#!/bin/sh

# go through normal rpi install. select "none" for disk, and select mmcblkp1 for storing configs
# run "lbu commit -d" after install to save changes.
# Then run this script

echo "input username to add: "
read name 

if [ "$name" ]; then
    adduser "$name"
    adduser "$name" wheel
fi

apk add doas

sed -i 's/# permit/permit/g' /etc/doas.conf


#add /home/ to lbu
lbu include /home/


#setup samba server

    #install needed packages
    apk add samba

    #make share location
    mkdir /media/storage/
    chmod 0777 /media/storage


    doas mv /etc/samba/smb.conf /etc/samba/smb.conf.orig

    touch /etc/samba/smb.conf

    {
    echo "[global]"
    echo "workgroup = WORKGROUP"
    echo "dos charset = cp850"
    echo "unix charset = ISO-8859-1"
    echo "force user = $name"         # should this be removed?
 
    echo "[storage]"
    echo "browseable = yes"
    echo "writeable = yes"
    echo "path = /media/storage"
    } >> /etc/samba/smb.conf

echo "Enter samba password for this user. (should be the same as user password entered earlier)"
smbpasswd -a "$name"

rc-update add samba
rc-service samba start

lbu include /var/lib/samba/ #add dir where samba user info is stored

lbu commit -d

echo "mount drives at /media/storage/ to be seen remotely" 

#transmission setup
echo "uncomment community repository in the file about to be opened in vi"
sleep 10
vi /etc/apk/repositories

#install transmission
apk add transmission-daemon transmission-daemon-openrc

rc-update add transmission-daemon
rc-service transmission-daemon start #start transmission once to setup config file

#TODO add way to modify transmission config automatically after this
#stop transmission
#sed find/replace for options below
#start transmission

#add the hostname of the rpi to "rpc-host-whitelist" entry in file /var/lib/transmission/config/settings.json

#add the ip address of your machine to "rpc-whitelist" entry in the same file so transmission will allow your computer to connect to it.

#make sure transmission is stopped with "rc-service transmission-daemon stop" before changing file since the file is overwritten when transmission closes

#change "download-dir" to a directory on the external HDD

#make sure the drive has correct permissions to allow user transmission in group transmission to create new files/directories
# adduser alex transmission  # adds user alex to group transmission
# chown -R alex:transmission /media/storage/Toshiba_HDD/ #makes entire drive mounted at /media/Toshiba_HDD owned by user alex in group transmission
# chmod -R 0777 /media/storage/Toshiba_HDD/ #recursively give correct read/write permissions on files in drive 

#you can connect to transmission daemon using tremc -c @nagato:9091 or by opening nagato:9091 in a browser


#setup ufw firewall

apk add ufw

ufw default deny incoming
ufw default allow outgoing 
ufw allow https
ufw allow ssh

ufw allow 56881:56889/tcp #enable transmission ports

 ufw allow 9091/tcp #allow transmission clients access

 ufw allow transmission

 ufw allow cifs
 ufw allow nfs

#may be needed for samba
#ufw allow 137:138/udp
#ufw allow 139/tcp
#ufw allow 445/tcp

ufw enable
rc-update add ufw
rc-service ufw start


#add haveged for faster boot time
apk update
apk add haveged
rc-update add haveged boot
rc-service haveged start
lbu commit -d