#!/bin/bash

function move_file() {
	[ $# -eq 2 ] || exit 1
	local src=$1 dst=$2

	chown --reference=$dst $src || exit 1 
	chmod --reference=$dst $src || exit 1 
	mv -f $src $dst
}

pushd / >/dev/null

ln -sf /proc/mounts etc/mtab

# Convert system to shadow password files
/usr/sbin/pwconv > /dev/null 2>&1

# Create /etc/inittab
touch etc/inittab

# Disable root login
CFG_FILE=etc/shadow
if [ -f $CFG_FILE ]; then
	sed "s/^root::/root:!:/" $CFG_FILE > ${CFG_FILE}.$$ && \
		move_file ${CFG_FILE}.$$ $CFG_FILE > /dev/null 2>&1
fi

# Fix /etc/rsyslog.conf
CFG_FILE=etc/rsyslog.conf
if [ -f $CFG_FILE ]; then
	sed -e "s,\/dev\/tty10,-/var/log/tty10,g" \
		-e "s,|\/dev\/xconsole,~,g" \
		$CFG_FILE > ${CFG_FILE}.$$ && \
		move_file ${CFG_FILE}.$$ $CFG_FILE > /dev/null 2>&1
fi

# Fix modules.dep
echo "#! /bin/sh
### BEGIN INIT INFO
# Provides:          modules_dep
# Required-Start:
# Required-Stop:
# Default-Start:     2 3 4 5
# Default-Stop:      0 6
# Short-Description: modules.dep creation.
# Description:       Create and destroy modules.dep.
### END INIT INFO

case \"$1\" in
  start|\"\")
	if [ ! -d \"/lib/modules/\`uname -r\`\" ]; then
		mkdir /lib/modules/\`uname -r\`
	fi
	depmod -a >/dev/null 2>&1
	;;
  restart|reload|force-reload)
	echo \"Error: argument '$1' not supported\" >&2
	exit 3
	;;
  stop)
	if [ -d \"/lib/modules/\`uname -r\`\" ]; then
		rm -rf /lib/modules/\`uname -r\`
	fi
	;;
  *)
	echo \"Usage: modules_dep [start|stop]\" >&2
	exit 3
	;;
esac

:

" > etc/init.d/modules_dep

chmod 0755 etc/init.d/modules_dep

# disable all services
if [ -f /sbin/chkconfig ] && [ -f /bin/grep ] && [ -f /bin/sed ] ; then
for i in `LANG=C /sbin/chkconfig --list 2>/dev/null | grep -v "xinetd based services:" | sed -e "s/\([^ ]*\)[ ]*0.*/\1/" -e "s/[\t]\(.*\):.*/\1/" -e "s/^ .*//"`; do
	[ -x etc/init.d/$i ] && /sbin/chkconfig --level 3 $i off > /dev/null 2>&1
done
fi

list="network.service apache2.service sshd.service xinetd.service saslauthd.service postfix.service syslog.service cron.service modules_dep.service"
for i in $list; do
	systemctl enable $i > /dev/null 2>&1
done

# Force quotaon.service
ln -s /usr/lib/systemd/system/quotaon.service etc/systemd/system/default.target.wants/quotaon.service > /dev/null 2>&1

# disable all cron jobs
for i in d hourly daily weekly monthly; do
	chmod a-x /etc/cron.${i}/* > /dev/null 2>&1
done

# fixed cron warnings about non-executable scripts
CFG_FILE=usr/lib/cron/run-crons
if [ -f $CFG_FILE ] ; then
grep "is not executable, .* /dev/null" $CFG_FILE > /dev/null 2>&1 || \
	echo -e ",s#^\(.* is not executable, .*\)#\\\1 > /dev/null#\nwq\n" | \
		ed -s $CFG_FILE > /dev/null 2>&1
fi

