#!/bin/bash
# Disable unnecessary services - PRD FR-007
# Reference: PRD "Disabled Services" list, CIS Benchmark 2.1
set -euo pipefail

echo "Disabling unnecessary services..."

# List of services to disable per PRD FR-007
SERVICES_TO_DISABLE=(
    avahi-daemon
    cups
    bluetooth
    NetworkManager
    ModemManager
    whoopsie
    apport
    speech-dispatcher
    PackageKit
)

for service in "${SERVICES_TO_DISABLE[@]}"; do
    if systemctl is-enabled "$service" 2>/dev/null | grep -q "enabled"; then
        systemctl disable "$service" 2>/dev/null || true
        systemctl stop "$service" 2>/dev/null || true
        echo "Disabled service: $service"
    elif systemctl list-unit-files "$service.service" 2>/dev/null | grep -q "$service"; then
        systemctl disable "$service" 2>/dev/null || true
        systemctl mask "$service" 2>/dev/null || true
        echo "Masked service: $service"
    else
        echo "Service not found (OK): $service"
    fi
done

# Mask services to prevent re-enabling
for service in avahi-daemon cups bluetooth ModemManager whoopsie apport; do
    systemctl mask "$service" 2>/dev/null || true
done

echo "Service hardening completed."