#!/bin/bash

red='\033[0;31m'
green='\033[0;32m'
yellow='\033[0;33m'
plain='\033[0m'

echoLog (){
    if [[ $1 == "INFO" ]]; then
        echo -e "${green}[INFO]${plain} $2"
    elif [[ $1 == "ERROR" ]]; then
        echo -e "${red}[ERROR]${plain} $2"
    elif [[ $1 == "WARN" ]]; then
        echo -e "${yellow}[WARN]${plain} $2"
    fi
}

# Check if user is root
[ $(id -u) != "0" ] && { echoLog ERROR "You must be root to run this script"; exit 1; }

withFly=false
while getopts ":FH:h:" opt; do 
  case $opt in 
    F) 
      withFly=true
      echoLog WARN "With fly's credential"
      ;; 
    H) 
      sid=$OPTARG
      echoLog INFO "Server ID: $sid"
      ;; 
    h) 
      esid=$OPTARG
      echoLog INFO "ESID: $esid"
      ;; 
    *) 
      echoLog ERROR "Unknown Options Detected."
      exit 1 
      ;; 
  esac 
done 
 

if [ -z "$sid" ] || [ -z "$esid" ]; then
  echoLog ERROR "You must specify SID and ESID."
  exit
fi

# Hostname
echoLog INFO "Setting up hostname ecs-$sid.cn2.network..."
if [ "$HOSTNAME" != "ecs-$sid.cn2.network" ]; then
    sed -i "s/$HOSTNAME/ecs-$sid.cn2.network/g" /etc/hosts
    hostname "ecs-$sid.cn2.network"
    echo -e "ecs-$sid.cn2.network" > /etc/hostname
else
    echoLog WARN "Hostname already set."
fi
echoLog INFO "Hostname OK!"

# BBR
echoLog INFO "Setting up BBR..."
param=$(sysctl net.ipv4.tcp_congestion_control | awk '{print $3}')
if [[ x"${param}" == x"bbr" ]]; then
    echoLog WARN "TCP BBR has already been installed. nothing to do..."
else
    sed -i '/net.core.default_qdisc/d' /etc/sysctl.conf
    sed -i '/net.ipv4.tcp_congestion_control/d' /etc/sysctl.conf
    echo "net.core.default_qdisc = fq" >> /etc/sysctl.conf
    echo "net.ipv4.tcp_congestion_control = bbr" >> /etc/sysctl.conf
    sysctl -p >/dev/null 2>&1
fi

echoLog INFO "BBR OK!"

# SWAP
echoLog INFO "Setting up SWAP..."
if [ -e /swap ] || [ -e /swapfile ]
then
  echoLog WARN "SWAP has already been installed. nothing to do..."
else
  dd if=/dev/zero of=/swap bs=1M count=1024
  chmod 0600 /swap
  mkswap /swap
  swapon /swap
  echo '/swap none swap defaults 0 0' >> /etc/fstab
fi
echoLog INFO "SWAP OK!"

# LOGIN MOTD
echoLog INFO "Setting up MOTD..."
sudo apt update
sudo apt install landscape-common -y
motdpath='/etc/update-motd.d'
cat > $motdpath/00-header <<EOL
#!/bin/sh
printf  "Welcome to $sid Server!\n"
curl "https://api.lwl12.com/hitokoto/v1" -m 2
printf "\n---------------------"
EOL
rm $motdpath/10-help-text $motdpath/50-motd-news $motdpath/80-esm $motdpath/95-hwe-eol $motdpath/80-livepatch
echoLog INFO "MOTD OK!"

# Docker
echoLog INFO "Setting up Docker..."
sudo apt remove docker docker-engine docker.io
sudo apt install -y \
     apt-transport-https \
     ca-certificates \
     curl \
     software-properties-common
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
sudo apt-key fingerprint 0EBFCD88
sudo add-apt-repository \
   "deb [arch=amd64] https://download.docker.com/linux/ubuntu \
   $(lsb_release -cs) \
   stable"
sudo apt update
sudo apt install docker-ce -y
sudo docker version
#echo '{ "registry-mirrors": ["https://registry.docker-cn.com"] }' > /etc/docker/daemon.json
sudo docker run hello-world

# get latest docker compose
# THX https://gist.github.com/deviantony/2b5078fe1675a5fedabf1de3d1f2652a
COMPOSE_VERSION=$(curl -s https://api.github.com/repos/docker/compose/releases/latest | grep 'tag_name' | cut -d\" -f4)
echoLog INFO "Lastest Docker Compose version: $COMPOSE_VERSION"
sudo curl -L "https://github.com/docker/compose/releases/download/${COMPOSE_VERSION}/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
sudo chmod +x /usr/local/bin/docker-compose
docker-compose --version
echoLog INFO "Docker OK!"

