#!/bin/sh

set -e

# install dependencies
apt update
apt install --no-install-recommends -y xserver-xorg x11-xserver-utils xinit firefox-esr matchbox-window-manager libnss3-tools

# create kiosk script
cat > /home/start9/kiosk.sh << 'EOF'
#!/bin/sh
PROFILE=$(mktemp -d)
if [ -f /usr/local/share/ca-certificates/embassy-root-ca.crt ]; then
    certutil -A -n "Embassy Local Root CA" -t "TCu,Cuw,Tuw" -i /usr/local/share/ca-certificates/embassy-root-ca.crt -d $PROFILE
fi
cat >> $PROFILE/prefs.js << EOT
user_pref("network.proxy.autoconfig_url", "file:///usr/lib/embassy/proxy.pac");
user_pref("network.proxy.socks_remote_dns", true);
user_pref("network.proxy.type", 2);
user_pref("dom.securecontext.allowlist_onions", true);
user_pref("dom.securecontext.whitelist_onions", true);
user_pref("signon.rememberSignons", false);
EOT
matchbox-window-manager -use_titlebar yes &
firefox-esr --kiosk http://$(hostname).local --profile $PROFILE
rm -rf $PROFILE
EOF
chmod +x /home/start9/kiosk.sh

# use kiosk if tty (not pts)
if ! grep -q 'kiosk' /home/start9/.profile; then
cat >> /home/start9/.profile << 'EOF'
# Use kiosk for TTY
if [[ "$(tty)" =~ ^/dev/tty ]]; then
    exec startx "$HOME/kiosk.sh"
fi
EOF
fi

# enable autologin
mkdir -p /etc/systemd/system/getty@tty1.service.d
cat > /etc/systemd/system/getty@tty1.service.d/autologin.conf << 'EOF'
[Service]
ExecStart=
ExecStart=-/sbin/agetty --autologin start9 --noclear %I $TERM
EOF
ln -fs /etc/systemd/system/autologin@.service /etc/systemd/system/getty.target.wants/getty@tty1.service