# hack.lala.city - One-line Windows enrollment into Headscale
# Usage: irm https://hack.lala.city | iex

$ErrorActionPreference = 'Stop'
$Host.UI.RawUI.WindowTitle = "hack.lala.city - enrolling..."

# Self-elevate to admin
$id = [Security.Principal.WindowsIdentity]::GetCurrent()
$principal = New-Object Security.Principal.WindowsPrincipal($id)
if (-not $principal.IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)) {
    Write-Host "Elevating to admin..." -ForegroundColor Yellow
    Start-Process powershell -Verb RunAs -ArgumentList "-NoProfile -ExecutionPolicy Bypass -Command `"irm https://hack.lala.city | iex`""
    exit
}

Write-Host ""
Write-Host "  ===== hack.lala.city =====" -ForegroundColor Cyan
Write-Host "  Enrolling $env:COMPUTERNAME into Lala Net" -ForegroundColor Cyan
Write-Host ""

# 1. Install Tailscale
$tsExe = "C:\Program Files\Tailscale\tailscale.exe"
if (-not (Test-Path $tsExe)) {
    Write-Host "[1/4] Downloading Tailscale..." -ForegroundColor Cyan
    $url = "https://pkgs.tailscale.com/stable/tailscale-setup-latest.exe"
    $out = "$env:TEMP\tailscale-setup.exe"
    [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
    Invoke-WebRequest -Uri $url -OutFile $out -UseBasicParsing
    Write-Host "[2/4] Installing Tailscale (silent)..." -ForegroundColor Cyan
    Start-Process $out -ArgumentList "/S" -Wait
    Start-Sleep -Seconds 4
} else {
    Write-Host "[1-2/4] Tailscale already installed" -ForegroundColor Green
}

# 2. Join Headscale
Write-Host "[3/4] Joining network.lala.city..." -ForegroundColor Cyan
$authKey = "hskey-auth--xR65xxkurs7-g_cVDqTVydfOOCjTa0XcMkRahkwSrWl7rcZsBWQruMQWT8P1vOmBjXTU_6rGWS9A"
& $tsExe up --login-server="https://network.lala.city" --auth-key=$authKey --accept-routes --unattended --reset

# 3. Enable RDP + firewall rule
Write-Host "[4/4] Enabling RDP..." -ForegroundColor Cyan
Set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server' -Name "fDenyTSConnections" -Value 0
Set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp' -Name "UserAuthentication" -Value 1
Enable-NetFirewallRule -DisplayGroup "Remote Desktop" -ErrorAction SilentlyContinue

# Done
Start-Sleep -Seconds 2
$ip = (& $tsExe ip -4 2>$null | Select-Object -First 1).Trim()
$user = $env:USERNAME
$hn = $env:COMPUTERNAME

Write-Host ""
Write-Host "  ============================================" -ForegroundColor Green
Write-Host "  ENROLLED: $hn" -ForegroundColor Green
Write-Host "  Tailscale IP : $ip" -ForegroundColor Green
Write-Host "  Windows User : $user" -ForegroundColor Green
Write-Host "  ============================================" -ForegroundColor Green
Write-Host ""
Write-Host "  From your Mac:  open rdp://full%20address=s:$ip" -ForegroundColor Yellow
Write-Host "  Or PowerShell:  mstsc /v:$ip" -ForegroundColor Yellow
Write-Host ""