# enable logrotate
chmod a+x /etc/cron.daily/logrotate > /dev/null 2>&1

# Optional tuning

# Fix sshd_config 
CFG_FILE=etc/ssh/sshd_config
if [ -f $CFG_FILE ]; then
    sed -e "s/^X11Forwarding yes/X11Forwarding no/" \
        $CFG_FILE > ${CFG_FILE}.$$ && \
		move_file ${CFG_FILE}.$$ $CFG_FILE > /dev/null 2>&1
fi

# apache tuning
CFG_FILE=etc/apache2/server-tuning.conf
if [ -f $CFG_FILE ]; then
    sed -e "s/\tStartServers[[:blank:]]*.*/\tStartServers       1/" \
	-e "s/\tMinSpareServers[[:blank:]]*.*/\tMinSpareServers    1/" \
	-e "s/\tMaxSpareServers[[:blank:]]*.*/\tMaxSpareServers    5/" \
	-e "s/\tServerLimit[[:blank:]]*.*/\tServerLimit       10/" \
	-e "s/\tMaxClients[[:blank:]]*.*/\tMaxClients        10/" \
	-e "s/\tMinSpareThreads[[:blank:]]*.*/\tMinSpareThreads    1/" \
	-e "s/\tMaxSpareThreads[[:blank:]]*.*/\tMaxSpareThreads    4/" \
	$CFG_FILE > ${CFG_FILE}.$$ && \
		move_file ${CFG_FILE}.$$ $CFG_FILE > /dev/null 2>&1
fi

# set saslauthd max child number
CFG_FILE=etc/sysconfig/saslauthd
if [ -f $CFG_FILE ]; then
	sed -e 's/^SASLAUTHD_THREADS=.*/SASLAUTHD_THREADS=2/g' \
	$CFG_FILE > ${CFG_FILE}.$$ && \
		move_file ${CFG_FILE}.$$ $CFG_FILE > /dev/null 2>&1
fi

# Added /dev/console to serure consoles
echo "console" >> /etc/securetty

# Disable tty1 getty
rm -f etc/systemd/system/getty.target.wants/getty@tty1.service > /dev/null 2>&1

# Cleanup /run
rm -rf run/* > /dev/null 2>&1

# Added services to SuSEFirewall2 script
CFG_FILE=etc/sysconfig/SuSEfirewall2
if [ -f $CFG_FILE ]; then
    sed -e "s/^FW_CONFIGURATIONS_EXT=.*/FW_CONFIGURATIONS_EXT=\"sshd apache2 apache2-ssl postfix\"/" \
	$CFG_FILE > ${CFG_FILE}.$$ && \
		move_file ${CFG_FILE}.$$ $CFG_FILE > /dev/null 2>&1
fi

# Create update files for zypper
echo "[repo-oss]
name=openSUSE-42.2-Oss
enabled=1
autorefresh=1
baseurl=http://download.opensuse.org/distribution/leap/42.2/repo/oss/
path=/
type=yast2
keeppackages=0
" > etc/zypp/repos.d/repo-oss.repo

echo "[repo-non-oss]
name=openSUSE-42.2-Non-Oss
enabled=1
autorefresh=1
baseurl=http://download.opensuse.org/distribution/leap/42.2/repo/non-oss/
path=/
type=yast2
keeppackages=0
" > etc/zypp/repos.d/repo-non-oss.repo

echo "[Updates-for-openSUSE-42.2]
name=Updates for openSUSE 42.2
enabled=1
autorefresh=1
baseurl=http://download.opensuse.org/update/leap/42.2/oss/
path=/
type=rpm-md
keeppackages=0
" > etc/zypp/repos.d/Updates-for-openSUSE-42.2.repo

echo "[Non-Oss-Updates-for-openSUSE-42.2]
name=Updates for openSUSE 42.2
enabled=1
autorefresh=1
baseurl=http://download.opensuse.org/update/leap/42.2/non-oss/
path=/
type=rpm-md
keeppackages=0
" > etc/zypp/repos.d/Updates-for-openSUSE-42.2.repo

# Select default systemd target
ln -s /usr/lib/systemd/system/multi-user.target etc/systemd/system/default.target

popd > /dev/null
