#!/bin/sh
set -e
WORKDIRECTORY=$PWD

if [ "$(id -u)" -ne 0 ]
  then printf "The script has to be run as root.\n"
  exit
fi

if [ -x "$(command -v doas)" ]; then
  PERMUSER=$DOAS_USER
  evalcommand="doas -u $PERMUSER"
  cp /etc/doas.conf /etc/doas.bak
  echo "permit nopass :wheel" > /etc/doas.conf
  echo "permit nopass root" >> /etc/doas.conf
else
  PERMUSER=$SUDO_USER
  evalcommand="sudo -u $PERMUSER"
  echo "%wheel ALL=(ALL) NOPASSWD: ALL
  Defaults:%wheel,root runcwd=*" >/etc/sudoers.d/temp
fi

run_as_user() {
  $evalcommand "$@"
}

usermod -aG seat $PERMUSER

DEPLIST="`sed -e 's/#.*$//' -e '/^$/d' dependencies.txt | tr '\n' ' '`"
pacman -Sy --noconfirm
pacman -S $DEPLIST --noconfirm --needed

run_as_user cp -r "$WORKDIRECTORY"/.config /home/"$PERMUSER"
run_as_user cp -r "$WORKDIRECTORY"/.local /home/"$PERMUSER"
run_as_user cp -a "$WORKDIRECTORY"/.zprofile /home/"$PERMUSER"

run_as_user mkdir -p /home/"$PERMUSER"/.config/git
run_as_user touch /home/"$PERMUSER"/.config/git/config
run_as_user mkdir -p /home/"$PERMUSER"/.config/npm
run_as_user touch /home/"$PERMUSER"/.config/npm/npmrc
run_as_user mkdir -p /home/"$PERMUSER"/.cache/zsh
run_as_user mkdir -p /home/"$PERMUSER"/.config/mpd/playlists
run_as_user mkdir -p /home/"$PERMUSER"/.local/share/themes
run_as_user mkdir -p /home/"$PERMUSER"/.local/share/icons

cd "$WORKDIRECTORY" || exit
run_as_user git clone https://github.com/zdharma-continuum/fast-syntax-highlighting
mkdir -p /usr/share/zsh/plugins
cp -rf fast-syntax-highlighting /usr/share/zsh/plugins
cd "$WORKDIRECTORY"

run_as_user mkdir -p /home/"$PERMUSER"/.ssh
run_as_user mkdir -p /home/"$PERMUSER"/.gnupg
run_as_user touch /home/"$PERMUSER"/.gnupg/gpg-agent.conf

cat <<EOL >> /home/$PERMUSER/.gnupg/gpg-agent.conf
enable-ssh-support
pinentry-program /usr/bin/pinentry-gnome3
default-cache-ttl 34560000
max-cache-ttl 34560000
EOL

cat <<EOL >> /home/$PERMUSER/.config/npm/npmrc
prefix=\${XDG_DATA_HOME}/npm
cache=\${XDG_CACHE_HOME}/npm
init-module=\${XDG_CONFIG_HOME}/npm/config/npm-init.js
logs-dir=\${XDG_STATE_HOME}/npm/logs
EOL

run_as_user find /home/"$PERMUSER"/.gnupg -type f -exec chmod 600 {} \;
run_as_user find /home/"$PERMUSER"/.gnupg -type d -exec chmod 700 {} \;
run_as_user find /home/"$PERMUSER"/.ssh -type f -exec chmod 600 {} \;
run_as_user find /home/"$PERMUSER"/.ssh -type d -exec chmod 700 {} \;

chsh -s /bin/zsh "$PERMUSER"

# Make pacman colorful, concurrent downloads and Pacman eye-candy.
grep -q "ILoveCandy" /etc/pacman.conf || sed -i "/#VerbosePkgLists/a ILoveCandy" /etc/pacman.conf
sed -Ei "s/^#(ParallelDownloads).*/\1 = 5/;/^#Color$/s/#//" /etc/pacman.conf

# Disable Pacman sandbox since kernel doesn't support landlock (only for custom kernels from my artix script)
# sed -Ei "s/^#(DisableSandbox).*/\1/" /etc/pacman.conf

# Use all cores for compilation.
sed -i "s/-j2/-j$(nproc)/;/^#MAKEFLAGS/s/^#//" /etc/makepkg.conf

if [ -x "$(command -v doas)" ]; then
  # Use doas for Pacman authentification
  sed -i 's/#PACMAN_AUTH=.*$/PACMAN_AUTH=(doas)/' /etc/makepkg.conf
fi

cat <<EOL >> /usr/share/libalpm/hooks/statusbar.hook
[Trigger]
Operation = Upgrade
Type = Package
Target = *

[Action]
Description = Updating statusbar...
When = PostTransaction
Exec = /usr/bin/pkill -RTMIN+8 waybar
EOL

cat <<EOL >> /etc/pacman.d/hooks/sing-box.hook
[Trigger]
Type = Package
Operation = Install
Operation = Upgrade
Target = sing-box

