#!/bin/bash
# I, Ian Kelling, follow the GNU license recommendations at
# https://www.gnu.org/licenses/license-recommendations.en.html. They
# recommend that small programs, < 300 lines, be licensed under the
# Apache License 2.0. This file contains or is part of one or more small
# programs. If a small program grows beyond 300 lines, I plan to switch
# its license to GPL.

# Copyright 2024 Ian Kelling

# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at

#     http://www.apache.org/licenses/LICENSE-2.0

# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.


set -e; . /usr/local/lib/bash-bear; set +e


pre="${0##*/}:"
m() { printf "$pre %s\n"  "$*"; "$@"; }
e() { printf "$pre %s\n"  "$*"; }
err() { printf "$pre %s\n"  "$*" >&2; exit 1; }
i() { # install file
  local tmp tmpdir dest="$1"
  local base="${dest##*/}"
  local dir="${dest%/*}"
  if [[ $dir != "$base" ]]; then
    # dest has a directory component
    mkdir -p "$dir"
  fi
  ir=false # i result
  tmpdir=$(mktemp -d)
  cat >$tmpdir/"$base"
  tmp=$(rsync -ic $tmpdir/"$base" "$dest")
  if [[ $tmp ]]; then
    printf "%s\n" "$tmp"
    # shellcheck disable=SC2034
    ir=true
    if [[ $dest == /etc/systemd/system/* ]]; then
      touch /var/local/mail-setup-reload
      reload=true
    fi
  fi
  rm -rf $tmpdir
}
setini() {
  key="$1" value="$2" section="$3"
  file="/etc/radicale/config"
  sed -ri "/ *\[$section\]/,/^ *\[[^]]+\]/{/^\s*${key}[[:space:]=]/d};/ *\[$section\]/a $key = $value" "$file"
}
soff () {
  for service; do
    # ignore services that dont exist
    if systemctl cat $service &>/dev/null; then
      m systemctl disable --now $service
    fi
  done
}
sre() {
  for service; do
    m systemctl restart $service
    m systemctl enable $service;
  done
}


ncdir=/var/www/ncfsf
myncdir=/root/ncfsf
ncbase=${ncdir##*/}
mkdir $myncdir
domain=boardfiles.fsf.org

apt-get -y install php-zip apache2 php-fpm

fpm=$(dpkg-query -s php-fpm | sed -nr 's/^Depends:.* (php[^ ]*-fpm)( .*|$)/\1/p') # eg: php7.4-fpm
phpver=$(dpkg-query -s php-fpm | sed -nr 's/^Depends:.* php([^ ]*)-fpm( .*|$)/\1/p')
m a2enconf $fpm
# 3 useless guides on php fpm fcgi debian 10 later, i figure out from reading
# /etc/apache2/conf-enabled/php7.3-fpm.conf
# However, on t11,
# ERROR: Module php8.1 does not exist. just allow it to fail
m a2dismod php$phpver ||:

# php with fpm doesnt work without this
m a2enmod proxy_fcgi


cedit /etc/php/$phpver/fpm/php.ini <<'EOF'

# fixes warning on /settings/admin/overview about 8 being too small.
opcache.interned_strings_buffer=64

# while I was googling for what to set the above to, I found a
#recommendation to increase this from 128 to 512, and we set 512 somewhere
# else in the  config.
opcache.memory_consumption=512
EOF

# https://docs.nextcloud.com/server/29/admin_manual/installation/source_installation.html
sed -ri 's/;env\[(HOSTNAME|PATH|TMP|TMPDIR|TEMP)\]/env[\1]/' /etc/php/8.1/fpm/pool.d/www.conf

# yes, it is a bit stupid to uncomment then change it
sed -ri 's,^env\[PATH\] =.*,env[PATH] = /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin,' /etc/php/8.1/fpm/pool.d/www.conf

/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin

m web-conf - apache2 $domain <<EOF
### begin nextcloud settings
Alias /nextcloud "$ncdir/"
<Directory $ncdir/>
  Require all granted
  AllowOverride All
  Options FollowSymLinks MultiViews

  <IfModule mod_dav.c>
    Dav off
  </IfModule>

</Directory>

# based on install checker, links to
# https://docs.nextcloud.com/server/19/admin_manual/issues/general_troubleshooting.html#service-discovery
# their example was a bit wrong, I figured it out by adding
# LogLevel warn rewrite:trace5
# then watching the apache logs

RewriteEngine on
RewriteRule ^/\.well-known/host-meta /nextcloud/public.php?service=host-meta [QSA,L]
RewriteRule ^/\.well-known/host-meta\.json /nextcloud/public.php?service=host-meta-json [QSA,L]
RewriteRule ^/\.well-known/webfinger /nextcloud/public.php?service=webfinger [QSA,L]
### end nextcloud settings
EOF


i /etc/php/$phpver/cli/conf.d/30-local.ini <<'EOF'
apc.enable_cli = 1
EOF


i /etc/php/$phpver/fpm/conf.d/30-local.ini <<'EOF'
date.timezone = "America/New_York"
# for nextcloud
upload_max_filesize = 2000M
post_max_size = 2000M
# install checker, nextcloud/settings/admin/overview
memory_limit = 512M
EOF

m systemctl restart $fpm

# some of these are based on errors later on.
m apt-get -y install php-curl php-bz2 php-gmp php-bcmath php-imagick php-apcu php-mbstring php-xml php-gd sqlite3 php-sqlite3

