#!/bin/sh

([ -x /bin/bash ] && ! grep -q "^root.*bash" /etc/passwd) && sed -i "s/^\(root.*\/\)ash/\1bash/g" /etc/passwd

# [[ "$(df | grep overlay)" && ! "$(df | grep /rom/overlay)" ]] && firstboot

version=`uci -q get base_config.@status[0].version`

hostname=`uci -q get system.@system[0].hostname`
test -n "${hostname}" || hostname="OpenWrt"

if [ "$(uci -q get dhcp.@dnsmasq[0].port)" != "53" ]; then
	uci -q set dhcp.@dnsmasq[0].port='53'
	uci commit dhcp
fi

uci -q batch <<EOF
set attendedsysupgrade.server.url='https://op.supes.top'
commit attendedsysupgrade
EOF

uci set dockerd.firewall.extra_iptables_args='--match conntrack ! --ctstate RELATED,ESTABLISHED'
uci commit dockerd

sed -i '/profile.d/d' /lib/upgrade/keep.d/base-files

echo $(uci -q get uhttpd.main.index_page) | grep -q "cgi-bin/luci" ||
	uci -q add_list uhttpd.main.index_page='cgi-bin/luci' && uci commit uhttpd

/etc/init.d/wizard disable

[ -f /usr/bin/wget ] && 	
	ln -s /usr/bin/wget /usr/bin/wget-ssl

sed -i "s/git-.*-\(.*\)/git-\1/g" /usr/lib/lua/luci/version.lua

processor=`cat /proc/cpuinfo | grep 'processor' | wc -l`
test -n "$processor" || processor=3
sed -i "/^threads =/c\threads = $processor" /etc/uwsgi/vassals/luci-webui.ini
test $version -lt 1 && {
	uci -q set luci.main.lang='auto'
	uci -q set luci.main.mediaurlbase=/luci-static/edge
	uci commit luci
	
	uci -q set dropbear.@dropbear[0].Interface='lan'
	uci commit dropbear
	
	uci -q get system.@system[0] >/dev/null 2>&1 && {
		uci -q set system.@system[0].zonename='Asia/Shanghai'
		uci -q set system.@system[0].timezone='CST-8'
		uci -q del system.ntp.server
		uci -q add_list system.ntp.server='ntp.aliyun.com'
		uci -q add_list system.ntp.server='0.openwrt.pool.ntp.org'
		uci commit system
	}

	uci -q set uhttpd.main.rfc1918_filter=0
	uci -q set uhttpd.main.redirect_https=0
	uci -q set uhttpd.main.script_timeout='120'
	uci commit uhttpd
	
	(echo "root"; sleep 1; echo "root") | /bin/busybox passwd root >/dev/null 2>&1 &
	
	. /etc/openwrt_release
	[[ "$DISTRIB_TARGET" != "x86/64" && "$DISTRIB_TARGET" != "ipq807x/generic" ]] && {
		uci set firewall.@defaults[0].flow_offloading='1'
		uci set firewall.@defaults[0].flow_offloading_hw='1'
		uci commit firewall
	}

	wifi_setup_radio(){
	local radio=$1
	htmode="$(uci get wireless.${radio}.htmode)"
	local widx=0
	while uci rename wireless.@wifi-iface[$widx]=default_radio$widx >/dev/null 2>&1; do widx=$((widx+1)); done
	uci -q get wireless.${radio} >/dev/null 2>&1 && {
			uci -q del wireless.${radio}.disabled
			uci -q set wireless.${radio}.country='US'
		
		if [ "$(uci -q get wireless.${radio}.band)" = "5g" ]; then
			uci -q set wireless.default_${radio}.ssid="${SSID}_5G"
			if [[ "${htmode}" == HE* ]]; then   # AX
				uci -q set wireless.${radio}.htmode="HE160"
				uci -q set wireless.${radio}.channel='44'
			else
				uci -q set wireless.${radio}.htmode="VHT80"   #AC
				uci -q set wireless.${radio}.channel="157"
			fi
			[[ "$(board_name)" == *cr660x ]] && {
				uci -q set wireless.${radio}.htmode="HE80"
				uci -q set wireless.${radio}.channel='157'
			}
		else
			uci -q set wireless.${radio}.htmode="HT40"   #N
			uci -q set wireless.${radio}.noscan='1'
			uci -q set wireless.${radio}.vendor_vht='1'
			uci -q set wireless.default_${radio}.ssid="${SSID}_2.4G"
			uci -q set wireless.${radio}.channel='auto'
		fi
			uci -q set wireless.default_${radio}.device="${radio}"
			if [ "${SSID_PASSWD}" ]; then
				uci -q set wireless.default_${radio}.encryption='psk2'
				uci -q set wireless.default_${radio}.key="${SSID_PASSWD}"
			else
				uci -q set wireless.default_${radio}.encryption='none'
			fi
		}
	}

