#!/bin/bash
# SPDX-Version: 3.0
# SPDX-CreationInfo: 2025-06-17; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.installer.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
# SPDX-PackageName: CISS.debian.installer
# SPDX-Security-Contact: security@coresecret.eu

guard_sourcing

#######################################
# Installation of 'initramfs'-environment.
# Every 'apt-get install' command is invoked by adding 'export INITRD=No'
# to suppress the 'update-initramfs'-Kernel-Hooks, according to the initramfs-tools manpage:
# https://manpages.debian.org/testing/initramfs-tools-core/initramfs-tools.7.en.html
# Globals:
#   TARGET
#   VAR_ROOT_FS
#   VAR_SETUP_PATH
# Arguments:
#   None
# Returns:
#   0: on success
#######################################
installation_initramfs() {
  ### Declare Arrays, HashMaps, and Variables.
  declare     var_modules="" var_whereiam=""

  # shellcheck disable=SC2312
  if [[ -x "$(command -v virt-what)" ]]; then
    var_whereiam=$(virt-what | head -n1)
  else
    var_whereiam=$(grep -iE 'kvm|vmware|qemu' /sys/class/dmi/id/product_name 2>/dev/null || echo "baremetal")
  fi

  mkdir -p "${TARGET}/etc/initramfs-tools/files"

  ### Install the script that will be called by 'update-initramfs' to install the necessary modules for the initramfs environment.
  install -D -m 0644 -o root -g root "${VAR_SETUP_PATH}/includes/target/etc/initramfs-tools/modules" \
    "${TARGET}/etc/initramfs-tools/"

  insert_comments "${TARGET}/etc/initramfs-tools/modules"

  var_modules=$(grep_nic_driver_modules)

  cat << EOF >> "${TARGET}/etc/initramfs-tools/modules"
### Custom NIC driver:
${var_modules}

EOF

  if [[ "${var_whereiam}" =~ ^(kvm|vmware|qemu)$ ]]; then

    cat << EOF >> "${TARGET}/etc/initramfs-tools/modules"
### QEMU Bochs-compatible virtual machine support:
bochs

### Virtio support:
virtio_pci
virtio_blk
virtio_scsi
virtio_console
virtio_rng

EOF
  fi

  printf "%s\n" '# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=conf' >> "${TARGET}/etc/initramfs-tools/modules"

  ### MODULES: [ most | netboot | dep | list ]
  ## 'most' - Add most filesystem and all hard-drive drivers.
  ## 'dep'  - Try and guess the modules to load.

  insert_header   "${TARGET}/etc/initramfs-tools/conf.d/driver-policy"
  insert_comments "${TARGET}/etc/initramfs-tools/conf.d/driver-policy"
  cat << EOF >>   "${TARGET}/etc/initramfs-tools/conf.d/driver-policy"
# Driver inclusion policy selected during installation.
# Note: This setting overrides the value set in the file '/etc/initramfs-tools/initramfs.conf'.

MODULES=dep

# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh
EOF

  insert_header   "${TARGET}/etc/initramfs-tools/conf.d/fsroot"
  insert_comments "${TARGET}/etc/initramfs-tools/conf.d/fsroot"
  cat << EOF >>   "${TARGET}/etc/initramfs-tools/conf.d/fsroot"
FSTYPE=${VAR_ROOT_FS}

# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh
EOF

  insert_header   "${TARGET}/etc/initramfs-tools/conf.d/resume"
  insert_comments "${TARGET}/etc/initramfs-tools/conf.d/resume"
  cat << EOF >>   "${TARGET}/etc/initramfs-tools/conf.d/resume"
RESUME=none

# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh
EOF

  guard_dir && return 0
}
### Prevents accidental 'unset -f'.
# shellcheck disable=SC2034
readonly -f installation_initramfs
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh