#!/bin/sh

: ${desktop_access_gid:='40000'}
: ${sddm_min_uid:='10000'}
: ${sddm_max_uid:='19999'}
: ${cups_host:='cups'}
: ${ublock_whitelist:=''}
: ${chrome_flags:=''}

sddm_user=sddm
cups_conf_dir=/usr/local/etc/cups

if [ "${enable_idm:-}" = false ]; then
  desktop_access_role=operator
else
  ldap_add "cn=${desktop_access_role},${roles_basedn}" <<EOF
objectClass: groupOfMembers
objectClass: posixGroup
cn: ${desktop_access_role}
gidNumber: ${desktop_access_gid}
EOF
fi

# Load linux kernel modules.
sysrc -v linux_enable=YES
service linux start

# Enable FUSE.
sysrc -v kld_list+=fusefs
load_kernel_module fusefs

# Install packages common to all DEs.
pkg install -y $desktop_packages

# Install profile script for improving experience on NFS homedirs.
if [ "${enable_idm:-}" != false ]; then
  install_file -m 0555 /etc/profile.d/local-homedir.sh
fi

# Create ZFS dataset for local homedirs.
create_dataset -o mountpoint=/usr/local/home "${state_dataset}/home"
zfs set \
  com.sun:auto-snapshot:hourly=true \
  com.sun:auto-snapshot:daily=true \
  com.sun:auto-snapshot:weekly=true \
  "${state_dataset}/home"

# Disable sndiod (not needed).
sysrc -v sndiod_enable=NO
service sndiod status && service sndiod stop

# Create local group for desktop-access.
# This is for *local* users that need access to the drm device.
add_group -g "$desktop_access_gid" "$desktop_access_role"

# Create desktop devfs ruleset.
install_template -m 0644 /etc/devfs.rules
sysrc -v "devfs_system_ruleset=${devfs_local_ruleset_name}"
service devfs restart

# Enable webcamd.
sysrc -v webcamd_enable=YES
service webcamd status || service webcamd start

# Create xdg autostart entry to add our Root CA to Chrome's certificate store.
install_file -m 0644 /usr/local/etc/xdg/autostart/nss-trust-root-ca.desktop
install_file -m 0555 /usr/local/libexec/nss-trust-root-ca

# Add sddm user to drm access group.
pw groupmod "$desktop_access_role" -m "$sddm_user"

# Install gajim desktop file.
install_file -m 0644 /usr/local/share/applications/gajim.desktop

# Configure pam services.
install_file -m 0644 \
  /etc/pam.d/sddm \
  /etc/pam.d/kde

# Copy SDDM config file.
install_template -m 0644 /usr/local/etc/sddm.conf

# Create profile script for KDE environment variables.
install_file -m 0644 /etc/profile.d/kde.sh

# Create SDDM local homedir.
install_directory -o sddm -g sddm -m 0700 /usr/local/home/sddm

# Create shutdown script to cleanup lingering processes.
install_directory -m 0755 \
  /usr/local/etc/xdg/plasma-workspace \
  /usr/local/etc/xdg/plasma-workspace/shutdown
install_file -m 0555 /usr/local/etc/xdg/plasma-workspace/shutdown/cleanup.sh

# Disable baloo file search.
# Don't know anyone that uses it, and litters $HOME with .nfs files whenever
# any file is deleted.
install_file -m 0644 /usr/local/etc/xdg/baloofilerc

# Disable user switching
# Broken with consolekit: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=221452
# VT switch causes loss of graphics acceleration: https://github.com/freebsd/drm-kmod/issues/175
install_file -m 0644 /usr/local/etc/xdg/kdeglobals

# Enable sddm.
sysrc -v sddm_enable=YES

# Tune sysctls for desktop usage.
set_sysctl \
  net.local.stream.recvspace=65536 \
  net.local.stream.sendspace=65536 \
  kern.sched.preempt_thresh=224 \
  vfs.usermount=1

set_loader_conf \
  kern.ipc.shmseg=1024 \
  kern.ipc.shmmni=1024 \
  kern.maxproc=100000 \
  hw.pci.do_power_nodriver=3

# Create policy file for firefox.
install_directory -m 0755 /usr/local/lib/firefox/distribution
install_template -m 0644  /usr/local/lib/firefox/distribution/policies.json

# Create policy file for thunderbird.
install_directory -m 0755 /usr/local/lib/thunderbird/distribution
install_template -m 0644  /usr/local/lib/thunderbird/distribution/policies.json

# Create policy file for chromium.
install_directory -m 0755 \
  /usr/local/etc/chromium/policies \
  /usr/local/etc/chromium/policies/managed
install_template -m 0644 /usr/local/etc/chromium/policies/managed/policies.json

# Configure libreoffice
install_file -m 0644 /usr/local/lib/libreoffice/program/sofficerc

# Add terminus font to X11
install_file -m 0644 /usr/local/etc/X11/xorg.conf.d/terminus.conf

# Create xdg override directory.
install_directory -m 0755 \
  "${xdg_override_dir}" \
  "${xdg_override_dir}/applications"

# Create xdg application overrides.
install_template -m 0644 \
  "${xdg_override_dir}/applications/signal-desktop.desktop" \
  "${xdg_override_dir}/applications/chromium-browser.desktop"

# Create polkit rules for shutdown/reboot/suspend
install_template -m 0644 /usr/local/etc/polkit-1/rules.d/51-desktop.rules

# Enable dbus.
sysrc -v dbus_enable=YES
service dbus status || service dbus start

# Configure CUPS.
pkg install -y cups
install_template -m 0644 "${cups_conf_dir}/client.conf"

# Configure graphics drivers.
case $graphics_type in
  intel)
    pkg install -y drm-kmod libva-intel-media-driver
    sysrc -v kld_list+=i915kms
    load_kernel_module i915kms
    set_loader_conf \
      compat.linuxkpi.i915_enable_fbc=1 \
      compat.linuxkpi.i915_fastboot=1
    : ${mpv_hwdec:='vaapi-copy'}
    ;;
esac

# On some graphics cards, kern.vt.suspendswitch=1 (the default) breaks graphics
# acceleration after resuming from sleep.
set_sysctl kern.vt.suspendswitch="${vt_suspendswitch:-1}"

# Generate mpv configuration.
install_template -m 0644 /usr/local/etc/mpv/mpv.conf

# Start login manager.
service sddm status || service sddm start > /dev/null 2>&1 < /dev/null || die 'failed to start sddm'