#!/bin/sh

sed -i "s/op.supes.top/dl.openwrt.ai/" /etc/opkg/distfeeds.conf

[ -x /bin/bash ] && grep -q "/bin/ash" /etc/passwd && {
    sed -i 's|/bin/ash|/bin/bash|g' "/etc/passwd"
    ln -sf /bin/bash /bin/sh
	touch /root/.bash_history
	ln -sf /root/.bash_history /tmp/.busybox_ash_history
}

version=$(uci -q get base_config.@status[0].version)

hostname=$(uci -q get system.@system[0].hostname)
[ -n "${hostname}" ] || hostname="Kwrt"

if [ "$(uci -q get dhcp.@dnsmasq[0].port)" != "53" ]; then
	uci -q set dhcp.@dnsmasq[0].port='53'
	uci commit dhcp
fi

sed -i '/profile.d/d' /lib/upgrade/keep.d/base-files

if ! echo "$(uci -q get uhttpd.main.index_page)" | grep -q "cgi-bin/luci"; then
	uci -q add_list uhttpd.main.index_page='cgi-bin/luci'
	uci commit uhttpd
fi

if [ "$(uci -q get dropbear.main._direct)" != "1" ] && [ -n "$(uci -q get dropbear.main.Interface)" ]; then
	uci del dropbear.main.Interface
	uci commit dropbear
fi

[ -x /usr/bin/wget ] && [ ! -x /usr/bin/wget-ssl ] && \
	ln -s /usr/bin/wget /usr/bin/wget-ssl

sed -i "s/git-.*-\(.*\)/git-\1/g" /usr/lib/lua/luci/version.lua

if [ -f /etc/uwsgi/vassals/luci-webui.ini ]; then
	processor=$(grep -c 'processor' /proc/cpuinfo)
	[ -n "$processor" ] && [ "$processor" -gt 0 ] || processor=3
	sed -i "/^threads =/c\threads = $processor" /etc/uwsgi/vassals/luci-webui.ini
fi

if [ -f /etc/config/attendedsysupgrade ]; then
	uci -q set attendedsysupgrade.server.url='https://openwrt.ai'
	uci commit attendedsysupgrade
fi

if [ -z "$version" ] || [ "$version" -lt 1 ]; then
	uci -q set luci.main.lang='auto'
	uci -q set luci.main.mediaurlbase=/luci-static/argon
	uci commit luci
	
	if uci -q get system.@system[0] >/dev/null; then
		uci -q set system.@system[0].zonename='Asia/Shanghai'
		uci -q set system.@system[0].timezone='CST-8'
		uci -q set system.@system[0].conloglevel='4'
		uci -q set system.@system[0].cronloglevel='8'
		uci -q set system.@system[0].ttylogin='1'
		uci -q del system.ntp.server
		uci -q add_list system.ntp.server='ntp.aliyun.com'
		uci -q add_list system.ntp.server='0.openwrt.pool.ntp.org'
		uci commit system
	fi

	uci -q set uhttpd.main.rfc1918_filter=0
	uci -q set uhttpd.main.redirect_https=0
	uci -q set uhttpd.main.script_timeout='120'
	uci commit uhttpd
	
	uci -q set upnpd.config.enabled='1'
	uci commit upnpd
	
	(echo "root"; sleep 1; echo "root") | /bin/busybox passwd root >/dev/null 2>&1 &

	uci -q set firewall.@defaults[0].flow_offloading='1'
	uci -q set firewall.@defaults[0].flow_offloading_hw='1'
	uci commit firewall

	uci -q set upnpd.config.enabled='1'
	uci commit upnpd
	
	grep -q log-facility /etc/dnsmasq.conf || \
		echo "log-facility=/dev/null" >> /etc/dnsmasq.conf

	#kernel_version=$(uname -r)
	#if [ -f "/lib/modules/$kernel_version/xt_FULLCONENAT.ko" ] || [ -f "/lib/modules/$kernel_version/nft_fullcone.ko" ]; then
	#	uci -q set firewall.@defaults[0].fullcone='1'
	#	uci commit firewall
	#fi

	uci -q set fstab.@global[0].anon_mount=1
	uci commit fstab
 
	uci -q set network.globals.packet_steering=1
	uci -q set network.@device[0].promisc=1
	uci commit network
  
	uci -q set dhcp.@dnsmasq[0].dns_redirect='1'
	uci -q set dhcp.@dnsmasq[0].allservers='1'
	uci -q del dhcp.@dnsmasq[0].noresolv
	uci -q set dhcp.@dnsmasq[0].cachesize='1500'
	uci -q set dhcp.@dnsmasq[0].min_ttl='3600'
	uci -q set dhcp.lan.force='1'
	uci -q set dhcp.lan.ra='hybrid'
	uci -q set dhcp.lan.ndp='hybrid'
	uci -q set dhcp.lan.dhcpv6='hybrid'
	uci commit dhcp

	uci -q set nft-qos.default.limit_enable='0'
	uci commit nft-qos
fi

# kB
memtotal=$(grep MemTotal /proc/meminfo | awk '{print $2}')
if [ "$memtotal" -ge 1048576 ]; then
	# > 1024M
	cachesize=10000
	dnsforwardmax=10000
	nf_conntrack_max=262144
elif [ "$memtotal" -ge 524288 ]; then
	# <= 1024M
	cachesize=10000
	dnsforwardmax=10000
	nf_conntrack_max=131072
elif [ "$memtotal" -ge 262144 ]; then
	# <= 512M
	cachesize=8192
	dnsforwardmax=8192
	nf_conntrack_max=65536
elif [ "$memtotal" -ge 131072 ]; then
	# <= 256M
	cachesize=4096
	dnsforwardmax=4096
	nf_conntrack_max=65536
elif [ "$memtotal" -ge 65536 ]; then
	# <= 128M
	cachesize=2048
	dnsforwardmax=2048
	nf_conntrack_max=32768
else
	# < 64M
	cachesize=1024
	dnsforwardmax=1024
	nf_conntrack_max=16384
fi

