Config File Surgery

cat <<'EOF' > /tmp/sshd_config
# Authentication:
LoginGraceTime 2m
PermitRootLogin prohibit-password
#GSSAPIAuthentication no
StrictModes yes
MaxAuthTries 6
EOF

# Before
awk 'NR==4' /tmp/sshd_config

# Change — uncomment and enable
sed -i '4s/#GSSAPIAuthentication no/GSSAPIAuthentication yes/' /tmp/sshd_config

# After
awk 'NR==4' /tmp/sshd_config

cat <<'EOF' > /tmp/pacman.conf
# The testing repositories
#[testing]
#Include = /etc/pacman.d/mirrorlist

[core]
Include = /etc/pacman.d/mirrorlist

#[multilib]
#Include = /etc/pacman.d/mirrorlist
EOF

# Uncomment the [multilib] section (two consecutive lines)
sed -i '/^#\[multilib\]/,/^#Include.*mirrorlist/{s/^#//}' /tmp/pacman.conf
cat /tmp/pacman.conf

cat <<'EOF' > /tmp/myapp.service
[Unit]
Description=My Application
After=network.target

[Service]
ExecStart=/usr/bin/myapp --port 8080
Restart=always
User=appuser

[Install]
WantedBy=multi-user.target
EOF

sed -i 's|^ExecStart=.*|ExecStart=/usr/bin/myapp --port 9090 --workers 4|' /tmp/myapp.service
awk '/ExecStart/' /tmp/myapp.service

cat <<'EOF' > /tmp/app.ini
[database]
host = localhost
port = 3306
name = production

[cache]
host = localhost
port = 6379
ttl = 300
EOF

# Change port ONLY in [database] section — not in [cache]
sed -i '/^\[database\]/,/^\[/{s/^port = .*/port = 5432/}' /tmp/app.ini
cat /tmp/app.ini

cat <<'EOF' > /tmp/config.yml
app_name: myservice
port: 8080
debug: false
log_level: info
workers: 2
EOF

sed -i 's/^port: .*/port: 443/' /tmp/config.yml
sed -i 's/^debug: .*/debug: true/' /tmp/config.yml
cat /tmp/config.yml

cat <<'EOF' > /tmp/fstab
# <file system>  <mount point>  <type>  <options>         <dump>  <pass>
UUID=abc-123     /              ext4    defaults          0       1
UUID=def-456     /home          ext4    defaults          0       2
UUID=ghi-789     /boot          vfat    defaults          0       2
EOF

# Add noatime to /home mount options
sed -i '/\/home/s/defaults/defaults,noatime/' /tmp/fstab
cat /tmp/fstab

cat <<'EOF' > /tmp/hosts
127.0.0.1   localhost
::1         localhost
10.50.1.20  ise-01.inside.domusdigitalis.dev ise-01
10.50.1.50  ad-dc.inside.domusdigitalis.dev ad-dc
EOF

# Add a new entry (append after last line)
sed -i '$a\10.50.1.60  vault.inside.domusdigitalis.dev vault' /tmp/hosts

# Remove an entry by hostname
sed -i '/\bad-dc\b/d' /tmp/hosts
cat /tmp/hosts

cat <<'EOF' > /tmp/nginx.conf
server {
    listen 80;
    server_name old.example.com;
    root /var/www/html;

    location / {
        try_files $uri $uri/ =404;
    }
}
EOF

sed -i 's/server_name .*/server_name docs.domusdigitalis.dev;/' /tmp/nginx.conf
awk '/server_name/' /tmp/nginx.conf

cat <<'EOF' > /tmp/toggle.conf
# Feature flags
enable_cache=true
#enable_debug=false
enable_logging=true
#enable_metrics=false
EOF

# Comment out enable_cache (disable it)
sed -i 's/^enable_cache/#enable_cache/' /tmp/toggle.conf

# Uncomment enable_debug (enable it)
sed -i 's/^#enable_debug/enable_debug/' /tmp/toggle.conf
cat /tmp/toggle.conf

cat <<'EOF' > /tmp/app.env
APP_ENV=production
APP_PORT=8080
DB_HOST=localhost
DB_PORT=3306
EOF

# Update existing key
sed -i 's/^APP_PORT=.*/APP_PORT=9090/' /tmp/app.env

# Add key if missing — only append if not already present
grep -q '^APP_SECRET=' /tmp/app.env || sed -i '$a\APP_SECRET=<REDACTED>' /tmp/app.env
cat /tmp/app.env

cat <<'EOF' > /tmp/sysctl.conf
# Network security
net.ipv4.ip_forward = 0
net.ipv4.conf.all.rp_filter = 1
net.ipv4.tcp_syncookies = 1
#net.ipv6.conf.all.disable_ipv6 = 0
EOF

# Before
awk '/ip_forward/' /tmp/sysctl.conf

# Enable IP forwarding
sed -i 's/^net.ipv4.ip_forward = 0/net.ipv4.ip_forward = 1/' /tmp/sysctl.conf

# Uncomment and set IPv6 disable
sed -i 's/^#net.ipv6.conf.all.disable_ipv6 = 0/net.ipv6.conf.all.disable_ipv6 = 1/' /tmp/sysctl.conf

# After
awk '/ip_forward/' /tmp/sysctl.conf
awk '/disable_ipv6/' /tmp/sysctl.conf