#!/bin/bash

set -ouex pipefail

# Copy System Files onto root
rsync -rvK /ctx/sys_files/ /

# Copy cosign.pub key into the right location
mkdir -p /etc/pki/containers
cp /ctx/cosign.pub /etc/pki/containers/davejansen.pub

### Install packages

# Packages can be installed from any enabled yum repo on the image.
# RPMfusion repos are available by default in ublue main images
# List of rpmfusion packages can be found here:
# https://mirrors.rpmfusion.org/mirrorlist?path=free/fedora/updates/39/x86_64/repoview/index.html&protocol=https&redirect=1

# Install RPMFusion and enable fedora-multimedia with a higher priority than default
if ! grep -q fedora-multimedia <(dnf5 repolist); then
  # Enable or Install Repofile
  #dnf5 install \
  #  https://mirrors.rpmfusion.org/free/fedora/rpmfusion-free-release-$(rpm -E %fedora).noarch.rpm \
  #  https://mirrors.rpmfusion.org/nonfree/fedora/rpmfusion-nonfree-release-$(rpm -E %fedora).noarch.rpm

  # Enable fedora-multimedia
  dnf5 config-manager setopt fedora-multimedia.enabled=1 ||
    dnf5 config-manager addrepo --from-repofile="https://negativo17.org/repos/fedora-multimedia.repo"
fi

# Set higher priority
dnf5 config-manager setopt fedora-multimedia.priority=90

# Remove Fedora's package that enforces their own (filtered) version of the
# flathub repo is present, as-well as the system-installed Firefox as I prefer to use the Flatpak version
dnf5 remove -y fedora-flathub-remote # firefox firefox-langpacks

# Add Flathub to the image for eventual application
mkdir -p /etc/flatpak/remotes.d/
curl --retry 3 -Lo /etc/flatpak/remotes.d/flathub.flatpakrepo https://dl.flathub.org/repo/flathub.flatpakrepo

# use override to replace mesa and others with less crippled versions
OVERRIDES=(
  "intel-gmmlib"
  "intel-mediasdk"
  "intel-vpl-gpu-rt"
  "libheif"
  "libva"
  "libva-intel-media-driver"
  "mesa-dri-drivers"
  "mesa-filesystem"
  "mesa-libEGL"
  "mesa-libGL"
  "mesa-libgbm"
  "mesa-va-drivers"
  "mesa-vulkan-drivers"
)

dnf5 distro-sync --skip-unavailable -y --repo='fedora-multimedia' "${OVERRIDES[@]}"
dnf5 versionlock add "${OVERRIDES[@]}"

# Remove additional repositories Fedora comes with out of the box
rm \
  /etc/yum.repos.d/fedora-cisco-openh264.repo \
  /etc/yum.repos.d/google-chrome.repo \
  /etc/yum.repos.d/rpmfusion-nonfree-nvidia-driver.repo \
  /etc/yum.repos.d/rpmfusion-nonfree-steam.repo \
  /etc/yum.repos.d/_copr:copr.fedorainfracloud.org:phracek:PyCharm.repo

# Add country query to all repo metalinks
# shellcheck disable=SC2016
sed -i -e '/^metalink\=/s/\$releasever\&arch\=\$basearch$/\$releasever\&arch\=\$basearch\&country\=KR,JP,TW/g' /etc/yum.repos.d/*.repo

# Add 1Password repo
#rpmkeys --import https://downloads.1password.com/linux/keys/1password.asc
cp /ctx/rpm-keys/1password.asc /etc/pki/rpm-gpg/1password.asc
sh -c 'echo -e "[1password]\nname=1Password Stable Channel\nbaseurl=https://downloads.1password.com/linux/rpm/stable/\$basearch\nenabled=1\ngpgcheck=1\nrepo_gpgcheck=1\ngpgkey=\"file:///etc/pki/rpm-gpg/1password.asc\"" > /etc/yum.repos.d/1password.repo'

# Add Tailscale repo
#rpmkeys --import https://pkgs.tailscale.com/stable/fedora/repo.gpg
#dnf5 config-manager addrepo --from-repofile=https://pkgs.tailscale.com/stable/fedora/tailscale.repo
cp /ctx/rpm-keys/tailscale.gpg /etc/pki/rpm-gpg/tailscale.gpg
sh -c 'echo -e "[tailscale-stable]\nname=Tailscale stable\nbaseurl=https://pkgs.tailscale.com/stable/fedora/\$basearch\nenabled=1\ngpgcheck=1\nrepo_gpgcheck=1\ngpgkey=\"file:///etc/pki/rpm-gpg/tailscale.gpg\"" > /etc/yum.repos.d/tailscale.repo'

