COMMON_TEMPLATE = r"""#!/bin/bash
set -eux

USER_NAME="{username}"
USER_PWD="{password}"

# 1. 设置密码
echo "$USER_NAME:$USER_PWD" | chpasswd

SSH_MAIN="/etc/ssh/sshd_config"

# 2. 修改主配置中的 PermitRootLogin / PasswordAuthentication
if [ -f "$SSH_MAIN" ]; then
  if grep -qE '^[#[:space:]]*PermitRootLogin' "$SSH_MAIN"; then
    sed -i 's/^[#[:space:]]*PermitRootLogin.*/PermitRootLogin yes/' "$SSH_MAIN"
  else
    echo 'PermitRootLogin yes' >> "$SSH_MAIN"
  fi

  if grep -qE '^[#[:space:]]*PasswordAuthentication' "$SSH_MAIN"; then
    sed -i 's/^[#[:space:]]*PasswordAuthentication.*/PasswordAuthentication yes/' "$SSH_MAIN"
  else
    echo 'PasswordAuthentication yes' >> "$SSH_MAIN"
  fi
fi

# 3. 针对 cloud-init/ubuntu 的附加配置（若存在）
if [ -d /etc/ssh/sshd_config.d ]; then
  for f in /etc/ssh/sshd_config.d/*.conf; do
    [ -f "$f" ] || continue
    if grep -q 'PasswordAuthentication' "$f"; then
      sed -i 's/^[#[:space:]]*PasswordAuthentication.*/PasswordAuthentication yes/' "$f"
    fi
  done
fi

# 4. 重启 SSH 服务（尝试多种名称）
if command -v systemctl >/dev/null 2>&1; then
  systemctl restart sshd 2>/dev/null || \
  systemctl restart ssh 2>/dev/null || \
  service sshd restart 2>/dev/null || \
  service ssh restart 2>/dev/null || true
else
  service sshd restart 2>/dev/null || \
  service ssh restart 2>/dev/null || true
fi
"""


def build_user_data(os_family: str, username: str, password: str) -> str:
    return COMMON_TEMPLATE.format(username=username, password=password)