#!/bin/sh
#
# router.customize - configure router disk image for management by ansible
#
# This sets up a very basic image, just enough to allow ansible to log
# in and become root with sudo. Also, bring up DHCP server on LAN
# ports to allow access over ssh. All the rest of the configuration
# happens via ansible.
#
# Copyright 2016  Lars Wirzenius
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program.  If not, see <http://www.gnu.org/licenses/>.


set -eu

# Avoid any problems (mainly weird perl warnings) from inherited
# locale from user.
export LC_ALL=C

rootdir="$1"

# Create /etc/issue with version info.
version="$(git show HEAD | sed 1q)"
cat <<EOF > "$rootdir/etc/issue"
Mini PC router ($version)
EOF

# Configure network ports. eth0 is WAN and gets its adress using DHCP.
# The rest will serve the LAN and dnsmasq will serve address to LAN via
# DHCP on these ports. The LAN interfaces have a static config.

cat <<EOF > "$rootdir/etc/network/interfaces.d/router"
auto eth3
iface eth3 inet static
    address 10.0.0.4
    netmask 255.255.255.0
    gateway 10.0.0.255
EOF

# Configure dnsmasq to server 10.0.0.x addresss on the LAN ports.
cat <<EOF > "$rootdir/etc/dnsmasq.d/router"
interface=eth1
interface=eth2
interface=eth3
dhcp-range=10.0.0.10,10.0.0.250,255.255.255.0,720h
EOF


# Create an account for ansible.
chroot "$rootdir" adduser --gecos 'Ansible' --disabled-password ansible

# Install an authorize_keys file so that ansible can access the account.
chroot "$rootdir" install -d -o ansible -g ansible -m 0700 /home/ansible/.ssh
install -m 0600 authorized_keys "$rootdir/home/ansible/.ssh/authorized_keys"
chroot "$rootdir" chown ansible:ansible /home/ansible/.ssh/authorized_keys

# Add ansible to sudoers, without password.
cat <<EOF >> "$rootdir/etc/sudoers.d/ansible"
ansible ALL=(ALL:ALL) NOPASSWD: ALL
EOF
chroot "$rootdir" chown root:root /etc/sudoers.d/ansible
chroot "$rootdir" chmod 0440 /etc/sudoers.d/ansible