if [ -z "$version" ] || [ "$version" -lt 1 ]; then
	uci -q get dhcp.@dnsmasq[0] || uci -q add dhcp dnsmasq
	uci -q set dhcp.@dnsmasq[0].cachesize="$cachesize"
	uci -q set dhcp.@dnsmasq[0].dnsforwardmax="$dnsforwardmax"
	uci -q set dhcp.@dnsmasq[0].localservice='0'
	uci -q set dhcp.@dnsmasq[0].localise_queries='1'
	uci -q set dhcp.@dnsmasq[0].rebind_protection='0'
	uci -q set dhcp.@dnsmasq[0].rebind_localhost='1'
	uci commit dhcp
	
	uci -q set system.@system[0].zram_comp_algo='zstd'
	uci -q set system.@system[0].zram_size_mb="$((memtotal / 1024 / 3))"
	uci commit system
	
	# sysctl overwrite
	SYSCTL_LOCAL=/etc/sysctl.d/50-local.conf
	mkdir -p /etc/sysctl.d
	> "$SYSCTL_LOCAL"
	echo "net.nf_conntrack_max=$nf_conntrack_max" >> "$SYSCTL_LOCAL"
	echo "net.core.rmem_max=$nf_conntrack_max" >> "$SYSCTL_LOCAL"

	if [ -n "$(command -v nginx)" ]; then
		uci add wizard shortcuts
		uci set wizard.@shortcuts[-1].shortcut='pw'
		uci set wizard.@shortcuts[-1].to_url='http://10.0.0.1/cgi-bin/luci/admin/services/passwall'
		uci set wizard.@shortcuts[-1].comments='passwall'
		uci commit wizard

		uci -q set nginx._sc_pw=server
		uci -q set nginx._sc_pw.server_name="pw"
		uci -q add_list nginx._sc_pw.listen="80"
		uci -q add_list nginx._sc_pw.listen="443"
		uci -q set nginx._sc_pw.return="302 http://10.0.0.1/cgi-bin/luci/admin/services/passwall"

		uci -q set dhcp._sc_pw=domain
		uci -q set dhcp._sc_pw.name="pw"
		uci -q set dhcp._sc_pw.ip="10.0.0.1"
		uci -q set dhcp._sc_pw.comments="PassWall"
		uci commit dhcp
	fi
	
	if [ -z "$(uci -q get dhcp._ta)" ]; then
		uci -q set dhcp._ta=domain
		uci -q set dhcp._ta.name="time.android.com"
		uci -q set dhcp._ta.ip="203.107.6.88"
		uci -q set dhcp._ta.comments="time.android"
		uci commit dhcp
	fi
	version=1
fi

if [ -z "$(uci -q get dhcp.default_server)" ]; then
	uci -q set dhcp.default_server=domain
	uci -q set dhcp.default_server.name='kwrt'
	uci -q set dhcp.default_server.ip='10.0.0.1'
	uci -q set dhcp.default_server.comments='后台地址'
	uci commit dhcp
fi

if [ -n "$(command -v nginx)" ]; then
	if [ -z "$(uci -q get nginx.default_server)" ]; then
		uci -q set nginx.default_server=server
		uci -q set nginx.default_server.server_name='kwrt'
		uci -q add_list nginx.default_server.listen='80 default_server'
		uci -q add_list nginx.default_server.listen='[::]:80 default_server'
		uci -q add_list nginx.default_server.include='conf.d/*.locations'
		uci -q set nginx.default_server.access_log='off; # logd openwrt'
		uci commit nginx
	fi
	
	grep -q "uwsgi_read_timeout" /etc/nginx/conf.d/luci.locations 2>/dev/null || {
		sed -i "s/include uwsgi_params;/include uwsgi_params;\n\t\tuwsgi_read_timeout 300s;/" /etc/nginx/conf.d/luci.locations
		sed -i '/ubus_parallel_req/a\        ubus_script_timeout 600;' /etc/nginx/conf.d/luci.locations
	}

	sed -i \
		-e "s/client_max_body_size 128M/client_max_body_size 3072M/" \
		-e "s/large_client_header_buffers 2 1k/large_client_header_buffers 4 512k/" \
		/etc/nginx/uci.conf.template
		
	grep -q "client_body_buffer_size" /etc/nginx/uci.conf.template || \
		sed -i "/large_client_header_buffers/a\	client_body_buffer_size 128K;" /etc/nginx/uci.conf.template
fi

rm -rf /tmp/luci-*
uci -q set base_config.@status[0].version="$version"
uci commit base_config

grep -q "cgi-timeout" /etc/uwsgi/vassals/luci-*.ini 2>/dev/null || sed -i '$a cgi-timeout = 500' /etc/uwsgi/vassals/luci-*.ini
sed -i "s/limit-as = 1000/limit-as = 5000/g" /etc/uwsgi/vassals/luci-webui.ini

modprobe xt_FULLCONENAT || {
	if ! iptables -L -t nat 2>/dev/null | grep -q "FULLCONENAT"; then
		uci -q set firewall.@defaults[0].fullcone='0'
		uci commit firewall
	fi
}
