qubes" -c "qubes-prefs --set updatevm ${default_firewallvm}" - $user
    su -g "qubes" -c "qubes-prefs --set clockvm ${default_netvm}" - $user

    echo "-> Starting network..."
    service qubes-netvm start

    # DispVM creation fails with the following error message, most likely due to missing $DISPLAY:
    #   "Cannot start qubes-guid!"
    #echo "-> Creating DispVM savefile (can take long time)..."
    #su -g "qubes" -c "/usr/bin/qvm-create-default-dvm --default-template --default-script" - $user || :
fi

echo "-> Done."