# https://docs.nextcloud.com/server/19/admin_manual/installation/source_installation.html
cat >/etc/php/$phpver/fpm/pool.d/localwww.conf <<'EOF'
[www]
clear_env = no
EOF



nextcloud_admin_pass=$(tail -n1 /p/c/nextcloud-admin-pass)

m cd /var/www
if [[ ! -e $ncdir/index.php ]]; then
  # if we wanted to only install a specific version, use something like
  # file=latest-22.zip
  file=latest.zip
  m wget -nv -N https://download.nextcloud.com/server/releases/$file
  m rm -rf nextcloud
  m unzip -q $file
  m rm -f $file
  m chown -R www-data.www-data nextcloud
  m mv nextcloud $ncdir
fi

if [[ ! -e $myncdir/done-install ]]; then
  m cd $ncdir
  m sudo -u www-data php occ  maintenance:install --database sqlite --admin-user iank --admin-pass $nextcloud_admin_pass
  m touch $myncdir/done-install
fi

# note, strange this happend where updater did not increment the version var,
# mine was stuck on 20. I manually updated it.
m cd $ncdir/config
if [[ ! -e $myncdir/config.php-orig ]]; then
  m cp -a config.php $myncdir/config.php-orig
fi
cat $myncdir/config.php-orig - >$myncdir/tmp.php <<EOF
# https://docs.nextcloud.com/server/19/admin_manual/configuration_server/email_configuration.html
\$CONFIG["mail_smtpmode"] = "sendmail";
\$CONFIG["mail_smtphost"] = "127.0.0.1";
\$CONFIG["mail_smtpport"] = 25;
\$CONFIG["mail_smtptimeout"] = 10;
\$CONFIG["mail_smtpsecure"] = "";
\$CONFIG["mail_smtpauth"] = false;
\$CONFIG["mail_smtpauthtype"] = "LOGIN";
\$CONFIG["mail_smtpname"] = "";
\$CONFIG["mail_smtppassword"] = "";
\$CONFIG["mail_domain"] = "$domain";


# based on installer check
# https://docs.nextcloud.com/server/19/admin_manual/configuration_server/caching_configuration.html
\$CONFIG['memcache.local'] = '\OC\Memcache\APCu';

\$CONFIG['overwrite.cli.url'] = 'https://$domain/nextcloud';
\$CONFIG['htaccess.RewriteBase'] = '/nextcloud';
\$CONFIG['trusted_domains'] = array (
        0 => '$domain',
    );
#\$CONFIG[''] = '';
fwrite(STDOUT, "<?php\n\\\$CONFIG = ");
var_export(\$CONFIG);
fwrite(STDOUT, ";\n");
EOF
e running php $myncdir/tmp.php
# note: we leave it around place for debugging
php $myncdir/tmp.php >config.php
cd $ncdir
m sudo -u www-data php occ maintenance:update:htaccess
i /etc/systemd/system/$ncbase.service <<EOF
[Unit]
Description=ncup $ncbase
After=multi-user.target

[Service]
Type=oneshot
ExecStart=/usr/local/bin/ncup $ncbase
User=www-data
IOSchedulingClass=idle
CPUSchedulingPolicy=idle
EOF
i /etc/systemd/system/$ncbase.timer <<EOF
[Unit]
Description=ncup $ncbase timer

[Timer]
OnCalendar=Daily

[Install]
WantedBy=timers.target
EOF
systemctl enable --now $ncbase.timer
i /usr/local/bin/ncup <<'EOFOUTER'
#!/bin/bash

set -e; . /usr/local/lib/bash-bear; set +e

m() { printf "%s\n" "$*";  "$@"; }
err-cleanup() {
  echo failed nextcloud update for $ncbase >&2
  # -odf or else systemd will kill the background delivery process
  # and the message will sit in the queue until the next queue run.
  exim -odf -t <<EOF
To: alerts@iankelling.org
From: www-data@$(hostname -f)
Subject: failed nextcloud update for $ncbase

For logs, run: jr -u $ncbase
EOF
}

if [[ $(id -u -n) != www-data ]]; then
  echo error: running as wrong user: $(id -u -n), expected www-data
  exit 1
fi

if [[ ! $1 ]]; then
  echo error: expected an arg, nextcloud relative base dir
  exit 1
fi

ncbase=$1
cd /var/www/$ncbase
# https://docs.nextcloud.com/server/22/admin_manual/maintenance/update.html?highlight=updater+phar
m php /var/www/$ncbase/updater/updater.phar -n
EOFOUTER
chmod +x /usr/local/bin/ncup

mkdir -p /var/www/cron-errors
chown www-data.www-data /var/www/cron-errors
i /etc/cron.d/$ncbase <<EOF
PATH=/usr/sbin:/sbin:/usr/bin:/bin:/usr/local/bin
SHELL=/bin/bash
# https://docs.nextcloud.com/server/20/admin_manual/configuration_server/background_jobs_configuration.html
*/5  *  *  *  * www-data php -f $ncdir/cron.php --define apc.enable_cli=1 |& log-once nccron
EOF

if $reload; then
  m systemctl daemon-reload
fi