#!/bin/bash
#
# LiHAS Grundinstallation  bullseye lxc

rm /var/lib/apt/lists/* -vf
grep -ri 'APT::Cache-Limit' /etc/apt/*
[ $? != 0 ] && cat << EOF >> /etc/apt/apt.conf.d/70debconf
APT::Cache-Limit "100000000";
EOF
apt-get clean
apt-get update
apt install gnupg wget

>/etc/apt/sources.list
echo 'deb http://deb.debian.org/debian/ bullseye main contrib non-free' >/etc/apt/sources.list.d/bullseye.list
echo 'deb http://deb.debian.org/debian-security bullseye-security/updates main contrib non-free' >/etc/apt/sources.list.d/bullseye-security.list
echo 'deb http://deb.debian.org/debian bullseye-updates main contrib non-free' >/etc/apt/sources.list.d/bullseye-updates.list
echo '#deb http://deb.debian.org/debian/ bookworm main contrib non-free' >/etc/apt/sources.list.d/bookworm.list
echo '#deb http://deb.debian.org/debian bullseye-proposed-updates main contrib non-free' >/etc/apt/sources.list.d/bullseye-proposed-updates.list
echo '#deb http://deb.debian.org/debian sid main contrib non-free' >/etc/apt/sources.list.d/sid.list
echo '#deb http://deb.debian.org/debian experimental main contrib non-free' >/etc/apt/sources.list.d/experimental.list
echo 'deb [trusted=yes] https://ftp.lihas.de/debian/ bullseye main' >/etc/apt/sources.list.d/bullseye-lihas.list
echo 'deb http://deb.debian.org/debian/ bullseye-backports main contrib non-free' >/etc/apt/sources.list.d/bullseye-backports.list

apt-get --allow-unauthenticated update
apt-get install lihas-keyring
echo 'deb http://ftp.lihas.de/debian/ bullseye main' >/etc/apt/sources.list.d/bullseye-lihas.list

apt-get -y install debsums debconf-utils locales screen bash-completion aptitude man

apt-get -y update

echo base-passwd base-passwd/user-change-shell   boolean true | debconf-set-selections
echo base-passwd base-passwd/system/user/proxy/shell/_bin_sh/_usr_sbin_nologin   boolean true | debconf-set-selections
echo base-passwd base-passwd/user-remove boolean true | debconf-set-selections
echo base-passwd base-passwd/user-add    boolean true | debconf-set-selections
echo base-passwd base-passwd/user-move   boolean true | debconf-set-selections
echo base-passwd base-passwd/system/user/lp/shell/_bin_sh/_usr_sbin_nologin      boolean true | debconf-set-selections
echo base-passwd base-passwd/system/user/gnats/shell/_bin_sh/_usr_sbin_nologin   boolean true | debconf-set-selections
echo base-passwd base-passwd/user-change-home    boolean true | debconf-set-selections
echo base-passwd base-passwd/user-change-gid     boolean true | debconf-set-selections
echo base-passwd base-passwd/system/user/backup/shell/_bin_sh/_usr_sbin_nologin  boolean true | debconf-set-selections
echo base-passwd base-passwd/system/user/nobody/shell/_bin_sh/_usr_sbin_nologin  boolean true | debconf-set-selections
echo base-passwd base-passwd/system/user/man/shell/_bin_sh/_usr_sbin_nologin     boolean true | debconf-set-selections
echo base-passwd base-passwd/system/user/mail/shell/_bin_sh/_usr_sbin_nologin    boolean true | debconf-set-selections
echo base-passwd base-passwd/group-move  boolean true | debconf-set-selections
echo base-passwd base-passwd/system/user/daemon/shell/_bin_sh/_usr_sbin_nologin  boolean true | debconf-set-selections
echo base-passwd base-passwd/group-change-gid    boolean true | debconf-set-selections
echo base-passwd base-passwd/system/user/irc/shell/_bin_sh/_usr_sbin_nologin     boolean true | debconf-set-selections
echo base-passwd base-passwd/system/user/games/shell/_bin_sh/_usr_sbin_nologin   boolean true | debconf-set-selections
echo base-passwd base-passwd/system/user/uucp/shell/_bin_sh/_usr_sbin_nologin    boolean true | debconf-set-selections
echo base-passwd base-passwd/system/user/bin/shell/_bin_sh/_usr_sbin_nologin     boolean true | debconf-set-selections
echo base-passwd base-passwd/system/user/news/shell/_bin_sh/_usr_sbin_nologin    boolean true | debconf-set-selections
echo base-passwd base-passwd/group-add   boolean true | debconf-set-selections
echo base-passwd base-passwd/system/user/list/shell/_bin_sh/_usr_sbin_nologin    boolean true | debconf-set-selections
echo base-passwd base-passwd/system/user/sys/shell/_bin_sh/_usr_sbin_nologin     boolean true | debconf-set-selections
echo base-passwd base-passwd/system/user/www-data/shell/_bin_sh/_usr_sbin_nologin        boolean true | debconf-set-selections
echo base-passwd base-passwd/group-remove        boolean true | debconf-set-selections
echo base-passwd base-passwd/user-change-uid     boolean true | debconf-set-selections
echo base-passwd base-passwd/user-change-gecos   boolean true | debconf-set-selections
echo debconf debconf/frontend select Dialog | debconf-set-selections
echo debconf debconf/priority select medium | debconf-set-selections
echo nullmailer nullmailer/defaultdomain string | debconf-set-selections
echo nullmailer shared/mailname string mail | debconf-set-selections
echo nullmailer nullmailer/adminaddr string | debconf-set-selections
echo nullmailer nullmailer/relayhost string mail | debconf-set-selections
echo man-db man-db/auto-update boolean true | debconf-set-selections
echo man-db man-db/install-setuid boolean false | debconf-set-selections
echo ca-certificates ca-certificates/new_crts multiselect | debconf-set-selections
echo ca-certificates ca-certificates/trust_new_crts select yes | debconf-set-selections
echo tzdata tzdata/Areas select	Europe | debconf-set-selections
echo tzdata tzdata/Zones/Europe select Berlin | debconf-set-selections
echo openssh-server  openssh-server/permit-root-login        boolean true | debconf-set-selections
echo locales locales/default_environment_locale select C.UTF-8 | debconf-set-selections
echo locales locales/locales_to_be_generated multiselect     de_DE.UTF-8 UTF-8, en_US.UTF-8 UTF-8 | debconf-set-selections
# zusaetzlich zu tzdata
echo "Europe/Berlin" > /etc/timezone
ln -snf /usr/share/zoneinfo/Europe/Berlin /etc/localtime

