#!/bin/bash

# 设置变量
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
REPO_ROOT="$SCRIPT_DIR"

# 安全配置函数
setup_security() {
    echo "配置系统安全..."
    setup_ssh_keys
    configure_ssh
}

setup_ssh_keys() {
    echo "配置 SSH 密钥..."
    current_user=$SUDO_USER
    if [ -z "$current_user" ]; then
        current_user=$(whoami)
    fi
    
    user_home=$(eval echo ~${current_user})
    ssh_dir="${user_home}/.ssh"
    
    mkdir -p "$ssh_dir"
    chmod 700 "$ssh_dir"
    
    # 直接写入 SSH 公钥
    echo "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDHzjJhJfSVQ0BMgjXsdSTLtmjna7bfWobvlEsQDEXYSFKYsrcHQoOYu6Yblst/190WLgP3wL1zr12Q5WuzUR303dWTAweYrqta7bzTNWS4vTt0a5jhTqvfPaB2hniQW3aghec+ryFQ7i4Ev3NfmAhv7jNsYS4j9pgnmcE4JZE//vogUVmxNfKBFZAlQ9hmygAQ56Xk+ITgswQYtkT+a38EBUwxAaCyKJDnN6rHRFBQ9XSH+YlMFtPfAyhR5ThvuqsDnf2M9481i7tmQmD2STg6Ll2+oJZLYXqH+fy554G0d8mVa9Vf5wZuUQTrbVEH/EkYmxMoRZJJCIFcEptLtF33 cc@DESKTOP-68E0GFD" > "${ssh_dir}/authorized_keys"
    
    chmod 600 "${ssh_dir}/authorized_keys"
    chown -R ${current_user}:${current_user} "$ssh_dir"
    
    if ! grep -qE "^(ssh-rsa|ssh-ed25519)" "${ssh_dir}/authorized_keys"; then
        echo "警告：公钥格式可能不正确"
        return 1
    fi
    
    echo "SSH 密钥配置完成"
    return 0
}

configure_ssh() {
    echo "配置 SSH 安全设置..."
    cp /etc/ssh/sshd_config /etc/ssh/sshd_config.backup
    sed -i 's/#Port 22/Port 44444/' /etc/ssh/sshd_config
    sed -i 's/#PasswordAuthentication yes/PasswordAuthentication no/' /etc/ssh/sshd_config
    sed -i 's/PasswordAuthentication yes/PasswordAuthentication no/' /etc/ssh/sshd_config
    sed -i 's/#PubkeyAuthentication yes/PubkeyAuthentication yes/' /etc/ssh/sshd_config
    systemctl restart sshd
    echo "SSH 配置完成：端口 44444，已禁用密码登录，已启用公钥认证"
}

# 软件包安装函数
install_packages() {
    echo "开始系统配置..."
    pacman -Syu --noconfirm
    pacman -S --noconfirm vim fish lsof net-tools btop
    ln -s /usr/bin/vim /usr/bin/vi
    chsh -s /usr/bin/fish

    echo "安装 Docker..."
    pacman -S --noconfirm docker docker-compose
    systemctl enable docker
    systemctl start docker

    echo "配置 sing-box docker..."
    mkdir -p /etc/sing-box/

    echo '{
  "log": {
    "level": "info"
  },
  "dns": {
    "servers": [
      {
        "address": "tls://8.8.8.8"
      }
    ]
  },
  "inbounds": [
    {
      "type": "naive",
      "listen": "::",
      "listen_port": 56789,
      "users": [
        {
          "Username": "admin",
          "Password": "1qaz2wsx"
        }
      ],
      "tls": {
        "enabled": true,
        "acme": {
          "domain": "qqqqqq",
          "email": "admin@notko.top"
        }
      }
    },
    {
      "type": "hysteria2",
      "listen": "::",
      "listen_port": 50000,
      "up_mbps": 100,
      "down_mbps": 30,
      "users": [
        {
          "name": "admin",
          "password": "1qaz2wsx"
        }
      ],
      "tls": {
        "enabled": true,
        "server_name": "qqqqqq",
        "acme": {
          "domain": "qqqqqq",
          "email": "admin@notko.top"
        }
      }
    }
  ],
  "outbounds": [
    {
      "type": "direct"
    },
    {
      "type": "dns",
      "tag": "dns-out"
    }
  ],
  "route": {
    "rules": [
      {
        "protocol": "dns",
        "outbound": "dns-out"
      }
    ]
  }
}' > /etc/sing-box/config.json
    sed -i "s/qqqqqq/$hostname/g" /etc/sing-box/config.json

    docker run -d \
                -v /etc/sing-box:/etc/sing-box/ \
                --name=sing-box \
                --network=host \
                --restart=always \
                ghcr.io/sagernet/sing-box \
                -D /var/lib/sing-box \
                -C /etc/sing-box/ run
}

# Arch Linux 安装函数
install_arch() {
    echo "开始安装 Arch Linux..."
    if [ "$(id -u)" != "0" ]; then
        echo "此脚本需要 root 权限运行"
        exit 1
    fi
    
    # 检测系统发行版并安装依赖
    if [ -f /etc/os-release ]; then
        . /etc/os-release
        case $ID in
            debian|ubuntu)
                apt-get update
                apt-get install -y curl zstd
                ;;
            centos|rhel|fedora)
                yum install -y curl zstd
                ;;
            alpine)
                apk add --no-cache curl zstd
                ;;
            *)
                echo "未知的发行版，请手动安装 curl 和 zstd"
                exit 1
                ;;
        esac
    else
        echo "无法检测系统发行版"
        exit 1
    fi
    
    curl -L https://gitlab.com/drizzt/vps2arch/-/raw/master/vps2arch -o /tmp/vps2arch
    chmod +x /tmp/vps2arch
    /tmp/vps2arch
    echo "Arch Linux 安装完成，系统将重启..."
}

# 帮助信息
usage() {
    echo "用法: $0 [-h] [-m MODE] [-n HOSTNAME]"
    echo "选项:"
    echo "  -h            显示此帮助信息"
    echo "  -m MODE       指定运行模式："
    echo "                init  - 初始化现有系统"
    echo "                arch  - 安装 Arch Linux"
    echo "  -n HOSTNAME   设置主机名（在 init 模式下必须指定）"
    exit 1
}

# 初始化系统
initialize_current_system() {
    if [ -z "$hostname" ]; then
        echo "错误：必须使用 -n 参数指定主机名"
        usage
    fi
    
    echo "开始初始化 VPS..."
    
    # 设置主机名
    echo "设置主机名为: $hostname"
    name=$(echo $hostname | sed 's/\./-/g')
    hostnamectl set-hostname "$name"
    
    setup_security
    install_packages
    echo "VPS 初始化完成！"
}

# 主函数
main() {

    while getopts "hm:n:" opt; do
        case $opt in
            h)
                usage
                ;;
            m)
                mode=$OPTARG
                ;;
            n)
                hostname=$OPTARG
                ;;
            *)
                usage
                ;;
        esac
    done

    if [ -z "$mode" ]; then
        echo "错误：必须指定运行模式"
        usage
    fi

    case $mode in
        init)
            initialize_current_system
            ;;
        arch)
            install_arch
            ;;
        *)
            echo "错误：无效的模式 '$mode'"
            usage
            ;;
    esac
}

main "$@"