#!/bin/bash
echo "$0 Starting ..."
errcnt=0

# Process options passed on the boot command line
for curopt in $(< /proc/cmdline)
do
    case "${curopt}" in
      # Configure keyboard layout if requested in the boot command line
      setkmap=*)
          echo "Found option '${curopt}' on the boot command line"
          localectl set-keymap ${curopt#*=}
          ;;

      # Configure root login shell if requested in the boot command line
      rootshell=*)
          echo "Found option '${curopt}' on the boot command line"
          chsh --shell ${curopt#*=} root
          ;;

      # Set the system root password from a clear password
      rootpass=*)
          echo "Found option '${curopt%%=*}=******' on the boot command line"
          if echo "root:${curopt#*=}" | chpasswd --crypt-method SHA512
          then
              echo "Password successfully changed"
          else
              echo "Failed to change password"
              errcnt=$((errcnt + 1))
          fi
          ;;

      # Set the system root password from an encrypted password
      # A password can be encrypted using a one-line python3 command such as:
      # python3 -c 'import crypt; print(crypt.crypt("MyPassWord123", crypt.mksalt(crypt.METHOD_SHA512)))'
      rootcryptpass=*)
          echo "Found option '${curopt%%=*}=******' on the boot command line"
          if echo "root:${curopt#*=}" | chpasswd --encrypted
          then
              echo "Password successfully changed"
          else
              echo "Failed to change password"
              errcnt=$((errcnt + 1))
          fi
          ;;

      # Option to allow user to disable the firewall
      nofirewall)
          echo "Found option '${curopt}' on the boot command line"
          # The firewall service(s) must be in the Before-section of sysrescue-initialize.service
          systemctl disable --now iptables.service ip6tables.service
          ;;

      # Auto-start the graphical environment (tty1 only)
      # dovnc implies dostartx
      dostartx|dovnc)
          echo "Found option '${curopt}' on the boot command line"
          str='[[ ! $DISPLAY ]] && [[ ! $SSH_TTY ]] && [[ $XDG_VTNR == 1 ]] && startx'
          grep -qF "$str" /root/.bash_profile || echo "$str" >> /root/.bash_profile
          echo "$str" > /root/.zlogin
          # Must not break out of the case block because there is another dovnc pattern to match below
          ;;&

      # Require authenticated console access
      noautologin)
          echo "Found option '${curopt}' on the boot command line"
          systemctl revert getty@.service serial-getty@.service
          ;;

      # Set the VNC password from a clear password
      vncpass=*)
          echo "Found option '${curopt%%=*}=******' on the boot command line"
          mkdir -p /root/.vnc
          if x11vnc -storepasswd ${curopt#*=} /root/.vnc/passwd
          then
              echo "VNC password successfully changed"
          else
              echo "Failed to change VNC password"
              errcnt=$((errcnt + 1))
          fi
          ;;

      # Auto-start x11vnc with the graphical environment
      dovnc)
          # The "Found option..." message was already shown above in the dostartx pattern
          {
              echo '[ -f ~/.vnc/passwd ] && pwopt="-usepw" || pwopt="-nopw"'
              echo 'x11vnc $pwopt -nevershared -forever -logfile /var/log/x11vnc.log &'
          } > /root/.xprofile
          ;;
    esac
done

exit ${errcnt}