#!/bin/bash

SOURCE_DIR=$(realpath $(dirname "${0}"))
export DEBIAN_FRONTEND="noninteractive"

# Uninstall unnecessary packages
apt-get -y purge bsdmainutils dictionaries-common emacsen-common iamerican ibritish ienglish-common installation-report ispell laptop-detect nano os-prober task-english tasksel tasksel-data wamerican

# Install useful packages
apt-get -y update
apt-get -y --no-install-recommends install apt-transport-https bash-completion ca-certificates file git htop ntp openssl sudo tree unzip vim


######
# OpenSSH and user settings
#####

# Install OpenSSH server
apt-get -y --no-install-recommends install openssh-server
mkdir ~/.ssh
cp ${SOURCE_DIR}/basic/root/.ssh/authorized_keys /root/.ssh/authorized_keys

# Copy profile files and settings
mkdir -p /root/.config/htop
cp ${SOURCE_DIR}/basic/root/.bashrc /root/.bashrc
cp ${SOURCE_DIR}/basic/root/.config/htop/htoprc /root/.config/htop/htoprc
cp ${SOURCE_DIR}/basic/root/.vimrc /root/.vimrc

# Remove default user
deluser --remove-all-files user 2>/dev/null


#####
# System boot
#####

# Rename encrypted partition
sed -i 's/sda2_crypt/system/' /etc/crypttab
dmsetup rename sda2_crypt system

# Suppress warnings during boot
cp ${SOURCE_DIR}/basic/usr/share/initramfs-tools/scripts/local-top/lvm2 /usr/share/initramfs-tools/scripts/local-top/lvm2
cp ${SOURCE_DIR}/basic/usr/share/initramfs-tools/scripts/local-top/cryptroot /usr/share/initramfs-tools/scripts/local-top/cryptroot

# Set GRUB options
cp ${SOURCE_DIR}/basic/etc/default/grub /etc/default/grub

# Set legal banner with URL + latin2 character set
cp ${SOURCE_DIR}/basic/etc/default/console-setup /etc/default/console-setup
cp ${SOURCE_DIR}/basic/etc/issue /etc/issue
dpkg-reconfigure console-setup

# Forbid login on tty1, disable tty2-6
cp ${SOURCE_DIR}/basic/lib/systemd/system/getty@.service /lib/systemd/system/getty@.service
systemctl mask getty-static

# Update initramfs and GRUB
update-initramfs -u
update-grub


#####
# Postfix
#####

# Preconfigure
echo postfix postfix/main_mailer_type string "Satellite system" | debconf-set-selections
echo postfix postfix/mailname string "$(hostname -f)" | debconf-set-selections
echo postfix postfix/relayhost string "" | debconf-set-selections

# Install packages
apt-get -y --no-install-recommends install postfix

# Configure Postfix
cp ${SOURCE_DIR}/basic/etc/postfix/main.cf /etc/postfix/main.cf

# Restart services
systemctl restart postfix


#####
# LXC
#####

# Install packages
apt-get -y --no-install-recommends install lxc debootstrap rsync dnsmasq-base xz-utils

# Configure LXC
cp ${SOURCE_DIR}/basic/etc/default/lxc-net /etc/default/lxc-net
cp ${SOURCE_DIR}/basic/etc/lxc/default.conf /etc/lxc/default.conf

# Restart services
systemctl start lxc-net lxc


#####
# Nginx + uWSGI
#####

# Install packages
apt-get -y --no-install-recommends install nginx-light uwsgi uwsgi-plugin-python

# Create a self-signed certificate
openssl req -x509 -new -out /etc/ssl/certs/services.pem -keyout /etc/ssl/private/services.key -nodes -days 3654 -subj "/C=CZ/CN=$(hostname -f)"
chmod 640 /etc/ssl/private/services.key

# Configure nginx
mkdir /etc/nginx/apps-available /etc/nginx/apps-enabled
cp ${SOURCE_DIR}/basic/etc/nginx/nginx.conf /etc/nginx/nginx.conf
cp ${SOURCE_DIR}/basic/etc/nginx/sites-available/default /etc/nginx/sites-available/default

# Workaround for web2py shutdown problem, see https://github.com/web2py/web2py/issues/1769
sed -i 's|QUIT/30|QUIT/5|' /usr/share/uwsgi/init/specific_daemon

# Copy Portal resources
cp -r ${SOURCE_DIR}/basic/srv/portal /srv/portal
chown -R www-data:www-data /srv/portal

# Restart
systemctl restart nginx


#####
# PostgreSQL + PostGIS
#####

# Install packages
apt-get -y --no-install-recommends install postgresql-9.6 postgresql-9.6-postgis postgresql-contrib-9.6

# Install Czech search data
wget http://postgres.cz/data/czech.tar.gz -O /tmp/czech.tar.gz
tar xzf /tmp/czech.tar.gz -C /usr/share/postgresql/9.6/tsearch_data --strip-components 1
chown root:root /usr/share/postgresql/9.6/tsearch_data/czech.*
rm -f /tmp/czech.tar.gz

# Configure
cp ${SOURCE_DIR}/basic/etc/postgresql/9.6/main/postgresql.conf /etc/postgresql/9.6/main/postgresql.conf
cp ${SOURCE_DIR}/basic/etc/postgresql/9.6/main/pg_hba.conf /etc/postgresql/9.6/main/pg_hba.conf

# Enable query logging. Only if the DEBUG environment variable is set
if [ ${DEBUG:-0} -eq 1 ]; then
    sed -i 's/#log_destination/log_destination/' /etc/postgresql/9.6/main/postgresql.conf
    sed -i 's/#logging_collector/logging_collector/' /etc/postgresql/9.6/main/postgresql.conf
    sed -i 's/#log_directory/log_directory/' /etc/postgresql/9.6/main/postgresql.conf
    sed -i 's/#log_statement/log_statement/' /etc/postgresql/9.6/main/postgresql.conf
fi

# Restart
systemctl restart postgresql


#####
# MariaDB
#####

# Install packages
apt-get -y --no-install-recommends install mariadb-server