#!/usr/bin/env bash
#
# Copyright (c) 2024 YunoHost Contributors
#
# This file is part of YunoHost (see https://yunohost.org)
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as
# published by the Free Software Foundation, either version 3 of the
# License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#

# Fetch x509 fingerprint
x509_fingerprint=$(openssl x509 -in /etc/yunohost/certs/yunohost.org/crt.pem -noout -fingerprint -sha256 | cut -d= -f2)


# Fetch SSH fingerprints
i=0
for keyfile in /etc/ssh/ssh_host_{ed25519,rsa,ecdsa}_key.pub; do
    if [ ! -f "$keyfile" ]; then
        continue
    fi
    output=$(ssh-keygen -l -f "$keyfile")
    fingerprint[i]=" - $(echo "$output" | cut -d' ' -f2) $(echo "$output" | cut -d' ' -f4)"
    i=$((i + 1))
done

#
# Build the logo
#

LOGO=$(cat << 'EOF'
  __   __  __   __  __    _  _______  __   __  _______  _______  _______
 |  | |  ||  | |  ||  |  | ||       ||  | |  ||       ||       ||       |
 |  |_|  ||  | |  ||   |_| ||   _   ||  |_|  ||   _   ||  _____||_     _|
 |       ||  |_|  ||       ||  | |  ||       ||  | |  || |_____   |   |
 |_     _||       ||  _    ||  |_|  ||   _   ||  |_|  ||_____  |  |   |
   |   |  |       || | |   ||       ||  | |  ||       | _____| |  |   |
   |___|  |_______||_|  |__||_______||__| |__||_______||_______|  |___|
EOF
)

# ' Put a quote in comment to make vim happy about syntax highlighting :s

# Reminder for default login / password when postinstall is not done yet
if [ ! -f /etc/yunohost/installed ]
then
   default_credentials_reminder="To log in in this console or via SSH, the default login and password are 'root' and 'yunohost' (until post-install is done)."
else
   default_credentials_reminder=""
fi

#
# Build the actual message
#

sleep 5
# Get local IP
# (we do this after the sleep 5 to have
# better chances that the network is up)
local_ip=$(hostname --all-ip-address | awk '{print $1}')

LOGO_AND_FINGERPRINTS=$(cat << EOF

$LOGO

 Local IP: ${local_ip:-(no ip detected?)}
 Local SSL CA X509 fingerprint:
   ${x509_fingerprint}
 SSH fingerprints:
 ${fingerprint[0]}
 ${fingerprint[1]}
 ${fingerprint[2]}

 ${default_credentials_reminder}

EOF
)

echo "$LOGO_AND_FINGERPRINTS" > /etc/issue

if ! groups | grep -q all_users && [[ ! -f /etc/yunohost/installed ]]
then
    chvt 2

    # Formatting
    [[ -n "$local_ip" ]] && local_ip=$(echo -e "https://$local_ip/") || local_ip="(no ip detected?)"

    echo "$LOGO_AND_FINGERPRINTS"
    cat << EOF
===============================================================================
You should now proceed with YunoHost post-installation. This is where you will
be asked for:
  - the main domain of your server;
  - the username and password for the first admin

You can perform this step:
  - from your web browser, by accessing: https://yunohost.local/ or ${local_ip}
  - or in this terminal by answering 'yes' to the following question

If this is your first time with YunoHost, it is strongly recommended to take
time to read the administrator documentation and in particular the sections
'Finalizing your setup' and 'Getting to know YunoHost'. It is available at
the following URL: https://doc.yunohost.org/admin/
===============================================================================
${default_credentials_reminder}

EOF

    read -rp "Press any key to continue " -n 1

    chvt 3

    exit 0
fi
