#!/bin/bash

############################################
# Script eole-common
############################################

action=$1

. /usr/lib/eole/ihm.sh

systemctl enable ferme-firewall

#recharger les fichiers override
systemctl daemon-reload
CreoleRun "systemctl daemon-reload" all yes yes

#test si le réseau est configuré sinon renvoie une erreur (#1100)
adresse_ip_eth0=`CreoleGet adresse_ip_eth0`
if [ "$adresse_ip_eth0" = "" ]; then
        EchoRouge "Impossible de déterminer l'adresse réseau \"adresse_ip_eth0\"."
        EchoRouge "Redemarrage du reseau"
        service networking restart
        EchoRouge "#######################################################################"
        EchoRouge "# Veuillez relancer $action"
        EchoRouge "#######################################################################"
        exit 1
fi

#pour rsyslog
[[ ! -d /var/log/rsyslog ]] && mkdir -p /var/log/rsyslog
chown -R syslog:adm /var/log/rsyslog

#pour l'envoi des logs (#11404)
if [ "$(CreoleGet activer_envoi_logs non)" = oui ];then
    if [ ! -d "/var/log/rsyslog/queues" ];then
        mkdir -p /var/log/rsyslog/queues
        chown syslog:adm /var/log/rsyslog/queues
    fi
fi

#pour les logs de certains outils
mkdir -p /var/log/eole

#pour logrotate
LOG_BASE=/var/log/rsyslog
LOG_TYPES="local remote"
LOGROTATE_CONF_D=/etc/logrotate.d
LOGROTATED_DIRS=''

# Clean generated files
for log_type in ${LOG_TYPES}
do
	[ -e ${LOGROTATE_CONF_D}/generated_${log_type}_rules ] \
	    && rm -f ${LOGROTATE_CONF_D}/generated_${log_type}_rules
done

# Get all directories referenced in logrotate configuration
# Create them if they don't exists
for log_file in $(sed -ne '/^\/.*\.log/ s,{*,,p' ${LOGROTATE_CONF_D}/* 2> /dev/null); do
	log_dir=$(dirname ${log_file})
	LOGROTATED_DIRS="${LOGROTATED_DIRS:+${LOGROTATED_DIRS}$'\n'}${log_dir}"
	if [ ! -d "${log_dir}" ]
	then
		mkdir -p "${log_dir}"
		chown syslog:adm "${log_dir}"
	fi
done

# Deduplicate directory list
LOGROTATED_DIRS=$(echo "$LOGROTATED_DIRS" | sort -u)

vpn_service() {
    ACTION=$1
    HA_RSC_FILE="/etc/ha.d/.rsc_list"
    if [ -e $CONFRVP ] && [ "$install_rvp" = "oui" ]
    then
        if [ -e $INITRVP_AMON ]
        then
            $INITRVP_AMON $ACTION
        else
            INITRVP_ACTION="yes"
            if [ -e $HA_RSC_FILE ]
            then
                while read LINE
                do
                    SCE=$(echo "$LINE"|cut -d " " -f3)
                    if [ "$SCE" == "$INITRVP" ]
                    then
                        echo "HA STRONGSWAN"
                        INITRVP_ACTION="no"
                        break
                    fi
                done< $HA_RSC_FILE
            fi
            if [ "$INITRVP_ACTION" == "yes" ]
            then
                service $INITRVP $ACTION
            fi
        fi
    fi
}

get_not_rotated_log_files() {
	local base_dir="${1}"
	local not_rotated=""
	[ -d "${base_dir}" ] || return
	for log_file in $(find ${base_dir} -type f -name '*.log')
	do
		log_dir=$(dirname ${log_file})
		if [[ ! "$LOGROTATED_DIRS" =~ ${log_dir} ]]; then
			# Avoid newline when ${not_rotated} is empty
			not_rotated="${not_rotated:+${not_rotated}$'\n'}${log_file}"
		fi
	done
	echo -e "${not_rotated}"
}

