#!/bin/bash
set -e

echo "== NAS SSH 远程关机初始化脚本 =="
echo "作者: wukongdaily"
echo "用途: 允许 OpenWrt 通过 SSH 安全关机 NAS"
echo

if [ "$EUID" -eq 0 ]; then
  echo "❌ 请不要使用 root 运行此脚本"
  exit 1
fi

USER_NAME="$(whoami)"
SYSTEMCTL_PATH="$(command -v systemctl)"

if [ -z "$SYSTEMCTL_PATH" ]; then
  echo "❌ 未检测到 systemctl（非 systemd 系统）"
  exit 1
fi

# 自动检测可写家目录
TEST_DIR="$HOME"
if [ ! -w "$TEST_DIR" ]; then
    echo "⚠ 当前 \$HOME ($HOME) 不可写，尝试使用 /vol1/1000"
    TEST_DIR="/vol1/1000"
    if [ ! -w "$TEST_DIR" ]; then
        echo "❌ 没有可写目录，请手动设置 NAS_HOME 变量"
        exit 1
    fi
fi

NAS_HOME="$TEST_DIR"

echo "当前用户: $USER_NAME"
echo "systemctl: $SYSTEMCTL_PATH"
echo "将使用目录: $NAS_HOME"
echo
echo "将执行："
echo "  - 初始化 ~/.ssh 权限"
echo "  - 配置 sudo 允许 poweroff"
echo
read -p "是否继续？[y/N]: " CONFIRM
[[ "$CONFIRM" =~ ^[Yy]$ ]] || exit 0

# SSH 目录
mkdir -p "$NAS_HOME/.ssh"
chmod 700 "$NAS_HOME/.ssh"
touch "$NAS_HOME/.ssh/authorized_keys"
chmod 600 "$NAS_HOME/.ssh/authorized_keys"

# sudo 规则
SUDO_RULE="$USER_NAME ALL=(root) NOPASSWD:$SYSTEMCTL_PATH poweroff"

if sudo grep -qF "$SUDO_RULE" /etc/sudoers; then
  echo "✔ sudo 规则已存在"
else
  echo "$SUDO_RULE" | sudo tee -a /etc/sudoers >/dev/null
  echo "✔ sudo 规则已写入"
fi

echo
echo "🎉 初始化完成"
echo "测试命令："
echo "  sudo $SYSTEMCTL_PATH poweroff"