# Update all existing packages
# dnf5 update -y

# Install my own layered packages
dnf5 install -y \
  gvfs-nfs \
  openssl \
  wl-clipboard \
  ffmpeg ffmpeg-libs ffmpegthumbnailer \
  heif-pixbuf-loader intel-vaapi-driver libavcodec libheif \
  libcamera libcamera-gstreamer libcamera-ipa libcamera-tools pipewire-plugin-libcamera \
  gnome-shell-extension-appindicator \
  1password 1password-cli \
  tailscale

# Delete 1Password and Tailscale repos once packages are installed
# so they don't end up in the final image.
rm \
  /etc/yum.repos.d/1password.repo \
  /etc/yum.repos.d/tailscale.repo \
  /etc/pki/rpm-gpg/1password.asc \
  /etc/pki/rpm-gpg/tailscale.gpg

# Or just disable:
# dnf5 config-manager setopt 1password.enabled=0 tailscale-stable.enabled=0
# sed -i 's/enabled=1/enabled=0/' \
#   /etc/yum.repos.d/1password.repo \
#   /etc/yum.repos.d/tailscale.repo \

# Fedora Flatpak service is a part of the flatpak package, ensure it's overridden by moving to replace it at the end of the build.
mv -f /usr/lib/systemd/system/flatpak-add-flathub-repos.service /usr/lib/systemd/system/flatpak-add-fedora-repos.service

# Enable Tailscale
systemctl enable tailscaled

# Cleanup

# Remove dnf5 versionlocks
dnf5 versionlock clear

## Handle files that rpm-ostree would normally remove
## Borrowed from: https://github.com/hhd-dev/rechunk/blob/master/1_prune.sh#L33
if [ -f /etc/passwd ]; then
  echo
  echo Appending the following passwd users to /usr/lib/passwd
  out=$(grep -v "root" /etc/passwd)
  echo "$out"
  echo "$out" >>/usr/lib/passwd
fi
if [ -f /etc/group ]; then
  echo
  echo Appending the following group entries to /usr/lib/group
  out=$(grep -v "root\|wheel" /etc/group)
  echo "$out"
  echo "$out" >>/usr/lib/group
fi

if [ -f /etc/passwd ] || [ -f /etc/group ]; then
  echo
  echo "Warning: Make sure processed users and groups are from installed programs!"
fi

# Create defaults for /etc/passwd, /etc/group
cat <<EOT >/etc/passwd
root:x:0:0:root:/root:/bin/bash
EOT
cat <<EOT >/etc/group
root:x:0:
wheel:x:10:
EOT

# Extra lock files created by container processes that might cause issues
rm -rf \
  /etc/.pwd.lock \
  /etc/passwd- \
  /etc/group- \
  /etc/shadow- \
  /etc/gshadow- \
  /etc/subuid- \
  /etc/subgid- \
  /.dockerenv

# Merge /usr/etc to /etc
# OSTree will error out if both dirs exist
# And rpm-ostree will be confused and use only one of them
if [ -d /usr/etc ]; then
  echo
  echo WARNING: FOUND /usr/etc. MERGING TO ETC FOR COMPATIBILITY
  echo EXPECT PERMISSIONS ISSUES ON THE MERGED PATHS
  echo The following files from /usr/etc will be merged to /etc:
  tree /usr/etc

  echo
  rsync -aAX --numeric-ids --checksum --links /usr/etc/ /etc
  rm -rf /usr/etc
fi

# Move /etc to /usr/etc
mv /etc /usr/

# ...normal ublue-inspired steps continue.

# Remove tmp files and everything in dirs that make bootc unhappy
rm -rf /tmp/* || true
rm -rf /usr/etc
rm -rf /boot && mkdir /boot
# Preserve cache mounts
find /var/* -maxdepth 0 -type d \! -name cache \! -name log -exec rm -rf {} \;
find /var/cache/* -maxdepth 0 -type d \! -name libdnf5 -exec rm -rf {} \;

# Make sure /var/tmp is properly created
mkdir -p /var/tmp
chmod -R 1777 /var/tmp

echo "Done."