#!/bin/bash
# I, Ian Kelling, follow the GNU license recommendations at
# https://www.gnu.org/licenses/license-recommendations.en.html. They
# recommend that small programs, < 300 lines, be licensed under the
# Apache License 2.0. This file contains or is part of one or more small
# programs. If a small program grows beyond 300 lines, I plan to switch
# its license to GPL.

# Copyright 2024 Ian Kelling

# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at

#     http://www.apache.org/licenses/LICENSE-2.0

# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.


# this is from distro-end
if [[ -s ~/.bashrc ]];then . ~/.bashrc;fi

pi kodi

# based on https://wiki.debian.org/SecuringNFS
# but the quota stuff is either outdated or optional,
# i guessed that it was not needed and it worked fine.
s dd of=/etc/sysctl.d/nfs-static-ports.conf <<'EOF'
fs.nfs.nfs_callback_tcpport = 32764
fs.nfs.nlm_tcpport = 32768
fs.nfs.nlm_udpport = 32768
EOF
s sysctl --system
s $sed -ri -f - /etc/default/nfs-common <<'EOF'
/^\s*STATDOPTS=/d
$a STATDOPTS="--port 32765 --outgoing-port 32766"
EOF

s $sed -ri -f - /etc/default/nfs-kernel-server <<'EOF'
/^\s*RPCMOUNTDOPTS=/d
$a RPCMOUNTDOPTS="--manage-gids --port 32767"
EOF
ser restart nfs-kernel-server

if [[ $HOSTNAME == kd ]]; then
    # persistent one time steps for webdav:
    # create persistent password, put it in ~/.kodi/userdata/advancedsettings.xml,
    # per http://kodi.wiki/view/MySQL/Sync_other_parts_of_Kodi
    # htpasswd -c /p/c/filesystem/etc/davpass dav
    # chmod 640 /p/c/filesystem/etc/davpass
    # in conflink, set group to www-data.
    # In kodi, i set the music source, server address: my domain,
    # path: k/music. Then copied the file
    # /p/c/subdir_files/.kodi/userdata/sources.xml to save that setting.
    s a2enmod dav dav_fs
    web-conf -r /a/c/playlists - apache2 dav.$HOME_DOMAIN <<'EOF'
<Directory /a/c/playlists>
    DAV On
  AuthType Basic
  AuthName "Authentication Required"
  AuthUserFile "/etc/davpass"
  Require valid-user

# outside the standard /var/www, so use this:
  Order allow,deny
  Allow from all
</Directory>
EOF
    s mkdir -p /var/www/davlock
    s chown www-data:www-data /var/www/davlock
    s sed -i "1i DavLockDB /var/www/davlock/davlock" /etc/apache2/sites-enabled/dav.$HOME_DOMAIN.conf
    ser reload apache2

    teeu /etc/exports "/k/music *(ro,nohide,async,no_subtree_check,insecure)"
    exportfs -ra

    # kodi uses sqlite by default, but supports mysql.
    pi mariadb-server

    # see ofswiki.org for explanation.
    dbpass="$(cat /p/mysql-root-pass)"
    if ! echo exit|mysql -uroot "-p$dbpass"; then
        echo -e "\n\n$dbpass\n$dbpass\n\n\n\n\n" | mysql_secure_installation
    fi
    mysql -uroot "-p$dbpass" <<EOF
GRANT ALL PRIVILEGES ON *.* TO 'kodi' IDENTIFIED BY '$(</p/mysql-kodi-pass)';
EOF
    s sed -ri 's/^(\s*bind-address\s*=).*/\1 0.0.0.0/' /etc/mysql/mariadb.conf.d/50-server.cnf
    ser restart mariadb

fi