#!/bin/bash

MYDIR=`pwd`
cd / >/dev/null

ln -sf /proc/mounts etc/mtab

# omit syncing for all log files
CFG_FILE=etc/rsyslog.d/50-default.conf
if [ -f $CFG_FILE ]; then
    cat $CFG_FILE | sed "s,[[:blank:]]/var/log/, -/var/log/,g" > ${CFG_FILE}.$$
    if [ $? -eq 0 ]; then
        chown --reference=${CFG_FILE} $CFG_FILE.$$ || exit 1 > /dev/null 2>&1
	chmod --reference=${CFG_FILE} $CFG_FILE.$$ || exit 1 > /dev/null 2>&1
	mv -f $CFG_FILE.$$ ${CFG_FILE} > /dev/null 2>&1
    fi
fi

# Disable klog
CFG_FILE=etc/rsyslog.conf
if [ -f $CFG_FILE ]; then
    cat $CFG_FILE | sed "s,^\$ModLoad imklog,#\$ModLoad imklog,g" > ${CFG_FILE}.$$
    if [ $? -eq 0 ]; then
        chown --reference=${CFG_FILE} $CFG_FILE.$$ || exit 1 > /dev/null 2>&1
	chmod --reference=${CFG_FILE} $CFG_FILE.$$ || exit 1 > /dev/null 2>&1
	mv -f $CFG_FILE.$$ ${CFG_FILE} > /dev/null 2>&1
    fi
fi

# Enable root login
CFG_FILE=etc/ssh/sshd_config
if [ -f $CFG_FILE ]; then
    cat $CFG_FILE | sed "s,^PermitRootLogin.*,PermitRootLogin yes,g" > ${CFG_FILE}.$$
    if [ $? -eq 0 ]; then
        chown --reference=${CFG_FILE} $CFG_FILE.$$ || exit 1 > /dev/null 2>&1
	chmod --reference=${CFG_FILE} $CFG_FILE.$$ || exit 1 > /dev/null 2>&1
	mv -f $CFG_FILE.$$ ${CFG_FILE} > /dev/null 2>&1
    fi
fi

# Convert system to shadow password files
usr/sbin/pwconv

# Fix the udevtrigger
CFG_FILE=etc/init/udevtrigger.conf
if [ -f $CFG_FILE ]; then
    sed -e "s,and not-container,,g" \
	$CFG_FILE > ${CFG_FILE}.$$
	if [ $? -eq 0 ]; then
	        chown --reference=${CFG_FILE} $CFG_FILE.$$ || exit 1 > /dev/null 2>&1
		chmod --reference=${CFG_FILE} $CFG_FILE.$$ || exit 1 > /dev/null 2>&1
		mv -f $CFG_FILE.$$ ${CFG_FILE} > /dev/null 2>&1
	fi
fi

# turn off and stop some services
for i in bind9 quotarpc fetchmail ondemand rsync wide-dhcpv6-client; do
	usr/sbin/update-rc.d -f $i remove > /dev/null 2>&1
	etc/init.d/$i stop > /dev/null 2>&1
done
usr/sbin/update-rc.d -f umountroot remove > /dev/null 2>&1

# for upstart services comment out the start on in confs
for i in nmbd smbd samba-ad-dc rpcbind-boot; do
	if [ -f etc/init/$i.conf ]; then
		echo "manual" > etc/init/$i.override
	fi
done

# export PATH
CFG_FILE=etc/bash.bashrc
if [ -f $CFG_FILE ] ; then
	echo >> $CFG_FILE
	echo "export PATH" >> $CFG_FILE
	echo >> $CFG_FILE
fi


# apache tuning
for worker in mpm_worker mpm_prefork mpm_event; do
	CFG_FILE=etc/apache2/mods-available/$worker.conf
	if [ -f $CFG_FILE ]; then
	    sed -e "s/^[[:blank:]]*StartServers[[:blank:]]*.*/StartServers       1/" \
		-e "s/^[[:blank:]]*MinSpareServers[[:blank:]]*.*/MinSpareServers    1/" \
		-e "s/^[[:blank:]]*MaxSpareServers[[:blank:]]*.*/MaxSpareServers    5/" \
		-e "s/^[[:blank:]]*MaxClients[[:blank:]]*.*/MaxClients        10/" \
		-e "s/^[[:blank:]]*MinSpareThreads[[:blank:]]*.*/MinSpareThreads    1/" \
		-e "s/^[[:blank:]]*MaxSpareThreads[[:blank:]]*.*/MaxSpareThreads    4/" \
		$CFG_FILE > ${CFG_FILE}.$$
		if [ $? -eq 0 ]; then
		        chown --reference=${CFG_FILE} $CFG_FILE.$$ || exit 1 > /dev/null 2>&1
			chmod --reference=${CFG_FILE} $CFG_FILE.$$ || exit 1 > /dev/null 2>&1
			mv -f $CFG_FILE.$$ ${CFG_FILE} > /dev/null 2>&1
	        fi
	fi
done

# and disable root user
/usr/sbin/usermod -L root

# do not execute some cron-jobs by default
for cron_job_dir in etc/cron.daily etc/cron.weekly etc/cron.monthly etc/cron.hourly; do
	for cron_job in `find $cron_job_dir -type f | grep -v "logrotate\|\^."`; do
		mv $cron_job $cron_job.disabled
	done
done

