#!/bin/bash

echo
echo "  => Configuration"
echo

config_file="/etc/netig.conf"

# Skip if already configured
if [ -f $config_file ]; then
    source $config_file
    if [ $config = done ]; then
        echo "Configuration already applied !"
        exit
    fi
fi

# Grub configuration
sed -i "s/GRUB_CMDLINE_LINUX_DEFAULT=\"quiet/& loglevel=3 nowatchdog/" /etc/default/grub
update-grub

# Server only configuration
if [ $profile = server ]; then
    # Firewall basic configuration
    ufw default deny incoming
    ufw default allow outgoing
    
    # Open needed ports
    ports="ssh
           http
           https
           imap
           imaps
           smtp
           smtps"
    for i in $ports
    do
        ufw allow $i
    done

    # SSH keys only
    echo -e "# SSH keys only\nPasswordAuthentication no\nPubkeyAuthentication yes" > /etc/ssh/sshd_config.d/custom.conf
fi

# Desktop only configuration
if [ $profile = desktop ]; then
    # Firewall configuration
    ufw default deny incoming
    ufw default allow outgoing

    # Disable all managed interfaces excerpt loopback from /etc/network/interfaces file to allow NetworkManager to manage them
    sed -i '/# The primary network interface/Q' /etc/network/interfaces
fi

# Remember configuration is applied
echo "config=done" > $config_file
chmod +x $config_file