#!/bin/bash
set -euf -o pipefail

export DEBIAN_FRONTEND=noninteractive
apt-get update -q
apt-get full-upgrade -y -q
apt-get install -y -q --no-install-recommends openssh-server python python-apt

passwd -d root && passwd -l root
{% if install_distro == "debian" %}
sed -e 's/^allow-hotplug/auto/' -i /etc/network/interfaces
{% endif %}
sed -r 's#(\s+/var/log\s+ext4\s+)defaults#\1noatime,nodev,noexec#g' -i /etc/fstab

mkdir -p -m 0700 /target/root/.ssh
cat <<EOK > /root/.ssh/authorized_keys
{{ ssh_keys_root | join('\n') }}
EOK
{% if hostvars[hostname].ansible_port is defined %}
sed -e 's/^\(\s*#*\s*Port.*\)/Port {{ hostvars[hostname].ansible_port }}/' -i /etc/ssh/sshd_config
{% endif %}

{# this is actually only needed on ubuntu bionic and beyond but should not hurt on other installations either #}
swapoff -a
sed -e '/^\/swapfile/d' -i /etc/fstab
rm -f /swapfile

{% if hetzner_root_lvm_size != "all" %}
umount /dummy
sed -e '/\/dummy/d' -i /etc/fstab
rm -rf /dummy

raid_devices=$(mdadm -Q -Y --detail /dev/md2 2> /dev/null | awk -F = '/MD_DEVICE_.*_DEV=/ { print($2) }')
if [ -n "$raid_devices" ]; then
  mdadm --stop /dev/md2 2> /dev/null
  for dev in $raid_devices; do
    wipefs -a "$dev"
  done
  sed -e '/^ARRAY \/dev\/md\/2 /d' -i /etc/mdadm/mdadm.conf
  update-initramfs -u
fi
{% endif %}

update-grub

echo "postinst.sh finished successfully"