# Fill /etc/apt/sources.list
if [ ! -f etc/apt/sources.list ]; then

cat << EOF > etc/apt/sources.list
deb http://archive.ubuntu.com/ubuntu trusty main restricted universe
deb http://archive.ubuntu.com/ubuntu trusty-updates main restricted universe
deb http://security.ubuntu.com/ubuntu trusty-security main restricted universe multiverse
deb http://archive.canonical.com/ubuntu trusty partner

EOF

fi

# Disable bind9 ifup hook
for i in etc/network/if-down.d/bind9 etc/network/if-up.d/bind9; do
	mv $i $i.disabled
done

# Clean /run
rm -rf /run/*

# Clean logs
for i in `find var/log/ -type f`; do
    echo "" > $i
done

# Remove /dev/log
rm -f dev/log >/dev/null 2>&1

# ssh host keys hack

echo "#!/bin/sh
rm -f etc/ssh/ssh_host_*
/usr/bin/ssh-keygen -t rsa -N '' -f /etc/ssh/ssh_host_rsa_key
/usr/bin/ssh-keygen -t dsa -N '' -f /etc/ssh/ssh_host_dsa_key
/usr/bin/ssh-keygen -t rsa1 -N '' -f /etc/ssh/ssh_host_key
/usr/bin/ssh-keygen -t ecdsa -N '' -f /etc/ssh/ssh_host_ecdsa_key
/usr/bin/ssh-keygen -t ed25519 -N '' -f /etc/ssh/ssh_host_ed25519_key
/usr/sbin/service ssh restart
rm -f /etc/init.d/ssh_key_hack.sh
rm -f /etc/rc2.d/S11sshhack
" > etc/init.d/ssh_key_hack.sh
chmod a+x etc/init.d/ssh_key_hack.sh
ln -s /etc/init.d/ssh_key_hack.sh etc/rc2.d/S11sshhack

# Fix modprobe.conf
touch etc/modprobe.conf

# Fix modules.dep
echo "#!/bin/sh
### BEGIN INIT INFO
# Provides:          modules_dep
# Required-Start:
# Required-Stop:
# Default-Start:     2 3 4 5
# Default-Stop:      0 6
# Short-Description: modules.dep creation.
# Description:       Create and destroy modules.dep.
### END INIT INFO

case \"\$1\" in
  start|\"\")
	if [ ! -d \"/lib/modules/\`uname -r\`\" ]; then
		mkdir -p /lib/modules/\`uname -r\`
	fi
	depmod -a >/dev/null 2>&1
	;;
  restart|reload|force-reload)
	echo \"Error: argument '\$1' not supported\" >&2
	exit 3
	;;
  stop|force-stop)
	if [ -d \"/lib/modules/\`uname -r\`\" ]; then
		rm -rf /lib/modules/\`uname -r\`
	fi
	;;
  *)
	echo \"Usage: modules_dep.sh [start|stop]\" >&2
	exit 3
	;;
esac

:

" > etc/init.d/modules_dep.sh
chmod a+x etc/init.d/modules_dep.sh
/usr/sbin/update-rc.d modules_dep.sh defaults >/dev/null 2>&1

# Create empty /etc/inittab file
touch etc/inittab

# Turn back wide-dhcpv6-client init script and clean default conf file
for i in etc/init.d/wide-dhcpv6-client etc/init/procps.conf etc/init.d/bind9; do
	mv -f $i.dpkg-dist $i
done
# regenerate dhcp6cctlkey if exists
cat > etc/default/wide-dhcpv6-client <<'EOFINITCONFFILE'
# Defaults for dhcpv6 client initscript
# Used by /etc/init.d/wide-dhcpv6-client

# Interfaces on which the client should send DHCPv6 requests and listen to
# answers. If empty, the client is deactivated.
INTERFACES=""
EOFINITCONFFILE

rm -f etc/wide-dhcpv6/dhcp6cctlkey

echo "#!/bin/sh
DHCP6CCTLKEY=/etc/wide-dhcpv6/dhcp6cctlkey

# The key mustn\'t be world readable
umask 066

echo \"Generating \${DHCP6CCTLKEY}...\" >&2
dd if=/dev/random bs=32 count=1 2>/dev/null | \
	uuencode -m \${DHCP6CCTLKEY} | \
	head -n 2 | tail -n 1 > \${DHCP6CCTLKEY}

umask 022
rm -f /etc/init.d/dhcpv6_hack.sh
rm -f /etc/rc2.d/S11dhcpv6hack
"> etc/init.d/dhcpv6_hack.sh
chmod a+x etc/init.d/dhcpv6_hack.sh
ln -s /etc/init.d/dhcpv6_hack.sh etc/rc2.d/S11dhcpv6hack

# saslauthd tuning
CFG_FILE=etc/default/saslauthd
if [ -f $CFG_FILE ]; then
    sed -i -e "s/^THREADS=.*/THREADS=2/" -e "s/^START=.*/START=yes/" \
        $CFG_FILE
fi

# stop postfix and remove sockets
etc/init.d/postfix stop
for postfix_socket in `find var/spool/postfix -type s`; do
	rm -f $postfix_socket
done

apt-key update

# udev static devices support
mkdir -p lib/udev/devices
echo "# udev-static - creates static devices on /dev devtmpfs
#

description    \"create static devices on /dev devtmpfs\"

start on startup

task

exec /bin/cp -ap /lib/udev/devices/* /dev/" > etc/init/udev-static.conf

sed -i 's/start on startup/start on started udev-static/' etc/init/mountall.conf

cd $MYDIR > /dev/null
