1#!/usr/bin/env bash
  2
  3# Wakasu Post-Install Setup Script
  4# Description: Post-installation commands for Fedora setup
  5
  6set -euo pipefail
  7
  8# Color output for better readability
  9readonly RED='\033[0;31m'
 10readonly GREEN='\033[0;32m'
 11readonly YELLOW='\033[1;33m'
 12readonly NC='\033[0m' # No Color
 13
 14# Logging functions
 15log_info() {
 16	echo -e "${GREEN}[INFO]${NC} $*"
 17}
 18
 19log_warn() {
 20	echo -e "${YELLOW}[WARN]${NC} $*"
 21}
 22
 23log_error() {
 24	echo -e "${RED}[ERROR]${NC} $*" >&2
 25}
 26
 27setup.nix() {
 28	log_info "Setting up Nix package manager with SELinux support..."
 29
 30	# Check if Nix is already installed
 31	if command -v nix &>/dev/null; then
 32		log_info "Nix is already installed, skipping installation"
 33		return 0
 34	fi
 35
 36	# Install required dependencies
 37	log_info "Installing dependencies..."
 38	sudo dnf install -y policycoreutils-python-utils
 39
 40	# Configure SELinux contexts for Nix
 41	log_info "Configuring SELinux contexts..."
 42	sudo semanage fcontext --add --type etc_t '/nix/store/[^/]+/etc(/.*)?'
 43	sudo semanage fcontext --add --type lib_t '/nix/store/[^/]+/lib(/.*)?'
 44	sudo semanage fcontext --add --type systemd_unit_file_t '/nix/store/[^/]+/lib/systemd/system(/.*)?'
 45	sudo semanage fcontext --add --type man_t '/nix/store/[^/]+/man(/.*)?'
 46	sudo semanage fcontext --add --type bin_t '/nix/store/[^/]+/s?bin(/.*)?'
 47	sudo semanage fcontext --add --type usr_t '/nix/store/[^/]+/share(/.*)?'
 48	sudo semanage fcontext --add --type var_run_t '/nix/var/nix/daemon-socket(/.*)?'
 49	sudo semanage fcontext --add --type usr_t '/nix/var/nix/profiles(/per-user/[^/]+)?/[^/]+'
 50
 51	# Create Nix directories
 52	log_info "Creating Nix directories..."
 53	sudo mkdir -p /nix
 54
 55	# Install Nix with daemon support
 56	log_info "Installing Nix..."
 57	sh <(curl -L https://nixos.org/nix/install) --daemon
 58
 59	# Source Nix profile
 60	if [ -f /nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh ]; then
 61		# shellcheck source=/dev/null
 62		. /nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh
 63		log_info "Nix installed successfully! Please restart your shell or run: source /nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh"
 64	else
 65		log_warn "Nix profile script not found, you may need to configure it manually"
 66	fi
 67}
 68
 69setup.selinux_policies() {
 70	log_info "Configuring SELinux policies for system-manager..."
 71
 72	# Check if SELinux is enabled
 73	if ! command -v getenforce &>/dev/null || [ "$(getenforce)" = "Disabled" ]; then
 74		log_info "SELinux is not enabled, skipping SELinux policy configuration"
 75		return 0
 76	fi
 77
 78	# Install policycoreutils if not already installed
 79	sudo dnf install -y policycoreutils-python-utils
 80
 81	# Configure SELinux context for systemd files managed by system-manager
 82	log_info "Setting SELinux contexts for system-manager..."
 83
 84	# Allow systemd to read symbolic links created by system-manager
 85	if [ -d /etc/systemd/system ]; then
 86		sudo restorecon -R /etc/systemd/system || true
 87	fi
 88
 89	log_info "SELinux policies configured successfully"
 90}
 91
 92setup.syncthing() {
 93	log_info "Install syncthing..."
 94	sudo dnf install -y syncthing
 95
 96	log_info "Enable syncthing user service..."
 97	systemctl --user enable syncthing.service
 98	systemctl --user start syncthing.service
 99}
100
101setup.wireguard() {
102	log_info "Install wireguard..."
103	sudo dnf install -y wireguard-tools
104
105	log_info "Setup wireguard private key..."
106	if [ -z "${WG_PRIVATE_KEY:-}" ]; then
107		log_warn "WG_PRIVATE_KEY not set, skipping wireguard configuration"
108		log_warn "Set WG_PRIVATE_KEY environment variable and re-run to configure"
109		return 0
110	fi
111
112	# Create wireguard directory if it doesn't exist
113	sudo mkdir -p /etc/wireguard
114
115	# Write the private key to the expected location for the wireguard-client module
116	echo "${WG_PRIVATE_KEY}" | sudo tee /etc/wireguard/private.key > /dev/null
117	sudo chmod 600 /etc/wireguard/private.key
118
119	log_info "Wireguard private key created at /etc/wireguard/private.key"
120	log_info "The rest of the WireGuard configuration is managed by system-manager"
121}
122
123setup.default_packages() {
124	log_info "Install default packages..."
125	sudo dnf install -y helix acpi
126}
127
128setup.system_manager() {
129	log_info "Activating system-manager configuration..."
130
131	# Check if Nix is installed
132	if ! command -v nix &>/dev/null; then
133		log_warn "Nix is not installed, skipping system-manager activation"
134		log_warn "Run this script again after Nix is installed and you've restarted your shell"
135		return 0
136	fi
137
138	# Get the path to this script to locate the repository
139	local script_dir
140	script_dir="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
141	local repo_root
142	repo_root="$(cd "${script_dir}/../.." && pwd)"
143
144	log_info "Repository root: ${repo_root}"
145
146	# Check if we're in the right repository
147	if [ ! -f "${repo_root}/flake.nix" ]; then
148		log_error "Cannot find flake.nix in repository root: ${repo_root}"
149		log_error "Please ensure this script is in the correct location"
150		return 1
151	fi
152
153	# Activate system-manager configuration
154	log_info "Building and activating wakasu system-manager configuration..."
155	if nix run 'github:numtide/system-manager' -- switch --flake "${repo_root}#wakasu"; then
156		log_info "System-manager configuration activated successfully!"
157	else
158		log_error "Failed to activate system-manager configuration"
159		log_warn "You can manually activate it later with:"
160		log_warn "  nix run 'github:numtide/system-manager' -- switch --flake ${repo_root}#wakasu"
161		return 1
162	fi
163}
164
165# Main setup function
166main() {
167	log_info "Starting Wakasu post-install setup..."
168
169	setup.default_packages
170	setup.nix
171	setup.selinux_policies
172
173	# Note: syncthing and wireguard will be managed by system-manager
174	# These functions set up the initial configuration files
175	setup.syncthing
176	setup.wireguard
177
178	# Activate system-manager configuration to manage services
179	setup.system_manager
180
181	log_info "Post-install setup completed successfully!"
182	log_info ""
183	log_info "Next steps:"
184	log_info "  1. If Nix was just installed, restart your shell: source /nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh"
185	log_info "  2. Configure Syncthing via the web interface"
186	log_info "  3. Set up WireGuard private key if not already done"
187	log_info "  4. Run 'systemctl status syncthing wireguard-wg0' to check service status (if using system-manager)"
188}
189
190# Run main function
191main "$@"