# ~/.bashrc: executed by bash(1) for non-login shells.
# see /usr/share/doc/bash/examples/startup-files (in the package bash-doc)
# for examples

# if not running interactively, don't do anything
case "${-}" in
  *i*)
  ;;
  *)
    return
  ;;
esac

# aa-logprof definitons
function aa-logprof () {
  /usr/bin/journalctl --identifier='audit' >> '/var/log/apparmor/audit.log'
  /usr/bin/echo -e "\n#----- aa-logprof delimiter -----#\n" >> '/var/log/apparmor/audit.log'
  /usr/bin/chmod --quiet '0640' '/var/log/apparmor/audit.log'
  /usr/sbin/aa-logprof --mark '#----- aa-logprof delimiter -----#'
}

# wpa_passphrase definitions
function wpa_passphrase () {
  local WIFI_SSID
  local WIFI_PASSWORD
  local WIFI_KEY_MGMT
  local WIFI_SCAN_SSID
  /usr/bin/echo -e 'Wi-Fi Profile Setup'
  read -r -p $'  Wi-Fi SSID: ' WIFI_SSID
  if /usr/bin/grep --quiet "ssid=\"${WIFI_SSID}\"" '/etc/wpa_supplicant/wpa_supplicant.conf'; then
    /usr/bin/echo -e "\nThe Wi-Fi profile '${WIFI_SSID}' already exists."
    return 1
  fi
  read -r -s -p $'  Wi-Fi Password: ' WIFI_PASSWORD
  if ! /usr/bin/printf '%s' "${WIFI_PASSWORD}" | /usr/bin/grep --quiet  --perl-regexp '(?=(?:-*\d){8})'; then
    /usr/bin/echo -e "\nThe Wi-Fi password must be at least '8' characters long."
    return 1
  fi
  read -r -p $'  Wi-Fi Protected Access Mode [WPA-PSK/SAE]: ' WIFI_KEY_MGMT
  if [[ "${WIFI_KEY_MGMT}" != 'WPA-PSK' && "${WIFI_KEY_MGMT}" != 'SAE' ]]; then
    /usr/bin/echo -e "\nThe input may only be 'WPA-PSK' or 'SAE'."
    return 1
  fi
  read -r -p $'  Wi-Fi SSID hidden [0/1]: ' WIFI_SCAN_SSID
  if [[ "${WIFI_SCAN_SSID}" -ne '0' && "${WIFI_SCAN_SSID}" -ne '1' ]]; then
    /usr/bin/echo -e "\nThe input may only be '0' or '1'."
    return 1
  fi
  if [[ -n "${WIFI_SSID}" ]] && \
     [[ -n "${WIFI_PASSWORD}" ]] && \
     [[ -n "${WIFI_KEY_MGMT}" ]] && \
     [[ -n "${WIFI_SCAN_SSID}" ]]; then
    case "${WIFI_KEY_MGMT}" in
      WPA-PSK)
        /usr/bin/wpa_passphrase "${WIFI_SSID}" "${WIFI_PASSWORD}" | \
        /usr/bin/sed --expression='3d' \
                     --expression='5 ikey_mgmt=\' \
                     --expression='scan_ssid=\' | \
        /usr/bin/sed --expression="s/key_mgmt=/$(/usr/bin/printf '\t')key_mgmt=WPA-PSK/" \
                     --expression="s/scan_ssid=/$(/usr/bin/printf '\t')scan_ssid=${WIFI_SCAN_SSID}/g" \
                     >> "/etc/wpa_supplicant/wpa_supplicant.conf"
      ;;
      SAE)
        /usr/bin/wpa_passphrase "${WIFI_SSID}" "${WIFI_PASSWORD}" | \
        /usr/bin/sed --expression='4d' \
                     --expression='5 ikey_mgmt=\' \
                     --expression='proto=\' \
                     --expression='scan_ssid=\' | \
        /usr/bin/sed --expression="s/#psk=/sae_password=/" \
                     --expression="s/key_mgmt=/$(/usr/bin/printf '\t')key_mgmt=SAE/" \
                     --expression="s/proto=/$(/usr/bin/printf '\t')proto=RSN/" \
                     --expression="s/scan_ssid=/$(/usr/bin/printf '\t')scan_ssid=${WIFI_SCAN_SSID}/g" \
                     >> "/etc/wpa_supplicant/wpa_supplicant.conf"
      ;;
    esac
  fi
}
