#!/usr/bin/env bash
################################################################################
# This is property of eXtremeSHOK.com
# You are free to use, modify and distribute, however you may not remove this notice.
# Copyright (c) Adrian Jon Kriel :: admin@extremeshok.com
################################################################################
#
# Script updates can be found at: https://github.com/extremeshok/xshok-proxmox
#
# post-installation script for Proxmox
#
# License: BSD (Berkeley Software Distribution)
#
################################################################################
#
# Assumptions: proxmox installed
#
# Notes:
# to disable the MOTD banner, set the env NO_MOTD_BANNER to true (export NO_MOTD_BANNER=true)
#
################################################################################
#
#    THERE ARE NO USER CONFIGURABLE OPTIONS IN THIS SCRIPT
#
################################################################################

# Set the local
export LANG="en_US.UTF-8"
export LC_ALL="C"

## Force APT to use IPv4
echo -e "Acquire::ForceIPv4 \"true\";\\n" > /etc/apt/apt.conf.d/99force-ipv4

## disable enterprise proxmox repo
if [ -f /etc/apt/sources.list.d/pve-enterprise.list ]; then
  echo -e "#deb https://enterprise.proxmox.com/debian bullseye pve-enterprise\\n" > /etc/apt/sources.list.d/pve-enterprise.list
fi
## enable public proxmox repo
if [ ! -f /etc/apt/sources.list.d/proxmox.list ] && [ ! -f /etc/apt/sources.list.d/pve-public-repo.list ] && [ ! -f /etc/apt/sources.list.d/pve-install-repo.list ] ; then
  echo -e "deb http://download.proxmox.com/debian bullseye pve-no-subscription\\n" > /etc/apt/sources.list.d/pve-public-repo.list
fi

## Add non-free to sources
sed -i "s/main contrib/main non-free contrib/g" /etc/apt/sources.list

## Add the latest ceph provided by proxmox
# echo "deb http://download.proxmox.com/debian/ceph-luminous stretch main" > /etc/apt/sources.list.d/ceph.list

## Refresh the package lists
apt-get update


## Install common system utilities
/usr/bin/env DEBIAN_FRONTEND=noninteractive apt -y upgrade
/usr/bin/env DEBIAN_FRONTEND=noninteractive apt-get -y -o Dpkg::Options::='--force-confdef' install whois ncdu tmux screen sshpass wget axel nano pigz net-tools iptraf iotop iftop iperf unzip zip software-properties-common curl dos2unix dialog mlocate build-essential git ipset htop fish neofetch glusterfs-server glusterfs-client tmate lshw ifupdown2 sudo ethtool

/usr/bin/env DEBIAN_FRONTEND=noninteractive apt-get -y install gnupg1 apt-transport-https dirmngr
export INSTALL_KEY=379CE192D401AB61
apt-key adv --keyserver keyserver.ubuntu.com --recv-keys $INSTALL_KEY
#echo "deb https://ookla.bintray.com/debian generic main" | tee /etc/apt/sources.list.d/speedtest.list
curl -s https://packagecloud.io/install/repositories/ookla/speedtest-cli/script.deb.sh | sudo bash
apt-get update
/usr/bin/env DEBIAN_FRONTEND=noninteractive apt-get -y install speedtest

#systemctl enable glusterd

#snmpd snmp-mibs-downloader
chsh -s /usr/bin/fish

## Install kexec, allows for quick reboots into the latest updated kernel set as primary in the boot-loader.
# use command 'reboot-quick'
echo "kexec-tools kexec-tools/load_kexec boolean false" | debconf-set-selections
/usr/bin/env DEBIAN_FRONTEND=noninteractive apt-get -y -o Dpkg::Options::='--force-confdef' install kexec-tools

cat <<'EOF' > /etc/systemd/system/kexec-pve.service
[Unit]
Description=boot into into the latest pve kernel set as primary in the boot-loader
Documentation=man:kexec(8)
DefaultDependencies=no
Before=shutdown.target umount.target final.target

[Service]
Type=oneshot
ExecStart=/sbin/kexec -l /boot/pve/vmlinuz --initrd=/boot/pve/initrd.img --reuse-cmdline

[Install]
WantedBy=kexec.target
EOF
systemctl enable kexec-pve.service
echo "alias reboot-quick='systemctl kexec'" >> /root/.bash_profile
mkdir -p /root/.config/fish
  echo "alias reboot-quick 'systemctl kexec'" >> /root/.config/fish/config.fish

## Remove no longer required packages and purge old cached updates
/usr/bin/env DEBIAN_FRONTEND=noninteractive apt-get -y -o Dpkg::Options::='--force-confdef' autoremove
/usr/bin/env DEBIAN_FRONTEND=noninteractive apt-get -y -o Dpkg::Options::='--force-confdef' autoclean

