#!/bin/sh
#
# This script is called from cf3/cf.freeradius in case both freeradius and
# winbind packages are installed, but can also be run standalone.
#
# schweer, 2020-12-25

set -e

DIRNAME="/etc/freeradius/3.0/certs"
PASSWORD="$(pwgen -1)"

if [ ! -d $DIRNAME ] ; then
echo "-----------------------------------------------------------------------------"
	echo ""
	echo "Please install the freeradius and winbind packages, i.e. run:"
	echo "apt update && apt install winbind freeradius -qy"
	echo ""
echo "-----------------------------------------------------------------------------"
	exit 0
fi

/sbin/usermod -a -G winbindd_priv freerad

cd $DIRNAME

if [ -f ca.der ]; then
echo "-----------------------------------------------------------------------------"
	echo ""
	echo "The freeRADIUS server seems to have been configured already, exiting."
	echo ""
	echo "To start freeRADIUS configuration from scratch again, run:"
	echo ""
	echo "apt purge freeradius-config winbind -yq"
	echo "rm -rf /etc/freeradius"
	echo "apt install winbind freeradius -yq"
	echo "Then run this tool again."
	echo ""
echo "-----------------------------------------------------------------------------"
	exit 0
fi

service freeradius stop
chmod +x bootstrap

for i in *.cnf xpextensions ; do
	sed -i "s#whatever#$PASSWORD#g" $i
	sed -i 's#FR#NO#g' $i
	sed -i 's#Example Inc.#Debian Edu#g' $i
	sed -i 's#admin@example.org#postmaster@postoffice.intern#g' $i
	sed -i 's#user@example.org#user@postoffice.intern#g' $i
	sed -i 's#example.org/example#intern/intern#g' $i
	sed -i 's#example.com/example#intern/intern#g' $i
	sed -i 's#Example S#Debian Edu freeRADIU S#g' $i
	sed -i 's#Example C#Debian Edu freeRADIUS C#g' $i
	sed -i 's#*example.com#*intern#g' $i
	sed -i 's#radius.example.com#freeradius.intern#g' $i
	sed -i 's#= 60#= 3650#g' $i
	sed -i 's#Example Inner S#Debian Edu freeRADIUS Inner S#g' $i
done

cp /usr/share/debian-edu-config/freeradius-eap.conf ../mods-available/eap
sed -i "s#whatever#$PASSWORD#g" ../mods-available/eap
cp /usr/share/debian-edu-config/freeradius-mschap.conf ../mods-available/mschap
cp /usr/share/debian-edu-config/freeradius-authorize ../mods-config/files/authorize
cp /usr/share/debian-edu-config/freeradius-clients.conf ../clients.conf

./bootstrap

chmod 644 dh server.crt server.key ca.pem ca.der

if [ -d /etc/debian-edu/www/ ] ; then
	cp ca.der /etc/debian-edu/www/freeradius-ca.der
	cp ca.pem /etc/debian-edu/www/freeradius-ca.pem
	cp ca.pem /etc/debian-edu/www/freeradius-ca.crt
fi

make clean

chmod -x bootstrap

service freeradius start

echo "-----------------------------------------------------------------------------"
echo "The freeRADIUS server has been configured."
echo ""
echo "Both CRT and DER encoded freeRADIUS CA certificates are available for download:"
echo "https://www.intern/freeradius-ca.crt (for end user devices running Linux) and"
echo "https://www.intern/freeradius-ca.der (others like Android, iOS, iPadOS and Windows)."
echo ""
echo "For simple site-specific configuration adjustments, see"
echo "/etc/freeradius/3.0/users"
echo "/etc/freeradius/3.0/huntgroups"
echo "/etc/freeradius/3.0/clients.conf"
echo ""
echo "-----------------------------------------------------------------------------"
