#add sources list for questing.
set -e
set -x
echo "deb https://archive.ubuntu.com/ubuntu questing main restricted universe multiverse" > /etc/apt/sources.list
echo "deb https://archive.ubuntu.com/ubuntu questing-updates main restricted universe multiverse" >> /etc/apt/sources.list
echo "deb https://archive.ubuntu.com/ubuntu questing-backports main restricted universe multiverse" >> /etc/apt/sources.list
echo "deb https://security.ubuntu.com/ubuntu questing-security main restricted universe multiverse" >> /etc/apt/sources.list
apt update
apt upgrade -y
apt install -y jq bubblewrap curl make build-essential git libselinux1 iptables nftables libnetfilter-queue-dev

#install base system packages
apt install -y --install-recommends --install-suggests systemd   
apt install -y vanilla-gnome-desktop vanilla-gnome-default-settings gdm3 gnome-shell-extension-appindicator gnome-shell-extension-ubuntu-dock gnome-shell-extension-ubuntu-tiling-assistant
apt install -y rlwrap dnsutils systemd-resolved ufw nano htop ipset lm-sensors net-tools iputils-ping python3-pip keepassxc ufw opensnitch

#install packages from config
jq -r '.packages | .[]' config.json | while read -r item; do
  apt install -y "$item"
done

#set locale
locale=$(jq -r '.locale' config.json)
echo "$locale"
locale-gen "$locale"
echo "LANG=$locale" > /etc/default/locale

#add setuid for some applications
chmod u+s /usr/bin/bwrap
chmod u+s /usr/bin/ping

#disable setup screen config
mkdir -p ~/.config
touch ~/.config/gnome-initial-setup-done

#enable services
systemctl enable systemd-resolved
systemctl enable systemd-networkd
systemctl enable mem-alloc

#firewall enable (inbound block)
ufw enable

#install brave browser
curl -fsSLo /usr/share/keyrings/brave-browser-archive-keyring.gpg https://brave-browser-apt-release.s3.brave.com/brave-browser-archive-keyring.gpg
curl -fsSLo /etc/apt/sources.list.d/brave-browser-release.sources https://brave-browser-apt-release.s3.brave.com/brave-browser.sources
apt update
apt install -y brave-browser

#configure permissions for opensnitch firewall
rsync -a /usr/src/opensnitchd/ /etc/opensnitchd/
chown -R root:root /etc/opensnitchd/
chmod 777 /etc/opensnitchd/settings.conf