#!/bin/sh
# Deploy system-level configs from etc/ to /etc/.
# chezmoi re-runs this script whenever any file under etc/ changes.
# etc/ content hash: {{ output "sh" "-c" (printf "cd %q && find etc -type f ! -name .ignore -exec sha256sum {} + | LC_ALL=C sort" .chezmoi.sourceDir) | sha256sum }}
# luks root uuid: {{ output "lsblk" "-dno" "UUID" (printf "/dev/%s" .luksRootPartition) | trim }}
set -eu

cd "$CHEZMOI_SOURCE_DIR"
find etc -type f ! -name .ignore | while IFS= read -r src; do
  case "$src" in
    *.tmpl)
      dest="/${src%.tmpl}"
      tmp=$(mktemp)
      chezmoi execute-template <"$src" >"$tmp"
      sudo install -D -m 0644 -o root -g root "$tmp" "$dest"
      rm -f "$tmp"
      ;;
    etc/sudoers-rs)
      sudo install -D -m 0440 -o root -g root "$src" "/${src}"
      ;;
    *)
      sudo install -D -m 0644 -o root -g root "$src" "/${src}"
      ;;
  esac
done

# sudo-rs: /etc/pam.d/sudo-i is a symlink to /etc/pam.d/sudo
sudo ln -sfT sudo /etc/pam.d/sudo-i

# Make sudo-rs the system-wide sudo via /usr/local/bin precedence.
# Targets may not exist yet on first bootstrap (sudo-rs is installed by
# the subsequent pkg-apply step); the symlinks resolve once it lands.
sudo ln -sfT /usr/bin/sudo-rs /usr/local/bin/sudo
sudo ln -sfT /usr/bin/sudo-rs /usr/local/bin/sudoedit
sudo ln -sfT /usr/bin/su-rs /usr/local/bin/su
sudo ln -sfT /usr/bin/visudo-rs /usr/local/bin/visudo