# nullmailer, damit nicht exim nachgezogen wird, z.B. bei rsnapshot
apt-get -y install nullmailer s-nail bsd-mailx 
# zusaetzlich zu locales
sed -i 's/# de_DE.UTF-8 UTF-8/de_DE.UTF-8 UTF-8/g' /etc/locale.gen
sed -i 's/# en_US.UTF-8 UTF-8/en_US.UTF-8 UTF-8/g' /etc/locale.gen

grep -q /etc/bash_completion /root/.bashrc || echo . /etc/bash_completion >> /root/.bashrc
grep -q HISTTIMEFORMAT /root/.bashrc || echo 'export HISTTIMEFORMAT="%Y-%m-%d -- %H:%M:%S "' >>/root/.bashrc
grep -q HISTSIZE /root/.bashrc || echo 'export HISTSIZE=50000' >>/root/.bashrc

# lihas-keyring
apt-get -y --allow-downgrades --allow-remove-essential --allow-change-held-packages --allow-unauthenticated install lihas-keyring vo
# damit Key greift
apt-get update
apt-get -y install dialog less vim screen tzdata debconf ssh psmisc ncurses-term file debian-keyring logrotate rsync etckeeper logrotate bind9-host curl ca-certificates netcat strace lsof iotop mbuffer ftp openssl pigz pbzip2 sudo pixz deborphan iperf needrestart net-tools
echo '$nrconf{kernelhints} = 0' >/etc/needrestart/conf.d/nokernelchecks.conf
# monitoring tools, without samba etc.
apt-get -y install --no-install-recommends monitoring-plugins monitoring-plugins-basic monitoring-plugins-common monitoring-plugins-standard check-mk-agent check-mk-agent-plugin-logwatch xinetd check-mk-agent-plugin-netstat check-mk-agent-plugin-logins check-mk-agent-plugin-apt-hourly check-mk-agent-plugin-iptables check-mk-agent-plugin-apache-status check-mk-agent-plugin-dnsclient check-mk-agent-plugin-inventory check-mk-agent-plugin-sshd-config
[ ! -f /usr/bin/python ] && apt-get -y install python-is-python3

sed -i -e 's/yes/no/g' /etc/xinetd.d/check_mk
/etc/init.d/xinetd restart 

locale-gen
dpkg-reconfigure -f noninteractive tzdata
dpkg-reconfigure -f noninteractive locales
dpkg-reconfigure -f noninteractive dash
dpkg-reconfigure -f noninteractive openssh-server
dpkg-reconfigure -f noninteractive debconf

# allow root login using password 
echo PermitRootLogin yes > /etc/ssh/sshd_config.d/01-PermitRootLogin.conf

service ssh restart

# vim config
# - place cursor where file was last edited
[ ! -f /etc/vim/vimrc.local ] && cat << EOF > /etc/vim/vimrc.local
syntax on
colors elflord
if has("autocmd")
  au BufReadPost * if line("'\"") > 1 && line("'\"") <= line("$") | exe "normal! g'\"" | endif
endif
EOF

apt-get -y purge nano  
apt-get -y dist-upgrade

# git silencen
( 
	if dpkg -l etckeeper > /dev/null ; then 
		cd /etc
		git config --global user.name root
		git config --global user.email support@lihas.de
		git commit --amend --reset-author -m "things done"
	fi 
)
cat << EOF >/root/.screenrc
hardstatus alwayslastline "%w"
defscrollback 10000
EOF

apt-get -y upgrade
# clean up packet cache
apt-get clean
apt-get autoremove

apt-get -y dist-upgrade