gen_globs_from_files() {
	local levels='\(panic\|emerg\|crit\|err\|error\|alert\|warn\|warning\|info\|notice\|debug\)'
	echo "$@" | sed -e "s,\.${levels}\.,.\*.," | sort -u
}

generate_logrotate_rules() {
	local GLOBBING=$-
	set -f # Disable globbing
	local rules_file="${1}"
	shift # strip first parameter
	local globs="$@"
	local globsuniq=$(echo $globs | sort -u)
	local logs=""
	# Avoid expanding globs
	for log_glob in ${globsuniq}
	do
		[ -n "${log_glob}" ] || continue
		logs="${logs:+${logs}$'\n'}${log_glob}"
	done
	if [ -n "${logs}" ]; then
		cat >> ${rules_file} <<EOF
$logs {
	missingok
	daily
	rotate 366
	compress
	sharedscripts
	postrotate
		service rsyslog force-reload
	endscript
}
EOF
	fi
	[[ "${GLOBBING}" =~ f ]] && set +f

}

for log_type in ${LOG_TYPES}
do
	rotate_conf_file=${LOGROTATE_CONF_D}/generated_${log_type}_rules
	log_dir=${LOG_BASE}/${log_type}

	[ -f "${rotate_conf_file}" ] && rm -f "${rotate_conf_file}"

	echo "# Rules automatically generated" >> ${rotate_conf_file}
	# Do not forget the double quoting or globs will be expanded
	FILES="$(get_not_rotated_log_files ${log_dir})"
	GLOBS="$(gen_globs_from_files "${FILES}")"
	generate_logrotate_rules ${rotate_conf_file} "${GLOBS}"
done

#commente HISTSIZE et HISTFILESIZE car ce sont des paramétrages en lecture seule
sed -i 's/^HISTSIZE/#HISTSIZE/g' /root/.bashrc
sed -i 's/^HISTFILESIZE/#HISTFILESIZE/g' /root/.bashrc

#suppression du log des appels xml-rpc de twisted (cf. #1454)
if [ -f /usr/share/pyshared/twisted/web/http.py ];then
    sed -i '/self.logFile.write(line)/d' /usr/share/pyshared/twisted/web/http.py
fi

#prend en compte le template 10-console-messages.conf
cat /etc/sysctl.d/10-console-messages.conf | sysctl -p - > /dev/null

#regénération des règles iptables
INITRVP='strongswan'
INITRVP_AMON='/usr/share/eole/sbin/rvp'
install_rvp=$(CreoleGet install_rvp non)
if [ "$install_rvp" = "oui" ]
then
    if [ "$(CreoleGet sw_database_mode)" = "oui" ]
    then
        CONFRVP='/etc/ipsec.d/ipsec.db'
    else
        CONFRVP='/etc/ipsec.secrets'
    fi
else
    CONFRVP=''
fi
vpn_service start > /dev/null
[ -f /lib/systemd/system/bind9.service ] && CreoleService bind9 start > /dev/null
echo -n "Génération des règles de pare-feu"
. /usr/share/eole/firewall.start
if [ $? -ne 0 ]; then
    echo
    EchoRouge "Erreur à la génération des règles de pare-feu"
    rm -f /etc/eole/iptables
    rm -f /etc/eole/ipset
    exit 1
fi
echo
#on repasse en mode forteresse avant le démarrage du service
[ -f /lib/systemd/system/bind9.service ] && CreoleService bind9 stop > /dev/null
service bastion stop > /dev/null

#notamment pour Era (#8106)
mkdir -p /root/.local/share

#activation/désactivation de la séquence ctrl-alt-suppr (#17337)
TARGET="/etc/systemd/system/ctrl-alt-del.target"
if [ $(CreoleGet activer_ctrl_alt_suppr) = "oui" ];then
    [ -L $TARGET ] && rm -f $TARGET
else
    [ ! -e $TARGET ] && ln -nsf /dev/null $TARGET
fi

exit 0