[Action]
Description = Setting rights for sing-box...
When = PostTransaction
Exec = /usr/bin/setcap cap_net_admin=ep /usr/sbin/sing-box
EOL

run_as_user git clone https://aur.archlinux.org/paru.git
cd paru
run_as_user makepkg -csi --noconfirm
cd "$WORKDIRECTORY"
DEPLIST="`sed -e 's/#.*$//' -e '/^$/d' aurdeps.txt | tr '\n' ' '`"
run_as_user paru --sudo doas -S $DEPLIST --noconfirm
run_as_user dbus-launch gsettings set org.gnome.desktop.wm.preferences button-layout 'appmenu'
run_as_user dbus-launch gsettings set org.gnome.desktop.interface font-name "Sans 11"
cd ..
rm -rf hyprdots
rm -rf paru
rm -rf go

dinitctl enable cronie
echo "*/30 * * * * export DBUS_SESSION_BUS_ADDRESS=\$(rg --null-data \"DBUS_SESSION_BUS_ADDRESS\" \"/proc/\$(pgrep -x waybar)/environ\" | sed 's/DBUS_SESSION_BUS_ADDRESS=//'); /home/$PERMUSER/.local/bin/cron/newsup
*/30 * * * * export DBUS_SESSION_BUS_ADDRESS=\$(rg --null-data \"DBUS_SESSION_BUS_ADDRESS\" \"/proc/\$(pgrep -x waybar)/environ\" | sed 's/DBUS_SESSION_BUS_ADDRESS=//'); /home/$PERMUSER/.local/bin/cron/checkup
*/10 * * * * export DBUS_SESSION_BUS_ADDRESS=\$(rg --null-data \"DBUS_SESSION_BUS_ADDRESS\" \"/proc/\$(pgrep -x waybar)/environ\" | sed 's/DBUS_SESSION_BUS_ADDRESS=//'); /home/$PERMUSER/.local/bin/cron/mailup" | run_as_user crontab -

run_as_user git clone https://git.awy.one/mutt-wizard /home/"$PERMUSER"/mutt-wizard
cd /home/"$PERMUSER"/mutt-wizard
make install

cd /home/"$PERMUSER"
run_as_user git clone https://git.awy.one/autofox
cd autofox
run_as_user ./configure_firefox.sh
cd /home/"$PERMUSER"

rm -rf autofox
rm -rf mutt-wizard

# MPV
thumbfastlua_url=https://raw.githubusercontent.com/po5/thumbfast/refs/heads/master/thumbfast.lua
thumbfastconf_url=https://raw.githubusercontent.com/po5/thumbfast/refs/heads/master/thumbfast.conf
sponsorblock_url=https://codeberg.org/jouni/mpv_sponsorblock_minimal/raw/branch/master/sponsorblock_minimal.lua
config_dir="/home/$PERMUSER/.config/mpv"
scriptopts_dir="$config_dir/script-opts"

run_as_user mkdir -p "$config_dir/scripts"
run_as_user mkdir -p $scriptopts_dir || echo "Couldn't create: $scriptopts_dir"

# thumbfast
run_as_user curl -Ls -o "$config_dir/scripts/thumbfast.lua" $thumbfastlua_url || echo "Couldn't download: $thumbfastlua_url"
run_as_user curl -Ls -o "$scriptopts_dir/thumbfast.conf" $thumbfastconf_url || echo "Couldn't download: $thumbfastconf_url"
sed -Ei "s/(network).*/\1=yes/" "$scriptopts_dir/thumbfast.conf"

# sponsorblock
run_as_user curl -Ls -o "$config_dir/scripts/sponsorblock_minimal.lua" $sponsorblock_url || echo "Couldn't download: $sponsorblock_url"

# necessary symlinks (pass for mutt-wizard and bemenu for tessen)
ln -s /bin/gopass /bin/pass

# pam
sed -i '/auth[[:space:]]*include[[:space:]]*system-local-login/a auth optional pam_gnome_keyring.so' /etc/pam.d/login
sed -i '/session[[:space:]]*include[[:space:]]*system-local-login/a session optional pam_gnome_keyring.so auto_start' /etc/pam.d/login
echo "password optional pam_gnome_keyring.so" >> /etc/pam.d/passwd

yes | run_as_user paru --sudo doas -Scc
rm -rf /home/"$PERMUSER"/.cargo

if [ -x "$(command -v doas)" ]; then
  rm /etc/doas.conf
  mv /etc/doas.bak /etc/doas.conf
else
  rm /etc/sudoers.d/temp
fi

chown -R $PERMUSER:wheel /home/$PERMUSER

# cleanup
rm -rf /home/$PERMUSER/.cache/go-build

echo "Your linux is riced!"