# copy and paste oneliner below to run
# curl -s https://gist.github.com/ilude/32aec45964bc1207810f7e6e49544064/raw/%21proxmox_setup.sh?$(date +%s) | /bin/bash -s

# Disable Commercial Repo
sed -i "s/^deb/\#deb/" /etc/apt/sources.list.d/pve-enterprise.list

# Add PVE Community Repo
echo "deb http://download.proxmox.com/debian/pve $(grep "VERSION=" /etc/os-release | sed -n 's/.*(\(.*\)).*/\1/p') pve-no-subscription" > /etc/apt/sources.list.d/pve-no-enterprise.list

# setup no nag script to run on upgrade
echo "DPkg::Post-Invoke { \"dpkg -V proxmox-widget-toolkit | grep -q '/proxmoxlib\.js$'; if [ \$? -eq 1 ]; then { echo 'Removing subscription nag from UI...'; sed -i '/data.status/{s/\!//;s/Active/NoMoreNagging/}' /usr/share/javascript/proxmox-widget-toolkit/proxmoxlib.js; }; fi\"; };" > /etc/apt/apt.conf.d/99-proxmox-no-nag-script

# setup dark-theme to reinstall on upgrade
THEME_APT_SCRIPT_FILE=/etc/apt/apt.conf.d/99-proxmox-dark-theme
if [ ! -f "$THEME_APT_SCRIPT_FILE" ]; then
tee -a "$THEME_APT_SCRIPT_FILE" >/dev/null <<'EOF'
DPkg::Post-Invoke { "wget https://raw.githubusercontent.com/Weilbyte/PVEDiscordDark/master/PVEDiscordDark.sh && bash PVEDiscordDark.sh install || true"; };
EOF
fi

apt-get update
apt-get dist-upgrade -y

# disable kerbose authentication for sshd, this will speed up logins
sed -i 's/GSSAPIAuthentication yes/GSSAPIAuthentication no/g' /etc/ssh/sshd_config
systemctl restart ssh

# force post-invoke scripts to run
apt --reinstall install proxmox-widget-toolkit

# keep a record of when the system was setup
if ! [[ -f /etc/birth_certificate ]]; then
  echo "Creating /etc/birth_certificate"
  date > /etc/birth_certificate
fi

# offer to fetch and store github public keys in authorized_keys file
fetch_github_key()
{
  mkdir -p ~/.ssh
  if ! [[ -f ~/.ssh/authorized_keys ]]; then
    touch ~/.ssh/authorized_keys
  fi
  chmod 700 ~/.ssh
  chmod 600 ~/.ssh/*

  read -p "Enter Github Username: " github_username
  curl -s https://github.com/${github_username}.keys >> ~/.ssh/authorized_keys
}

read -t 10 -p "Download github public key for ssh? (Y/n): " REPLY
if [ $? -gt 128 ]; then
  echo "Timed out waiting for input. Defaulting to N!"
  break
fi

case $REPLY in
[yY]*)
  fetch_github_key
  ;;
*)
  ;;
esac

# offer to setup gmail for outgoing smtp messages
setup_smtp_to_gmail() 
{
  apt update
  apt install -y libsasl2-modules

  echo "You will need to go to https://security.google.com/settings/security/apppasswords to generate an app password!"
  echo ""
  read -p  'Gmail username (without @gmail.com): ' YOUR_GMAIL_USERNAME
  read -sp 'Gmail App Password: ' YOUR_GMAIL_APP_PASSWORD

  echo "smtp.gmail.com $YOUR_GMAIL_USERNAME@gmail.com:$YOUR_GMAIL_APP_PASSWORD" > /etc/postfix/sasl_passwd
  postmap hash:/etc/postfix/sasl_passwd
  chmod 600 /etc/postfix/sasl_passwd

  sed -i 's/relayhost\ =/relayhost\ =\ smtp.gmail.com:587/g' /etc/postfix/main.cf

  tee -a /etc/postfix/main.cf >/dev/null <<'EOF'
smtp_use_tls = yes
smtp_sasl_auth_enable = yes
smtp_sasl_security_options =
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_tls_CAfile = /etc/ssl/certs/Entrust_Root_Certification_Authority.pem
smtp_tls_session_cache_database = btree:/var/lib/postfix/smtp_tls_session_cache
smtp_tls_session_cache_timeout = 3600s
EOF

  postfix reload

  echo "Proxmox test message $(date)" | mail -s "Proxmox Test from $(hostname)" $YOUR_GMAIL_USERNAME@gmail.com
}

read -t 10 -p "Setup gmail for outgoing smtp mail messages? (Y/n): " REPLY
if [ $? -gt 128 ]; then
  echo "Timed out waiting for input. Defaulting to N!"
  break
fi

case $REPLY in
[yY]*)
  setup_smtp_to_gmail
  ;;
*)
  ;;
esac

# check if reboot is required 
if [ -f /var/run/reboot-required ]; then
  sudo reboot
fi