#!/bin/sh

sed -i "s/op.supes.top/dl.openwrt.ai/" /etc/opkg/distfeeds.conf

([ -x /bin/bash ] && ! grep -q "^root.*bash" /etc/passwd) && sed -i "s/^\(root.*\/\)ash/\1bash/g" /etc/passwd

# [[ "$(df | grep overlay)" && ! "$(df | grep /rom/overlay)" ]] && firstboot

version=`uci -q get base_config.@status[0].version`

hostname=`uci -q get system.@system[0].hostname`
[ -n "${hostname}" ] || hostname="Kwrt"

if [ "$(uci -q get dhcp.@dnsmasq[0].port)" != "53" ]; then
	uci -q set dhcp.@dnsmasq[0].port='53'
	uci commit dhcp
fi

sed -i '/profile.d/d' /lib/upgrade/keep.d/base-files

echo $(uci -q get uhttpd.main.index_page) | grep -q "cgi-bin/luci" ||
	uci -q add_list uhttpd.main.index_page='cgi-bin/luci' && uci commit uhttpd

[[ -x /usr/bin/wget && ! -x /usr/bin/wget-ssl ]] && 	
	ln -s /usr/bin/wget /usr/bin/wget-ssl

sed -i "s/git-.*-\(.*\)/git-\1/g" /usr/lib/lua/luci/version.lua

if [ -f /etc/uwsgi/vassals/luci-webui.ini ]; then
processor=`cat /proc/cpuinfo | grep 'processor' | wc -l`
[ -n "$processor" ] || processor=3
sed -i "/^threads =/c\threads = $processor" /etc/uwsgi/vassals/luci-webui.ini
fi

if [ -f /etc/config/attendedsysupgrade ]; then
uci -q set attendedsysupgrade.server.url='https://openwrt.ai'
uci commit attendedsysupgrade
fi

if [[ ! "$version" || "$version" -lt 1 ]]; then
	uci -q set luci.main.lang='auto'
	uci -q set luci.main.mediaurlbase=/luci-static/argon
	uci commit luci
	
	uci -q set dropbear.@dropbear[0].Interface='lan'
	uci commit dropbear
	
	if uci -q get system.@system[0] >/dev/null; then
		uci -q set system.@system[0].zonename='Asia/Shanghai'
		uci -q set system.@system[0].timezone='CST-8'
		uci -q set system.@system[0].conloglevel='4'
		uci -q set system.@system[0].cronloglevel='8'
		uci -q set system.@system[0].ttylogin='1'
		uci -q del system.ntp.server
		uci -q add_list system.ntp.server='ntp.aliyun.com'
		uci -q add_list system.ntp.server='0.openwrt.pool.ntp.org'
		uci commit system
	fi

	uci -q set uhttpd.main.rfc1918_filter=0
	uci -q set uhttpd.main.redirect_https=0
	uci -q set uhttpd.main.script_timeout='120'
	uci commit uhttpd
	
	uci -q set upnpd.config.enabled='1'
	uci commit upnpd
	
	(echo "root"; sleep 1; echo "root") | /bin/busybox passwd root >/dev/null 2>&1 &

		uci -q set firewall.@defaults[0].flow_offloading='1'
		uci -q set firewall.@defaults[0].flow_offloading_hw='1'
		uci commit firewall

	uci -q set upnpd.config.enabled='1'
	uci commit upnpd
	
	grep -q log-facility /etc/dnsmasq.conf ||
		echo "log-facility=/dev/null" >> /etc/dnsmasq.conf

	#kernel_version="$(echo -n $(uname -r))"
	#if [[ -f /lib/modules/$kernel_version/xt_FULLCONENAT.ko || -f /lib/modules/$kernel_version/nft_fullcone.ko ]]; then
	#uci -q set firewall.@defaults[0].fullcone='1'
	#uci commit firewall
	#fi

	uci -q set fstab.@global[0].anon_mount=1
	uci commit fstab
 
	uci -q set network.globals.packet_steering=1
	uci -q set network.@device[0].promisc=1
	uci commit network
  
	uci -q set dhcp.@dnsmasq[0].dns_redirect='1'
	uci -q set dhcp.@dnsmasq[0].allservers='1'
	uci -q del dhcp.@dnsmasq[0].noresolv
	uci -q set dhcp.@dnsmasq[0].cachesize='1500'
	uci -q set dhcp.@dnsmasq[0].min_ttl='3600'
	uci -q set dhcp.lan.force='1'
	uci -q set dhcp.lan.ra='hybrid'
	uci -q set dhcp.lan.ndp='hybrid'
	uci -q set dhcp.lan.dhcpv6='hybrid'
	uci -q set dhcp.lan.force='1'
	uci commit dhcp

	uci -q set nft-qos.default.limit_enable='0'
	uci commit nft-qos

	
fi

# kB
memtotal=`grep MemTotal /proc/meminfo | awk '{print $2}'`
if [ "$memtotal" -ge 1048576 ]; then
	# > 1024M
	cachesize=10000
	dnsforwardmax=10000
	nf_conntrack_max=262144
elif [ "$memtotal" -ge 524288 ]; then
	# <= 1024M
	cachesize=10000
	dnsforwardmax=10000
	nf_conntrack_max=131072
elif [ "$memtotal" -ge 262144 ]; then
	# <= 512M
	cachesize=8192
	dnsforwardmax=8192
	nf_conntrack_max=65536
elif [ "$memtotal" -ge 131072 ]; then
	# <= 256M
	cachesize=4096
	dnsforwardmax=4096
	nf_conntrack_max=65536
elif [ "$memtotal" -ge 65536 ]; then
	# <= 128M
	cachesize=2048
	dnsforwardmax=2048
	nf_conntrack_max=32768
else
	# < 64M
	cachesize=1024
	dnsforwardmax=1024
	nf_conntrack_max=16384
fi

