#! /usr/bin/env sh

ovh_rescue_configure() {
	local hostname="${1}"
	local release="bookworm"
	local package
	# apt / conf
	printf "\
Acquire::AllowInsecureRepositories False;
Acquire::AllowWeakRepositories False;
Acquire::AllowDowngradeToInsecureRepositories False;
Acquire::Check-Valid-Until True;
APT::Install-Recommends False;
APT::Install-Suggests False;
APT::Get::Show-Versions True;
Dir::Etc::SourceParts \"\";
Dpkg::Progress True;
" >"/etc/apt/apt.conf.d/apt.conf"
	# apt / sources
	printf "%s" "\
deb https://deb.debian.org/debian \
${release} main non-free-firmware contrib non-free
deb https://deb.debian.org/debian \
${release}-backports main non-free-firmware contrib non-free
deb https://deb.debian.org/debian \
${release}-updates main non-free-firmware contrib non-free
deb https://deb.debian.org/debian-security \
${release}-security main non-free-firmware contrib non-free
" >"/etc/apt/sources.list"
	# bash / rc
	main_link_bashrc
	mv .bashrc .bashrc.old
	# host name
	hostname "${hostname}"
	# locales
	printf "\
en_US.UTF-8 UTF-8
fr_FR.UTF-8 UTF-8
" >"/etc/locale.gen"
	# generate locales
	locale-gen
	# update catalog
	apt-get update
	# disable frontend
	debian_disable_frontend
	# install backports
	set "tmux"
	for package in "${@}"; do
		echo
		echo "${package}"
		apt-get install --assume-yes \
			--target-release "${release}-backports" \
			"${package}"
		apt_clean_cache
	done
	# install packages
	set "apt-file" "mosh" "byobu"
	for package in "${@}"; do
		echo
		echo "${package}"
		apt-get install --assume-yes \
			"${package}"
		apt_clean_cache
	done
	# update catalog
	apt-get update
}

ovh_rescue_install() {
	local package
	local release="bookworm"
	# update catalog
	apt-get update
	# disable frontend
	debian_disable_frontend
	# upgrade packages
	apt-get upgrade --assume-yes
	# clean cache
	apt_clean_cache
	# install packages
	set \
		"man-db" \
		"dmidecode" "efibootmgr" "lshw" "pciutils" "usbutils" \
		"parted" "mdadm" "cryptsetup-bin" "lvm2" \
		"btrfs-progs" "dosfstools" "duperemove" "squashfs-tools" \
		"git" "micro" "nano" "python3" "rsync" "vim" \
		"exa" "lf" "ncdu" "nnn" "ranger" "tree" \
		"file" "htop" "iotop" "ipcalc" "libdigest-sha3-perl" "lsof"
	for package in "${@}"; do
		echo
		echo "${package}"
		apt-get install --assume-yes \
			"${package}"
		apt_clean_cache
	done
	# install backports
	set \
		"grub-pc-bin" \
		\
		"grub-efi-amd64-bin"
	for package in "${@}"; do
		echo
		echo "${package}"
		apt-get install --assume-yes \
			--target-release "${release}-backports" \
			"${package}"
		apt_clean_cache
	done
}

ovh_rescue_upload() {
	local host="${1}"
	local hostname="${2}"
	if [ "${hostname}" ]; then
		local user="root"
		#
		local user_host="${user}@${host}"
		# remove fingerprints
		ssh-keygen -R "${host}"
		# copy ssh id
		ssh-copy-id \
			-o "StrictHostKeyChecking=accept-new" \
			"${user_host}"
		# upload root
		rsync --delete --recursive \
			"${MAIN_BASH_ROOT}/" "${user_host}:/etc/bash/"
		# call setup
		# TODO variable
		ssh "${user_host}" -- "\
source \"/etc/bash/main.sh\" ; ovh_rescue_configure \"${hostname}\""
		# create session
		ssh "${user_host}" -- byobu new-session -d
		# send keys
		ssh "${user_host}" -- byobu send-keys "ovh_rescue_install" "C-m"
		# attach session
		mosh "${user_host}" -- byobu attach-session
	else
		echo "Host?"
		return 1
	fi
}

ovh_rescue_wipe_vle2_0_init() {
	local device="/dev/sdb"
	local passphrase
	local unit="mib"
	# read passphrase
	printf "PassPhrase: "
	read -r -s passphrase
	#
	lsblk
	printf "%s" "WIPE ${device} /?\\ OR CANCEL /!\\"
	read -r
	#
	parted "${device}" --script mktable gpt
	#
	parted "${device}" unit "${unit}" mkpart "crypt" 65795 1907729
	#
	parted "${device}" unit "${unit}" mkpart "boot" 514 65795
	#
	parted "${device}" unit "${unit}" mkpart "esp" 2 514
	parted "${device}" set 3 esp on
	#
	parted "${device}" unit "${unit}" mkpart bios 1 2
	parted "${device}" set 4 bios_grub on
	# wipe bios
	dd if="/dev/zero" of="${device}4"
	# format esp
	mkfs.vfat -F 32 -n "esp" "${device}3"
	# format boot
	mkfs.ext4 -F -L "boot" "${device}2"
	# encrypt
	echo "${passphrase}" |
		cryptsetup \
			--verbose \
			--batch-mode \
			--type "luks2" \
			--pbkdf "argon2id" \
			--cipher "aes-xts-plain64" \
			--iter-time 8192 \
			--key-size 512 \
			--hash "sha512" \
			--use-random \
			luksFormat \
			"${device}1"
	# open
	echo "${passphrase}" |
		cryptsetup luksOpen "${device}1" "crypt"
	# pv
	pvcreate "/dev/mapper/crypt"
	# vg
	vgcreate "crypt" "/dev/mapper/crypt"
	# lv swap
	lvcreate --name "swap" --size "68719476736b" "crypt"
	# lv data
	lvcreate --name "data" --extents "100%FREE" "crypt"
	# format swap
	mkswap --label "swap" "/dev/mapper/crypt-swap"
	# format data
	mkfs.ext4 -L "data" "/dev/mapper/crypt-data"
	# vg off
	vgchange --activate "n" "crypt"
	# close
	cryptsetup luksClose "crypt"
}