## Bugfix: reserve 512MB memory for system
echo "vm.min_free_kbytes = 524288" >> /etc/sysctl.conf
echo "net.ipv4.tcp_mem=1280000 1280000 1280000" >> /etc/sysctl.conf
echo "net.ipv4.tcp_wmem = 32768 131072 1280000" >> /etc/sysctl.conf
echo "net.ipv4.tcp_rmem = 32768 131072 1280000" >> /etc/sysctl.conf
echo "net.core.rmem_max=16777216" >> /etc/sysctl.conf
echo "net.core.wmem_max=16777216" >> /etc/sysctl.conf
echo "net.core.rmem_default=16777216" >> /etc/sysctl.conf
echo "net.core.wmem_default=16777216" >> /etc/sysctl.conf
echo "net.core.optmem_max=1524288" >> /etc/sysctl.conf
echo "net.ipv4.tcp_sack=0" >> /etc/sysctl.conf
echo "net.ipv4.tcp_timestamps=0" >> /etc/sysctl.conf
echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf
echo "net.ipv6.conf.all.forwarding=1" >> /etc/sysctl.conf
sysctl -p

## Remove subscription banner
#if [ -f "/usr/share/javascript/proxmox-widget-toolkit/proxmoxlib.js" ] ; then
#  sed -i "s/.data.status.toLowerCase() !== 'active'/.data.status.toLowerCase() == 'active'/g" /usr/share/javascript/proxmox-widget-toolkit/proxmoxlib.js
#  sed -i "s/res === null || res === undefined || !res/false/g" /usr/share/javascript/proxmox-widget-toolkit/proxmoxlib.js
# create a hourly cron to make sure the banner does not re-appear
#  cat <<'EOF' > /etc/cron.hourly/proxmox-nosub
##!/bin/sh
# eXtremeSHOK.com Remove subscription banner
#sed -i "s/.data.status.toLowerCase() !== 'active'/.data.status.toLowerCase() == 'active'/g" /usr/share/javascript/proxmox-widget-toolkit/proxmoxlib.js
#sed -i "s/res === null || res === undefined || !res/false/g" /usr/share/javascript/proxmox-widget-toolkit/proxmoxlib.js
#EOF
#  chmod 755 /etc/cron.hourly/proxmox-nosub
#fi
# pve-nag-buster
wget https://raw.githubusercontent.com/foundObjects/pve-nag-buster/master/install.sh
sudo bash install.sh

## Increase max user watches
# BUG FIX : No space left on device
echo 1048576 > /proc/sys/fs/inotify/max_user_watches
echo "fs.inotify.max_user_watches=1048576" >> /etc/sysctl.conf
echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf
echo ""
sysctl -p /etc/sysctl.conf

## Increase max FD limit / ulimit
cat <<EOF >> /etc/security/limits.conf
# eXtremeSHOK.com Increase max FD limit / ulimit
* soft     nproc          256000
* hard     nproc          256000
* soft     nofile         256000
* hard     nofile         256000
root soft     nproc          256000
root hard     nproc          256000
root soft     nofile         256000
root hard     nofile         256000
EOF

## Increase kernel max Key limit
cat <<EOF > /etc/sysctl.d/60-maxkeys.conf
# eXtremeSHOK.com
# Increase kernel max Key limit
kernel.keys.root_maxkeys=1000000
kernel.keys.maxkeys=1000000
EOF

## Set systemd ulimits
echo "DefaultLimitNOFILE=256000" >> /etc/systemd/system.conf
echo "DefaultLimitNOFILE=256000" >> /etc/systemd/user.conf
echo 'session required pam_limits.so' | tee -a /etc/pam.d/common-session-noninteractive
echo 'session required pam_limits.so' | tee -a /etc/pam.d/common-session
echo 'session required pam_limits.so' | tee -a /etc/pam.d/runuser-l

## Set ulimit for the shell user
cd ~ && echo "ulimit -n 256000" >> .bashrc ; echo "ulimit -n 256000" >> .profile

# add wireguard module

echo "wireguard" >> /etc/modules

# propagate the setting into the kernel
update-initramfs -u -k all

# Disable lid switch for laptops
echo "HandleLidSwitch=ignore" >> /etc/systemd/logind.conf
systemctl restart systemd-logind.service

## Script Finish
echo -e '\033[1;33m Finished....please restart the system \033[0m'
echo -e "\033[1;33mIP INFO\033[0m"
ip a

echo "Rebooting, cancel now!"
sleep 10

reboot