#!/bin/sh
set -e

# ======================================================
# 飞牛 NAS 交互式安装公钥 & 修复权限 & 配置 sudo NOPASSWD
# ======================================================

echo "=== 飞牛 NAS 公钥安装脚本 ==="

# 提示用户输入用户名
while [ -z "$USER_NAME" ]; do
  read -p "请输入飞牛NAS用户名: " USER_NAME
done

while [ -z "$NAS_IP" ]; do
  read -p "请输入飞牛NAS IP: " NAS_IP
done



# 提示用户输入公钥路径
while [ -z "$PUB_KEY_PATH" ]; do
  read -p "请输入公钥文件完整路径（例如 /vol1/1000/pub/id_dropbear.pub）: " PUB_KEY_PATH
done

# 验证公钥文件是否存在
if [ ! -f "$PUB_KEY_PATH" ]; then
  echo "❌ 公钥文件不存在: $PUB_KEY_PATH"
  exit 1
fi

HOME_DIR="/home/$USER_NAME"
SSH_DIR="$HOME_DIR/.ssh"
AUTH_KEYS="$SSH_DIR/authorized_keys"

# ===== 安装公钥 =====
mkdir -p "$SSH_DIR"
cp -f "$PUB_KEY_PATH" "$AUTH_KEYS"

# 修复权限
chown "$USER_NAME" "$HOME_DIR" "$SSH_DIR" "$AUTH_KEYS"
chmod 700 "$SSH_DIR"
chmod 600 "$AUTH_KEYS"

echo "✅ 公钥已安装并权限修复完成"

# ===== 配置 sudoers NOPASSWD =====
SUDO_FILE="/etc/sudoers.d/${USER_NAME}_poweroff"
SUDO_RULE="$USER_NAME ALL=(root) NOPASSWD:/usr/bin/systemctl poweroff"

if [ ! -f "$SUDO_FILE" ] || ! grep -Fxq "$SUDO_RULE" "$SUDO_FILE"; then
  echo "$SUDO_RULE" > "$SUDO_FILE"
  chmod 440 "$SUDO_FILE"
  echo "✅ sudoers 已添加 NOPASSWD 规则 ($SUDO_FILE)"
else
  echo "⚠️ sudoers NOPASSWD 规则已存在，无需重复添加"
fi

echo
echo "现在你可以在OpenWrt中测试如下命令 看看是否能无密码关机: "
echo "ssh -o StrictHostKeyChecking=no -o ConnectTimeout=5 $USER_NAME@${NAS_IP} sudo /usr/bin/systemctl poweroff || true"
echo ""
echo "================ 脚本执行完毕 ================"