if [[ ! "$version" || "$version" -lt 1 ]]; then
	uci -q get dhcp.@dnsmasq[0] || uci -q add dhcp dnsmasq
	uci -q set dhcp.@dnsmasq[0].cachesize="$cachesize"
	uci -q set dhcp.@dnsmasq[0].dnsforwardmax="$dnsforwardmax"
	uci -q set dhcp.@dnsmasq[0].localservice='0'
	uci -q set dhcp.@dnsmasq[0].localise_queries='1'
	uci -q set dhcp.@dnsmasq[0].rebind_protection='0'
	uci -q set dhcp.@dnsmasq[0].rebind_localhost='1'
	uci commit dhcp
	uci -q set system.@system[0].zram_comp_algo='zstd'
	uci -q set system.@system[0].zram_size_mb="$(expr $memtotal / 1024 / 3)"
	uci commit system
	
	# sysctl overwrite
	SYSCTL_LOCAL=/etc/sysctl.d/50-local.conf
	mkdir -p /etc/sysctl.d
	echo -n >$SYSCTL_LOCAL
	echo net.nf_conntrack_max=$nf_conntrack_max >>$SYSCTL_LOCAL
	echo net.core.rmem_max=$nf_conntrack_max >>$SYSCTL_LOCAL

if [ -n "$(command -v nginx)" ]; then
	uci add wizard shortcuts
	uci set wizard.@shortcuts[-1].shortcut='pw'
	uci set wizard.@shortcuts[-1].to_url='http://10.0.0.1/cgi-bin/luci/admin/services/passwall'
	uci set wizard.@shortcuts[-1].comments='passwall'
	uci commit wizard

	uci -q set nginx._sc_pw=server
	uci -q set nginx._sc_pw.server_name="pw"
	uci -q add_list nginx._sc_pw.listen="80"
	uci -q add_list nginx._sc_pw.listen="443"
	uci -q set nginx._sc_pw.return="302 http://10.0.0.1/cgi-bin/luci/admin/services/passwall"

	uci -q set dhcp._sc_pw=domain
	uci -q set dhcp._sc_pw.name="pw"
	uci -q set dhcp._sc_pw.ip="10.0.0.1"
	uci -q set dhcp._sc_pw.comments="PassWall"
	uci commit dhcp
fi
if [ -z "`uci -q get dhcp._ta`" ]; then
	uci -q set dhcp._ta=domain
	uci -q set dhcp._ta.name="time.android.com"
	uci -q set dhcp._ta.ip="203.107.6.88"
	uci -q set dhcp._ta.comments="time.android"
	uci commit dhcp
fi
	version=1
fi

if [ -z "`uci -q get dhcp.default_server`" ]; then
	uci -q set dhcp.default_server=domain
	uci -q set dhcp.default_server.name='kwrt'
	uci -q set dhcp.default_server.ip='10.0.0.1'
	uci -q set dhcp.default_server.comments='后台地址'
	uci commit dhcp
fi

if [ -n "$(command -v nginx)" ]; then
if [ -z "`uci -q get nginx.default_server`" ]; then
	uci -q set nginx.default_server=server
	uci -q set nginx.default_server.server_name='kwrt'
	uci -q add_list nginx.default_server.listen='80 default_server'
	uci -q add_list nginx.default_server.listen='[::]:80 default_server'
	uci -q add_list nginx.default_server.include='conf.d/*.locations'
	uci -q set nginx.default_server.access_log='off; # logd openwrt'
	uci commit nginx
fi
grep -q "uwsgi_read_timeout" /etc/nginx/conf.d/luci.locations 2>/dev/null || {
	sed -i "s/include uwsgi_params;/include uwsgi_params;\n\t\tuwsgi_read_timeout 300s;/" /etc/nginx/conf.d/luci.locations
	sed -i '/ubus_parallel_req/a\        ubus_script_timeout 600;' /etc/nginx/conf.d/luci.locations
}

sed -i \
	-e "s/client_max_body_size 128M/client_max_body_size 3072M/" \
	-e "s/large_client_header_buffers 2 1k/large_client_header_buffers 4 512k/" \
	/etc/nginx/uci.conf.template
grep -q "client_body_buffer_size" /etc/nginx/uci.conf.template ||
		sed -i "/large_client_header_buffers/a\	client_body_buffer_size 128K;" /etc/nginx/uci.conf.template
fi

rm -rf /tmp/luci-*
uci -q set base_config.@status[0].version=$version
uci commit base_config

grep -q "cgi-timeout" /etc/uwsgi/vassals/luci-*.ini 2>/dev/null || sed -i '$a cgi-timeout = 500' /etc/uwsgi/vassals/luci-*.ini
sed -i "s/limit-as = 1000/limit-as = 5000/g" /etc/uwsgi/vassals/luci-webui.ini

modprobe xt_FULLCONENAT || {
[ "$(iptables -L -t nat | grep "FULLCONENAT")" ] || {
uci -q set firewall.@defaults[0].fullcone='0'
uci commit firewall
}
}
