#!/bin/sh

if mountpoint -q /rw ; then
    # This means /rw is mounted now.
    echo "Checking /rw" >&2

    if ! [ -d /rw/config ] ; then
        echo "Virgin boot of the VM: populating /rw/config" >&2

        mkdir -p /rw/config
        touch /rw/config/rc.local
        cat > /rw/config/rc.local <<EOF
#!/bin/sh

# This script will be executed at every VM startup, you can place your own
# custom commands here. This include overriding some configuration in /etc,
# starting services etc.
#
# You need to make this script executable to have it enabled.

# Example for overriding the whole CUPS configuration:
#  rm -rf /etc/cups
#  ln -s /rw/config/cups /etc/cups
#  systemctl --no-block restart cups
EOF

        touch /rw/config/qubes-firewall-user-script
        cat > /rw/config/qubes-firewall-user-script <<EOF
#!/bin/sh

# This script is called in ProxyVM after firewall every update (configuration
# change, starting some VM etc). This is good place to write own custom
# firewall rules, in addition to autogenerated one. Remember that in most cases
# you'll need to insert the rules at the beginning (iptables -I) to have it
# efective.
#
# You need to make this script executable to have it enabled.
EOF

        touch /rw/config/suspend-module-blacklist
        cat > /rw/config/suspend-module-blacklist <<EOF
# You can list here modules you want to be unloaded before going to sleep. This
# file is used only if the VM has any PCI device assigned. Modules will be
# automatically loaded after resume.
EOF
    fi

    if ! [ -d /rw/usrlocal ] ; then
        if [ -d /usr/local.orig ] ; then
            echo "Virgin boot of the VM: populating /rw/usrlocal from /usr/local.orig" >&2
            cp -af /usr/local.orig /rw/usrlocal
        else
            echo "Virgin boot of the VM: creating /rw/usrlocal" >&2
            mkdir -p /rw/usrlocal
        fi
    fi

    if ! [ -d /rw/home ] ; then
        echo "Virgin boot of the VM: populating /rw/home" >&2
        mkdir -p /rw/home
    fi

    # Chown home if users' UIDs have changed - can be the case on template switch.
    for pair in $(getent passwd | awk -F : '/\/home/ { print $1":"$3":"$4":"$6 } ') ; do
        user=$(echo "$pair" | awk -F : ' { print $1 } ')
        uid=$(echo "$pair" | awk -F : ' { print $2 } ')
        gid=$(echo "$pair" | awk -F : ' { print $3 } ')
        homedir=$(echo "$pair" | awk -F : ' { print $4 } ')
        if ! test -d /rw"$homedir" ; then
            if [ "$homedir" == "/home/user" -a -d /home.orig/"$user" ] ; then
                echo "Virgin boot of the VM: populating /rw$homedir from /home.orig/$user" >&2
                cp -af /home.orig/"$user" /rw"$homedir"
            else
                echo "Virgin boot of the VM: populating /rw$homedir from /etc/skel" >&2
                cp -af /etc/skel /rw"$homedir"
            fi
            chown -R "$uid"  /rw"$homedir" &
            chgrp -R "$gid"  /rw"$homedir" &
            chmod 700 /rw"$homedir" &
            wait
        fi
        homedir_uid=$(ls -dn /rw"$homedir" | awk '{print $3}')
        homedir_gid=$(ls -dn /rw"$homedir" | awk '{print $4}')
        if [ "$uid" -ne "$homedir_uid" ]; then
            echo "Virgin boot of the VM: adjusting ownership on /rw$homedir to $uid" >&2
            find /rw/"$homedir" -uid "$homedir_uid" -print0 | xargs -0 echo chown "$uid"
        fi
        if [ "$gid" -ne "$homedir_gid" ]; then
            echo "Virgin boot of the VM: adjusting groupship on /rw$homedir to $gid" >&2
            find /rw/"$homedir" -gid "$homedir_gid" -print0 | xargs -0 echo chgrp "$gid"
        fi
    done

    echo "Finished checking /rw" >&2
fi

# Old Qubes versions had symlink /home -> /rw/home; now we use mount --bind
if [ -L /home ]; then
    rm /home
    mkdir /home
fi

if [ ! -e /var/lib/qubes/first-boot-completed ]; then
    touch /var/lib/qubes/first-boot-completed
fi