	[ -f /etc/config/wireless ] && {
		SSID=${hostname}
		SSID_PASSWD=""
		[ "$(uci -q get wireless.radio1.band)" == "5g" ] && uci -q set wireless.radio0.band="2g"
		for radio in radio0 radio1 radio2 radio3; do
			wifi_setup_radio ${radio}
		done
		uci commit wireless
	}

	uci -q set upnpd.config.enabled='1'
	uci commit upnpd
	
	grep -q log-facility /etc/dnsmasq.conf ||
		echo "log-facility=/dev/null" >> /etc/dnsmasq.conf

	[[ -f /sys/module/xt_FULLCONENAT/refcnt || -f /sys/module/nft_fullcone/refcnt ]] && {
	uci -q set firewall.@defaults[0].fullcone='1'
	uci commit firewall
	}

	uci -q set fstab.@global[0].anon_mount=1
	uci commit fstab
 
	uci -q set network.@globals[0].packet_steering=1
	uci commit network
  
	uci -q set dhcp.@dnsmasq[0].dns_redirect='1'
	uci -q set dhcp.@dnsmasq[0].allservers='1'
	uci -q del dhcp.@dnsmasq[0].noresolv
	uci -q set dhcp.@dnsmasq[0].cachesize='1500'
	uci -q set dhcp.@dnsmasq[0].min_ttl='3600'
	uci -q set dhcp.lan.force='1'
	uci -q set dhcp.lan.ra='hybrid'
	uci -q set dhcp.lan.ndp='hybrid'
	uci -q set dhcp.lan.dhcpv6='hybrid'
	uci -q set dhcp.lan.force='1'
	uci commit dhcp

	uci -q set nft-qos.default.limit_enable='0'
	uci commit nft-qos

	uci -q set system.@system[0].conloglevel='4'
	uci -q set system.@system[0].cronloglevel='8'
	uci commit system
}

# kB
memtotal=`grep MemTotal /proc/meminfo | awk '{print $2}'`
if test $memtotal -ge 1048576; then
	# > 1024M
	cachesize=10000
	dnsforwardmax=10000
	nf_conntrack_max=262144
elif test $memtotal -ge 524288; then
	# <= 1024M
	cachesize=10000
	dnsforwardmax=10000
	nf_conntrack_max=131072
elif test $memtotal -ge 262144; then
	# <= 512M
	cachesize=8192
	dnsforwardmax=8192
	nf_conntrack_max=65536
elif test $memtotal -ge 131072; then
	# <= 256M
	cachesize=4096
	dnsforwardmax=4096
	nf_conntrack_max=65536
elif test $memtotal -ge 65536; then
	# <= 128M
	cachesize=2048
	dnsforwardmax=2048
	nf_conntrack_max=32768
else
	# < 64M
	cachesize=1024
	dnsforwardmax=1024
	nf_conntrack_max=16384
fi

test $version -lt 1 && {
	uci -q get dhcp.@dnsmasq[0] || uci -q add dhcp dnsmasq
	uci -q set dhcp.@dnsmasq[0].cachesize="$cachesize"
	uci -q set dhcp.@dnsmasq[0].dnsforwardmax="$dnsforwardmax"
	uci -q set dhcp.@dnsmasq[0].localservice='0'
	uci -q set dhcp.@dnsmasq[0].localise_queries='1'
	uci -q set dhcp.@dnsmasq[0].rebind_protection='0'
	uci -q set dhcp.@dnsmasq[0].rebind_localhost='1'
	uci commit dhcp
	uci -q set system.@system[0].zram_comp_algo='zstd'
	uci -q set system.@system[0].zram_size_mb="$(expr $memtotal / 1024 / 3)"
	uci commit system
	
	# sysctl overwrite
	SYSCTL_LOCAL=/etc/sysctl.d/50-local.conf
	mkdir -p /etc/sysctl.d
	echo -n >$SYSCTL_LOCAL
	echo net.nf_conntrack_max=$nf_conntrack_max >>$SYSCTL_LOCAL
	echo net.ipv4.ip_early_demux=0 >>$SYSCTL_LOCAL
	echo net.bridge.bridge-nf-call-iptables=0 >>$SYSCTL_LOCAL
	echo net.ipv4.fib_multipath_hash_policy=1 >>$SYSCTL_LOCAL
	echo net.ipv4.tcp_congestion_control=cubic >>$SYSCTL_LOCAL
	echo net.netfilter.nf_conntrack_helper=1 >>$SYSCTL_LOCAL
	echo kernel.msgmax = 65536 >>$SYSCTL_LOCAL
	echo kernel.msgmnb = 65536 >>$SYSCTL_LOCAL
	echo vm.swappiness=0 >>$SYSCTL_LOCAL
	version=1
}

cp -pR /www/cgi-bin/* /www/
rm -rf /tmp/luci-*

uci -q set base_config.@status[0].version=$version
uci commit base_config