:<<!
 * Copyright (c) Huawei Technologies Co., Ltd. 2018-2023. All rights reserved.
 * oemaker licensed under the Mulan PSL v2.
 * You can use this software according to the terms and conditions of the Mulan PSL v2.
 * You may obtain a copy of Mulan PSL v2 at:
 *     http://license.coscl.org.cn/MulanPSL2
 * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
 * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
 * PURPOSE.
 * See the Mulan PSL v2 for more details.
 * Author:
 * Create: 2023-05-05
 * Description: provide qcow2 kylin custom setting
!

#!/bin/bash

if [ "${DEBUG_TRACE:-0}" -gt 0 ]; then
    set -x
fi
set -eu
set -o pipefail

arch=`arch`

function clean(){
    rm -f /root/.ssh/known_hosts
    rm -f /etc/ssh/ssh_host_*
    rm -f /var/log/anaconda.*
    [ -f /var/log/messages ] && >  /var/log/messages
    rm -rfv /var/lib/dnf/history*
    rm -rfv /var/lib/dhclient/*	
    rm -f /root/{.bash_history,.viminfo,*.cfg,*.log*}
    rm -f /source_files
    rm -f /grub.cfg
    for i in $(find /var/log/ -type f); do > $i; done
    if [[ ! -L /etc/udev/rules.d/70-persistent-net.rules ]];then
        rm -rfv /etc/udev/rules.d/70-persistent-net.rules
    fi
    sync
    sync
    sync
}

function rpmfun(){
        echo "删除NetworkManager-config-server,下载一些软件包"
        rpm -e NetworkManager-config-server --nodeps || true
        yum install -y bash-completion cloud-init cloud-utils-growpart wget libmetalink || echo "下载失败，请检查yum repo"
}

function firewalld(){
        echo "关闭防火墙"
        rm -rf /etc/systemd/system/multi-user.target.wants/firewalld.service
}

function selinux(){
        echo "关闭selinux"
        if [ ! -f "/etc/selinux/config" ];then
                yum install -y selinux-policy
        fi
        sed -i "s/SELINUX=enforcing/SELINUX=disabled/" /etc/selinux/config
}
function cloudinit(){
        echo "关闭cloud-init"
        touch /etc/cloud/cloud-init.disabled
}

function ssh(){
        echo "配置ssh，配置完后无法用root+密码方式登录"
        sed -i '/^LogLevel VERBOSE/d' /etc/ssh/sshd_config
        sed -i 's/#LogLevel INFO/LogLevel VERBOSE/g' /etc/ssh/sshd_config
        sed -i 's/PermitRootLogin yes/PermitRootLogin no/' /etc/ssh/sshd_config
        sed -i '/^StrictModes yes/d' /etc/ssh/sshd_config
        sed -i 's/#StrictModes yes/StrictModes yes/g' /etc/ssh/sshd_config
        sed -i '/^HostbasedAuthentication no/d' /etc/ssh/sshd_config
        sed -i 's/#HostbasedAuthentication no/HostbasedAuthentication no/g' /etc/ssh/sshd_config
        sed -i '/^IgnoreRhosts yes/d' /etc/ssh/sshd_config
        sed -i 's/#IgnoreRhosts yes/IgnoreRhosts yes/g' /etc/ssh/sshd_config
        sed -i '/^PermitEmptyPasswords no/d' /etc/ssh/sshd_config
        sed -i 's/#PermitEmptyPasswords no/PermitEmptyPasswords no/g' /etc/ssh/sshd_config
        sed -i '/^AllowAgentForwarding no/d' /etc/ssh/sshd_config
        sed -i 's/#AllowAgentForwarding yes/AllowAgentForwarding no/g' /etc/ssh/sshd_config
        sed -i '/^AllowTcpForwarding no/d' /etc/ssh/sshd_config
        sed -i 's/#AllowTcpForwarding yes/AllowTcpForwarding no/g' /etc/ssh/sshd_config
        sed -i '/^GatewayPorts no/d' /etc/ssh/sshd_config
        sed -i 's/#GatewayPorts no/GatewayPorts no/g' /etc/ssh/sshd_config
        sed -i '/^PermitUserEnvironment no/d' /etc/ssh/sshd_config
        sed -i 's/#PermitUserEnvironment no/PermitUserEnvironment no/g' /etc/ssh/sshd_config
        sed -i 's/#ClientAliveInterval 0/ClientAliveInterval 300/g' /etc/ssh/sshd_config
        sed -i '/^ClientAliveCountMax 0/d' /etc/ssh/sshd_config
        sed -i 's/#ClientAliveCountMax 3/ClientAliveCountMax 0/g' /etc/ssh/sshd_config
        sed -i 's/#UseDNS no/UseDNS no/g' /etc/ssh/sshd_config
        sed -i '/^PermitTunnel no/d' /etc/ssh/sshd_config
        sed -i 's/#PermitTunnel no/PermitTunnel no/g' /etc/ssh/sshd_config
        sed -i '/^Ciphers/d' /etc/ssh/sshd_config
        sed -i '/^MACs/d' /etc/ssh/sshd_config
        sed -i '/^KexAlgorithms/d' /etc/ssh/sshd_config
        echo "Ciphers aes128-ctr,aes192-ctr,aes256-ctr" >> /etc/ssh/sshd_config
        echo "MACs hmac-sha2-512,hmac-sha2-256,hmac-sha1" >> /etc/ssh/sshd_config
        echo "KexAlgorithms curve25519-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256" >> /etc/ssh/sshd_config
}
function Timezone(){
        echo "配置Timezone"
        ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
}
function dhcp(){
        echo "修改 dhcp 客户端超时重试时间"
        if [ ! -d "/etc/dhcp/" ];then
                yum install -y dhcp
        fi
        echo "timeout 300;" >> /etc/dhcp/dhclient.conf
        echo "retry 60;" >> /etc/dhcp/dhclient.conf
}
function nameserver(){
        echo "清空默认nameserver配置"
	    # : 是一个占位符
        : > /etc/resolv.conf
}
function nic(){
        echo "网卡配置文件"
        if [ ! -d "/etc/sysconfig/network-scripts" ];then
                yum install -y NetworkManager
        fi
        rm -rf /etc/sysconfig/network-scripts/ifcfg-*
        touch /etc/sysconfig/network-scripts/ifcfg-eth0
cat >> /etc/sysconfig/network-scripts/ifcfg-eth0 << EOF
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=dhcp
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=eth0
DEVICE=eth0
ONBOOT=yes
IPV6_PRIVACY=no
EOF
}


function kylin_custom_main(){
    rpmfun
    firewalld
    selinux
    cloudinit
    ssh
    Timezone
    dhcp
    nic
    nameserver
    clean
}

kylin_custom_main
