#!/bin/bash

globalextra=$(findtemplate domain primary_globalextra.conf)
namedoption=$(findtemplate domain named.conf.options )

dhcpconf4=$(findtemplate  domain dhcpd4.conf)
dhcpconf6=$(findtemplate  domain dhcpd6.conf)
dhcpupdate=$(findtemplate domain update-samba-dns.sh)
radvdconf=$(findtemplate  domain radvd.conf)

# -------------------------------------------
# permission certifikat files
# -------------------------------------------
check_cert

# -------------------------------------------
# check netdevice
# -------------------------------------------
if [ "$vanetdeviceInput" = "" ]; then
  echo "Bitte Device auswählen" >&2
  exit 1;
fi

# -------------------------------------------
# bereinigen
# -------------------------------------------

systemctl daemon-reload
mne_error_ignore=1
systemctl disable --now smbd nmbd winbind systemd-resolved 2>&$logfile 1>&$logfile
systemctl mask          smbd nmbd winbind 2>&$logfile 1>&$logfile
systemctl unmask  samba-ad-dc.service 2>&$logfile 1>&$logfile
mne_error_ignore=

systemctl enable samba-ad-dc.service 2>&$logfile 1>&$logfile
systemctl stop   samba-ad-dc.service 2>&$logfile 1>&$logfile

systemctl enable named.service 2>&$logfile 1>&$logfile

systemctl daemon-reload

rm_config

hostname=$(hostname)

# -------------------------------------------
# domain provision
# -------------------------------------------
savefile "$domainconfigfile"
if [ "$vadomaintypInput" == "primary" ]; then
  samba-tool domain provision \
    --option="interfaces=lo,$vanetdeviceInput" \
     --option="bind interfaces only=yes" \
     --use-rfc2307 \
     --realm="$vadomainInput" \
     --domain="$vaworkgroupInput" \
     --server-role=dc \
     --dns-backend=SAMBA_INTERNAL \
     --adminpass="$vaadminpasswordInput" >&$logfile 2>&$logfile

else
  echo "nameserver $vaprimaryaddrInput" > /etc/resolv.conf
  echo "search $vadomainInput" >> /etc/resolv.conf

	samba-tool domain join $vadomainInput DC \
    --option="interfaces=lo,$vanetdeviceInput" \
    --option="bind interfaces only=yes" \
    --realm="$vadomainInput" -U"$vaadministratorInput" \
    --dns-backend=SAMBA_INTERNAL \
    --password="$vaadminpasswordInput" >&$logfile 2>&$logfile
  
fi

samba_upgradedns --dns-backend=BIND9_DLZ >&$logfile 2>&$logfile

mod_smbconf
mod_bind "$namedoption"
mod_netpar "$vadomainInput" "$vanetdeviceInput" "$vadnsforwarderInput" "$vadnssearchInput"
mod_cert "$vaworkgroupInput" "$globalextra"
mod_kerberos

samba-tool user setexpiry --noexpiry administrator >&$logfile 2>&$logfile
samba-tool user setexpiry --noexpiry dns-"$hostname" >&$logfile 2>&$logfile
samba-tool domain passwordsettings set --complexity=off >&$logfile 2>&$logfile
samba-tool domain passwordsettings set --min-pwd-length=1 >&$logfile 2>&$logfile
samba-tool user setpassword "administrator" --newpassword="$vaadminpasswordInput" >&$logfile 2>&$logfile
samba-tool group addmembers DnsAdmins dns-"$hostname" >&$logfile 2>&$logfile
samba-tool user disable Guest

mne_need_error
samba-tool user show www-data >/dev/null 2>/dev/null
if [ "$?" != "0" ]; then
  samba-tool user create www-data --rfc2307-from-nss --random-password --description="Unprivileged user for Webservices" >&$logfile 2>&$logfile
  samba-tool user setexpiry --noexpiry www-data >&$logfile 2>&$logfile
fi

mkdir -p /etc/mne/dns >&$logfile 2>&$logfile
chmod 755 /etc/mne/dns

systemctl restart samba-ad-dc >&$logfile 2>&$logfile
systemctl restart named >&$logfile 2>&$logfile
sleep 2
systemctl status samba-ad-dc >&$logfile 2>&$logfile

echo "$vaadminpasswordInput" | kinit  administrator@$udomain >&$logfile 2>&$logfile
klist >&$logfile 2>&$logfile

# -------------------------------------------
# Grant share Rights to Domainadmins
# -------------------------------------------
workgroup=$(samba-tool domain info 127.0.0.1 | awk -v FS=: '/Netbios domain/ { sub(/^[ \t]+/, "", $2); print $2 }')

echo "$vaadminpasswordInput" | net rpc rights grant "$workgroup\Domain Admins" SeDiskOperatorPrivilege -Uadministrator -I 127.0.0.1 >&$logfile 2>&$logfile 

mod_dhcp "$vadhcpdnsInput" "$vadhcpstartInput" "$vadhcpendInput" "$vadhcp6dnsInput" "$vadhcp6startInput" "$vadhcp6endInput" \
         "$vadomainInput" "$vadnssearchInput" "" "" "nicht mehr relevant" \
         "$dhcpconf4" "$dhcpconf6" "$dhcpupdate" "$radvdconf"

needreboot=1

