########################################################################################
#
#  admin-toolkit helps to harden your pi, install other packages easily, and add files out of the box.
#  Some things require a user to be added and others dont. Some things are intended to be used with FullPageOS
#  and the scripts that come with it, but there are uses outside of that, if you edit a bit of code.
#  This has only been used with FullPageOS, and Raspbian Buster on a pi4
#
#  Written by asdfinit
#  GPL V3
#########

###########################################################
######### User Required Section ###########################
#
#  Adding another user requires at least a username.
#  If the user already exists, it will not be recreated,
#  but the password and ssh keys will be changed.
#  A home folder will be created.
#  The default profile will be set to bash.
#  Default password is raspberry. PLEASE CHANGE THIS. 
#  User will be added to the sudo and adm group. 
#
#  If the user specified is not pi, pi's password will be
#  set to a randomly generated string.
#
###########################################################

#  add user name,  If left "default", no user will be added.
[ -n "$ADMIN_TOOLKIT_NAME" ] || ADMIN_TOOLKIT_NAME=default

#  GECOS field of the new account. If Left "default" this is skipped.
#  If you need to understand this visit https://en.wikipedia.org/wiki/Gecos_field
[ -n "$ADMIN_TOOLKIT_FULLNAME" ] || ADMIN_TOOLKIT_FULLNAME=default

#  override password, otherwise use image default raspberry.
[ -n "$ADMIN_TOOLKIT_PASSWORD" ] || ADMIN_TOOLKIT_PASSWORD=default

#  Want to remove pi from the sudoers file? "yes" to configure
[ -n "$ADMIN_TOOLKIT_PI_NO_SUDO" ] ||  ADMIN_TOOLKIT_PI_NO_SUDO=no

#  Hostname change script. Script will be added to the users home directory.
#  Run this to change the hostname and it will auto-fix the FullPageOS chromium locked profile on reboot.
#  "yes" to include
ADMIN_TOOLKIT_HOSTNAME_CHANGE_SCRIPT=no

######### SSH Section #####################################
#
#  If you didn't set a user in the above section SSH Settings won't be applied.
#  If you don't set a ssh key, disabling passwords for ssh won't apply.
#  

#  Add the public ssh key that you wish to use for connections to the pi
#  this will add the authorized_keys file in the users .ssh folder.
#  Format with quotations: "ssh-rsa SzYtCpyRUU1fvLXvWlezJw...=="
[ -n "$ADMIN_TOOLKIT_SSH" ] || ADMIN_TOOLKIT_SSH=default

#  disable passwords for ssh logins(only if you set a key). "yes" to configure
[ -n "$ADMIN_TOOLKIT_SSH_NO_PASS" ] || ADMIN_TOOLKIT_SSH_NO_PASS=no

#  this will allow only the newly created user to ssh. "yes" to configure
[ -n "$ADMIN_TOOLKIT_SSH_ALLOW_ONLY_CREATED_USER" ] || ADMIN_TOOLKIT_SSH_ALLOW_ONLY_CREATED_USER=no


###########################################################
######### User Not Required ###############################
#
#  Nothing below requires an admin user to be added.
#  But it might depend on FullPageOS
##########################################################


######### Raspbian Update #################################
#  Updates all packages: apt-get update && apt-get upgrade
#  this can take a while. "yes" to configure
[ -n "$ADMIN_TOOLKIT_UPDATE_PACKAGES" ] || ADMIN_TOOLKIT_UPDATE_PACKAGES=no

######### Install Package(s) ##############################
#  This might not work for you. Some packages cannot be installed in chroot.
#  Keep in mind your image will be bigger and take longer to build.
#  Use quotes if listing multiple packages (space Separated list) ex. LIST="fortune cowsay..."
[ -n "$ADMIN_TOOLKIT_INSTALL_LIST" ] || ADMIN_TOOLKIT_INSTALL_LIST=no


######### UFW #############################################
#  Set to yes if you want the ufw firewall installed. Unless you
#  specify other ports below only ssh port 22 will be open, all
#  other ports will be closed by default. "yes" to configure
[ -n "$ADMIN_TOOLKIT_UFW_INSTALL" ] || ADMIN_TOOLKIT_UFW_INSTALL=no

#  To allow multiple open ports make a CSV(coma separated list) to configure.
[ -n "$ADMIN_TOOLKIT_UFW_PORTS_TCP" ] || ADMIN_TOOLKIT_UFW_PORTS_TCP=no
[ -n "$ADMIN_TOOLKIT_UFW_PORTS_UDP" ] || ADMIN_TOOLKIT_UFW_PORTS_UDP=no

#  Enable ufw logging. "yes" to configure
[ -n "$ADMIN_TOOLKIT_UFW_ENABLE_LOGGING" ] || ADMIN_TOOLKIT_UFW_ENABLE_LOGGING=no


######### Network Manager ##################
#  On pi's connected over wifi Network Manager will
#  cause you to have a different mac on every boot.
#  You can remove it without any issues. "yes" to configure
[ -n "$ADMIN_TOOLKIT_REMOVE_NETWORK_MANAGER" ] || ADMIN_TOOLKIT_REMOVE_NETWORK_MANAGER=no

######### FullPageOS Hdmi Scripts ########################
#  These can be used to turn TV's on and off. Use with cron jobs
#  for automation. Works on most devices but not all.
#  Installs in the /home/pi/scripts dir and makes use of
#  pre written scripts in FullPageOS. "yes" to configure
[ -n "$ADMIN_TOOLKIT_HDMI_SCRIPTS" ] || ADMIN_TOOLKIT_HDMI_SCRIPTS=no

######### Install Cron Job #############################
#  With great power.... well you know...
#  Add a cron file to the /filesystem/tools/cron folder
#  cron files will be placed in /var/spool/cron/crontabs/
#  CRON_USER and file name must be the same. pi is the most common(default)
#  Your cron file must have a new line at the bottom or import won't work.
#  "yes" to configure
[ -n "$ADMIN_TOOLKIT_CRON_JOB" ] || ADMIN_TOOLKIT_CRON_JOB=no

#  Cron jobs user name. If you're not adding a user leave this at pi
[ -n "$ADMIN_TOOLKIT_CRON_USER" ] || ADMIN_TOOLKIT_CRON_USER=pi

# if you want to install root user jobs... eg. auto reboot. "yes" to configure
[ -n "$ADMIN_TOOLKIT_SYSTEM_CRON" ] || ADMIN_TOOLKIT_SYSTEM_CRON=no


 ######## User Defined Scripts ############################
#
#  Add your own scripts to the /filesystem/tools/scripts folder
#  and they will be added to your created users home directory in
#  a scripts folder or to /home/pi/scripts. Default is pi.
#  "yes" to configure
[ -n "$ADMIN_TOOLKIT_USER_SCRIPTS" ] || ADMIN_TOOLKIT_USER_SCRIPTS=no

#  User Scripts User name. If you're not adding a user leave this at pi
[ -n "$ADMIN_TOOLKIT_USER_SCRIPTS_NAME" ] || ADMIN_TOOLKIT_USER_SCRIPTS_NAME=pi

######### Screen Rotation Script #######################
#  **** REQUIRES THE GUI MODULE AND pi 4 **** 
#  Rotates the screen after start up. Since there's some issues
#  with rotation on certain displays at boot this section lets you
#  add screen rotation after boot up.
#  Examples: "normal","inverted","left","right"
#  use a value other than normal to add rotation.
[ -n "$ADMIN_TOOLKIT_SCREEN_ROTATION" ] || ADMIN_TOOLKIT_SCREEN_ROTATION=normal