#!/bin/bash
# SPDX-Version: 3.0
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 2024–2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.hardened.installer framework.
# SPDX-PackageName: CISS.debian.live.builder
# SPDX-Security-Contact: security@coresecret.eu
set -C -e -u -o pipefail

printf "\e[95m++++ ++++ ++++ ++++ ++++ ++++ ++ 🧪 '%s' starting ... \e[0m\n" "${0}"
# sleep 1

mv /etc/network/interfaces /root/.ciss/dlb/backup/interfaces.chroot
rm -f /etc/network/interfaces

cat << 'EOF' >| /etc/network/interfaces
# SPDX-Version: 3.0
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 2024–2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.hardened.installer framework.
# SPDX-PackageName: CISS.debian.live.builder
# SPDX-Security-Contact: security@coresecret.eu

# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

### The loopback network interface
auto lo
iface lo inet loopback

### Fully dynamic interface
auto dynamic
iface dynamic inet dhcp
    pre-up \
      IFACE=$(ip -o link show \
        | awk -F': ' '{print $2}' \
        | grep -m1 -v lo) && \
      echo "Using interface $IFACE as dynamic" && \
      ip link set dev "$IFACE" up && \
      ip link set dev "$IFACE" name dynamic

    post-down \
      ip link set dev dynamic name "$IFACE" && \
      echo "Restored interface name $IFACE"

source /etc/network/interfaces.d/*

# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh
EOF

chmod 0644 /etc/network/interfaces

mkdir -p /etc/network/interfaces.d

cat << 'EOF' >| /etc/network/interfaces.d/99-netcup-static
# SPDX-Version: 3.0
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 2024–2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.hardened.installer framework.
# SPDX-PackageName: CISS.debian.live.builder
# SPDX-Security-Contact: security@coresecret.eu

### Static IPv6 Address for Netcup Root Server
iface ens3 inet6 static
    address MUST_BE_REPLACED/128
    ### dns01.eddns.eu dns02.eddns.de
    dns-nameservers 2a01:4f9:c012:a813:135:181:207:105 2a0a:4cc0:1:e6:89:58:62:53
    gateway fe80::1

# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh
EOF

cat << 'EOF_SCRIPT' >| /usr/local/bin/insert_net_source.sh
#!/bin/bash
# SPDX-Version: 3.0
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 2024–2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.hardened.installer framework.
# SPDX-PackageName: CISS.debian.live.builder
# SPDX-Security-Contact: security@coresecret.eu

### Insert the 'source' directive and restart networking

declare -r INTERFACES_FILE="/etc/network/interfaces"
declare -r INCLUDE_LINE="source /etc/network/interfaces.d/*"

if ! grep -Fxq "${INCLUDE_LINE}" "${INTERFACES_FILE}"; then
  cat << 'EOF_INNER' >> "${INTERFACES_FILE}"

source /etc/network/interfaces.d/*

EOF_INNER
fi

sleep 15
systemctl restart networking
exit 0
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh
EOF_SCRIPT

chmod 0755 /usr/local/bin/insert_net_source.sh

mkdir -p /etc/systemd/system

cat << 'EOF' >> /etc/systemd/system/insert-net-source.service
[Unit]
Description=Insert network include directive and restart networking
After=network-online.target
Wants=network-online.target

[Service]
Type=oneshot
ExecStart=/usr/local/bin/insert_net_source.sh

[Install]
WantedBy=multi-user.target

EOF

mkdir -p /etc/systemd/system/multi-user.target.wants
ln -fs /etc/systemd/system/insert-net-source.service /etc/systemd/system/multi-user.target.wants/insert-net-source.service


printf "\e[92m++++ ++++ ++++ ++++ ++++ ++++ ++ ✅ '%s' applied successfully. \e[0m\n" "${0}"
# sleep 1

exit 0
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh