#!/bin/bash

if (( $EUID != 0 )); then
	echo "This script has to be executed as root!"
	exit
fi

echo "Installing sssd and zsh..."
apt update
apt install sssd zsh -y || true

mkdir /etc/ldap
echo "TLS_CACERT      /usr/local/share/ca-certificates/bit.crt" > /etc/ldap/ldap.conf

echo "Downloading sssd.conf..."
wget -qO /etc/sssd/sssd.conf https://internal.bit-host.io/sssd/sssd.conf
chmod 0600 /etc/sssd/sssd.conf

echo "Downloading nsswitch.conf..."
wget -qO /etc/nsswitch.conf https://internal.bit-host.io/sssd/nsswitch.conf
echo "Downloading sudoers file..."
wget -qO /etc/sudoers.d/90-sssd-users https://internal.bit-host.io/sssd/sssd-sudoers
echo "Downloading pam-config..."
wget -qO /usr/share/pam-configs/ldap https://internal.bit-host.io/sssd/pam-config

echo "Starting sssd..."
systemctl enable --now sssd

echo "Setting up ssh key authentication via sssd..."
echo "AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys" >> /etc/ssh/sshd_config
echo "AuthorizedKeysCommandUser root" >> /etc/ssh/sshd_config

echo "Enabling mkhomedir..."
pam-auth-update --enable mkhomedir

echo ""
echo "---------------------------------------------------------------"
echo "- Setup complete! It is recommended to reboot the system now. -"
echo "---------------------------------------------------------------"