#!/bin/bash

# Author   : Brian S. Menges
# Revision : 13
# Date     : 2009-10-07 13:51 PDT
#
#
# This script is provided as-is, and therefore has no warranty.  Use at your own risk
#
# Notes:
# This script will do the following
#   1) Update using YUM to apply all current patches (system wide)
#   2) Install the GNOME Desktop Environment
#   3) Install GDM, xinetd, and VNC
#   4) Make customizations to GNOME, IPtables, services, inittab
#   5) Add custom vnc service for xinetd
#   6) Update journal
#
# To add additional ports for remote headless VNC sessions, add additional
# service files in /etc/xinetd.d/ and lines to /etc/services.
# ex. 
#   cp /etc/xinetd.d/vnc /etc/xinetd.d/vnc2
#   vi /etc/services +7956
#   'Add (similar):' vnc2		<port>/tcp			#second vnc port
#   'save' (<ESC> :x)
#   service xinetd restart
#   'Expand iptables rule to allow additional ports and restart iptables'

# Output pretty status message
function status {
	echo -en "[ " $(date) " ] $1\n"
}

# Print message and die
function error {
	echo -en "[ " $(date) " ] ERROR:  $1\n"
	exit 1
}

# Clear log if it exists
[[ -f "$LOG" ]] && rm -f "$LOG"

# Setup log file and redirection for logging
clear
LOG=/root/vncheadless-install.log
exec 3>&1 > >(tee -a "$LOG")

# Time to fire up the installation and keep track of what happened
status "Starting install/configure"

# Make sure the system has ntpd installed, if not we'll install it
if [ -x /usr/sbin/ntpdate ]; then
	# Checking if ntpd is running
	[[ -f /var/run/ntpd.pid ]] && service ntpd stop
else
	yum -y install ntp 3>> $LOG || error "Failed to install ntp"
	sleep 1
fi
ntpdate ntp.servepath.com
chkconfig ntpd on
service ntpd start

# Sync the HD
status "Syncing HD before we start"

sync

status "Syncing HD completed"

# Lets make sure the system is completely up to date first!
status "Starting Yum Update"

yum -y update 3>> $LOG || error "Problem doing system wide update"

status "Finished Yum Update"

sleep 1

# Group install of GNOME
status "Starting install of GNOME"

yum -y groupinstall "GNOME Desktop Environment" 3>> $LOG || error "Failed to install GNOME"

status "Finished GNOME install"

sleep 1

# Installing GDM and VNC
status "Installing VNC Server, and GDM"

yum -y install vnc-server gdm 3>> $LOG || error "Failed to install VNC/GDM"
chkconfig vncserver off

status "Finished VNC/GDM install"

sleep 1

# Build xinetd VNC setup
status "Building xinetd VNC service"

[[ -f /etc/xinetd.d/vnc ]] && rm -rf /etc/xinetd.d/vnc

cat > /etc/xinetd.d/vnc << '__EOF'
service vnc 
{ 
	disable = no 
	socket_type = stream 
	protocol = tcp 
	group = tty 
	wait = no 
	user = nobody
	server = /usr/bin/Xvnc
	server_args = -inetd -query localhost -once -geometry 1024x768 -depth 16 -fp /usr/share/X11/fonts/misc -securitytypes=none
} 
__EOF

status "Finished xinetd VNC file build"

sleep 1

# Customize GDM configuration
status "Modifying GDM custom.conf"

mv /etc/gdm/custom.conf /root/custom.conf.backup
cat > /etc/gdm/custom.conf << '__EOF'
[daemon]
RemoteGreeter=/usr/libexec/gdmgreeter

[security]
AllowRemoteRoot=true

[xdmcp]
Enable=true

[gui]

[greeter]
RemoteGreeter=/usr/libexec/gdmgreeter

[chooser]

[debug]

[servers]
__EOF

echo "/etc/gdm/custom.conf:" >> $LOG
cat /etc/gdm/custom.conf >> $LOG

status "Finished modifying GDM custom.conf"

sleep 1

# Add VNC to services file
status "Inserting VNC service"

sed -i.backup '7955i vnc\t\t5900/tcp\t\t\t# vnc' /etc/services

status "VNC Service inserted"

sleep 1

# Adjust IPTables to support Headless VNC
status "Adding IPTables rule"

sed -i.backup '/^\-A RH\-Firewall\-1\-INPUT \-i lo \-j ACCEPT/a \-A RH\-Firewall\-1\-INPUT \-p tcp \-m tcp \-\-dport 5900 \-j ACCEPT' /etc/sysconfig/iptables 
sed -i '/^\-A RH\-Firewall\-1\-INPUT \-p tcp \-m tcp \-\-dport 5900 \-j ACCEPT/a \-A RH\-Firewall\-1\-INPUT \-p udp \-m udp \-\-dport 177 \-j ACCEPT' /etc/sysconfig/iptables
sed -i '/^\-A RH\-Firewall\-1\-INPUT \-p udp \-m udp \-\-dport 177 \-j ACCEPT/a \-A RH\-Firewall\-1\-INPUT \-p tcp \-m tcp \-\-dport 7100 \-j ACCEPT' /etc/sysconfig/iptables 
sed -i '/^\-A RH\-Firewall\-1\-INPUT \-p tcp \-m tcp \-\-dport 7100 \-j ACCEPT/a \-A RH\-Firewall\-1\-INPUT \-p tcp \-m tcp \-\-dport 6000:6005 \-j ACCEPT' /etc/sysconfig/iptables

echo "IPTables Rules:" >> $LOG
cat /etc/sysconfig/iptables >> $LOG
service iptables restart

status "Finished inserting IPTables rule"

sleep 1

# Runlevel must be 5 for GUI support
status "Changing runlevel to 5"

sed -i.backup -r 's/id\:[2345]\:/id\:5\:/' /etc/inittab

status "Runlevel changed to 5"

sleep 1

# Restarting xinet.d

status "Restarting xinet.d"

service xinetd restart

status "Finished restarting xinet.d"

sleep 1

status "Updating the locate database and syncing HD for good measure"

sync ; updatedb ; sync
init 3 ; sleep 10 ; init 5

status "Finished install/configure"

# We're all done
exec 1>&3 3>&-