#!/bin/bash

#######################################################################################################
###   bash <(busybox wget -qO - https://raw.lhy.life/newhost.sh) --aptsource=http://deb.debian.org --sshport=22
#######################################################################################################


## GetArgValue <key> <defValue>
## ./script --key=value
g_args=("$@")
function GetArgValue()
{
	local key="$1"
	local defvalue="$2"

	for arg in "${g_args[@]}"
	do
		if [[ "$arg" == "--$key="* ]]
		then
			echo "${arg#*=}"
			return
		fi
	done

	echo "$defvalue"
}

## sources.list
## https://mirrors.tencent.com
## http://mirrors.aliyun.com
## http://deb.debian.org
APT_SOURCE=$(GetArgValue "aptsource" "http://deb.debian.org")
OS_NAME=$(grep VERSION_CODENAME /etc/os-release | cut -d '=' -f2)

cp /etc/apt/sources.list /etc/apt/sources.list.bak
cat <<EOF > /etc/apt/sources.list
deb $APT_SOURCE/debian/ $OS_NAME main non-free-firmware
deb $APT_SOURCE/debian/ $OS_NAME-updates main non-free-firmware
deb $APT_SOURCE/debian-security/ $OS_NAME-security main
EOF


## Install common software
apt-get update
apt-get install lsb-release curl wget git zip gnupg2 ca-certificates bind9-dnsutils vim lsof jq -y


## authorized_keys
mkdir -p ~/.ssh
cp ~/.ssh/authorized_keys ~/.ssh/authorized_keys.bak 2> /dev/null
echo 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEC9OFOjZx7Z6/fdFbQUvS0X2F2GZhQYp0AyFLR7aSYB river' > ~/.ssh/authorized_keys


## sshd_config
## https://manpages.debian.org/bullseye/openssh-server/sshd_config.5.en.html
## https://manpages.debian.org/bookworm/openssh-server/sshd_config.5.en.html
SSH_PORT=$(GetArgValue "sshport" 22)
OS_MAJORVERSION=$(grep VERSION_ID /etc/os-release | cut -d '=' -f2 | tr -d '"')
SSH_KBDAUTH=ChallengeResponseAuthentication 
if [ "$OS_MAJORVERSION" -gt 11 ]
then
	SSH_KBDAUTH=KbdInteractiveAuthentication
fi

cp /etc/ssh/sshd_config /etc/ssh/sshd_config.bak

cat <<EOF > /etc/ssh/sshd_config
Port $SSH_PORT
UsePAM yes
$SSH_KBDAUTH no
PermitRootLogin yes
PasswordAuthentication no
PubkeyAuthentication yes
X11Forwarding no
PrintMotd no
ClientAliveInterval 15
AcceptEnv LANG LC_*
Subsystem sftp /usr/lib/openssh/sftp-server
EOF


## change motd
cp /etc/motd /etc/motd.bak
echo "" > /etc/motd

cat <<'EOF' > /etc/update-motd.d/20-showversion
#!/bin/bash
echo "$(grep PRETTY_NAME /etc/os-release | cut -d '=' -f2 | tr -d '"') $(cat /etc/debian_version)"
EOF

chmod +x /etc/update-motd.d/20-showversion


## hostname
cp /etc/hostname /etc/hostname.bak
echo "debian" > /etc/hostname
hostname debian

## hosts
cp /etc/hosts /etc/hosts.bak
cat <<'EOF' > /etc/hosts
127.0.0.1       localhost
127.0.1.1       debian debian.lan
::1             localhost ip6-localhost ip6-loopback
ff02::1         ip6-allnodes
ff02::2         ip6-allrouters
EOF

## Root user terminal colors and Command auto completion
## extracted from normal users
cp /root/.bashrc /root/.bashrc.bak
cat <<'EOF' > /root/.bashrc
# set a fancy prompt (non-color, unless we know we "want" color)
case "$TERM" in
    xterm-color|*-256color) color_prompt=yes;;
esac

# uncomment for a colored prompt, if the terminal has the capability; turned
# off by default to not distract the user: the focus in a terminal window
# should be on the output of commands, not on the prompt
#force_color_prompt=yes

if [ -n "$force_color_prompt" ]; then
    if [ -x /usr/bin/tput ] && tput setaf 1 >&/dev/null; then
        # We have color support; assume it's compliant with Ecma-48
        # (ISO/IEC-6429). (Lack of such support is extremely rare, and such
        # a case would tend to support setf rather than setaf.)
        color_prompt=yes
    else
        color_prompt=
    fi
fi

if [ "$color_prompt" = yes ]; then
    PS1='${debian_chroot:+($debian_chroot)}\[\033[01;32m\]\u@\h\[\033[00m\]:\[\033[01;34m\]\w\[\033[00m\]\$ '
else
    PS1='${debian_chroot:+($debian_chroot)}\u@\h:\w\$ '
fi
unset color_prompt force_color_prompt

# If this is an xterm set the title to user@host:dir
case "$TERM" in
xterm*|rxvt*)
    PS1="\[\e]0;${debian_chroot:+($debian_chroot)}\u@\h: \w\a\]$PS1"
    ;;
*)
    ;;
esac

# enable color support of ls and also add handy aliases
if [ -x /usr/bin/dircolors ]; then
    test -r ~/.dircolors && eval "$(dircolors -b ~/.dircolors)" || eval "$(dircolors -b)"
    alias ls='ls --color=auto'
fi

# colored GCC warnings and errors
export GCC_COLORS='error=01;31:warning=01;35:note=01;36:caret=01;32:locus=01:quote=01'

## Command auto completion
if ! shopt -oq posix; then
  if [ -f /usr/share/bash-completion/bash_completion ]; then
    . /usr/share/bash-completion/bash_completion
  elif [ -f /etc/bash_completion ]; then
    . /etc/bash_completion
  fi
fi
EOF

## timezone
timedatectl set-timezone Asia/Shanghai

## Turn off auto selection after pasting
sed -i "/^bind 'set enable-bracketed-paste/d" /etc/profile
echo "bind 'set enable-bracketed-paste off'" >> /etc/profile

systemctl restart sshd

echo "done!"