# logrotate
echoLog INFO "Setting up logrotate..."
cat > /etc/logrotate_nginx.conf <<EOL
/data/wwwlogs/*/nginx.log {
    daily
    rotate 365
    compress
    delaycompress
    dateyesterday
    dateext
    create
    missingok
    notifempty
    sharedscripts
    postrotate
        docker inspect -f '{{ .State.Pid }}' nginx | xargs kill -USR1
    endscript
}
EOL
crontab -l | { cat; echo "0 0 * * * /usr/sbin/logrotate --force /etc/logrotate_nginx.conf"; } | crontab -
echoLog INFO "logrotate OK!"

# User ADD Function
createUser () {
    echoLog INFO "Setting up user $1..."
    useradd "$1"
    chage -d 0 "$1"
    passwd -d "$1"

    if [[ $1 = "lwl12" ]]; then
        mkdir /home/lwl12/.ssh/ -p
        echo "ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBAGFJYtyrc/bvohe5f0mTSSwlDoZj+i5/v9NhBz7ILGlEh2pe/DtmeSeiFFPewLBLFc40nG/P+OsI/K8y+5ePEUHJgBWWLfI80CVUwz9FmnChEFdi2lJlFVpgMP2R4muNhvL8HCFRKLMZW215YpyqIA5J+Wi4+Xr5ey/K5V4Cmj+sTEXPQ== lwl_ecdsa_521" > /home/lwl12/.ssh/authorized_keys
    elif [[ $1 = "fly3949" ]]; then
        mkdir /home/fly3949/.ssh/ -p
        echo "ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBABL9LKMZHJFpnB8JPBJqUCjBbPhDD/HsholLH4Jh4Jf14Wk9uw2GlNLPMx9bRuJ4poADgDOWwF5OVMQIULQhDJ1iwCJWQiljkCEDicxiKInohf1efQq2fY8/hbDA7m7bvISyj+MpijD35YHOzGNz0Y/dd8Nziq1Z8rO3dfThCtH6GlptQ== fly_ecdsa_521" > /home/fly3949/.ssh/authorized_keys
    fi

    if [[ $1 = "lwl12" ]] || [[ $1 = "fly3949" ]]; then
        chown "$1":"$1" /home/"$1" -R
        chmod 644 /home/"$1"/.ssh/authorized_keys
    fi

    echo "$1  ALL=(ALL:ALL) ALL" >> /etc/sudoers
    echoLog INFO "User $1 OK!"
}

createUser lwl12
if [ "$withFly" = true ]; then
    createUser fly3949
fi

# SSH
echoLog INFO "Setting up SSH..."
if [ -z "$(grep ^Port /etc/ssh/sshd_config)" ]; then
    sed -i "s@^#Port.*@&\nPort 36015@" /etc/ssh/sshd_config
elif [ -n "$(grep ^Port /etc/ssh/sshd_config)" ]; then
    sed -i "s@^Port.*@Port 36015@" /etc/ssh/sshd_config
fi

sed -i "s@^#PasswordAuthentication.*@&\nPasswordAuthentication no@" /etc/ssh/sshd_config
systemctl restart ssh
echoLog INFO "SSH OK!"

# ZSH
echoLog INFO "Setting up ZSH..."
apt install zsh -y
echoLog INFO "ZSH OK!"

# Utility
echoLog INFO "Utility Installation Start!"
ssh-keygen -t ecdsa -b 384 -N "" -C "i@lwl12.com" -f /root/.ssh/lwl_github_ecdsa </dev/tty
eval `ssh-agent -s`
ssh-add /root/.ssh/lwl_github_ecdsa
echoLog WARN "Please add the following key into Github repository's deploy key store. https://github.com/lwl12/LWS-Utility/settings/keys"
echoLog WARN "$(<"/root/.ssh/lwl_github_ecdsa.pub")"

fingerprint="$(ssh-keygen -l -E md5 -f /root/.ssh/lwl_github_ecdsa)"
fingerprint=($fingerprint)
fingerprint=${fingerprint[1]}

fpCheck=false
while [ "$fpCheck" = false ]; do
    echoLog WARN "Please input the fingerprint showing on the Github:"
    read githubFP </dev/tty
    if [[ $fingerprint == MD5:$githubFP ]]; then
        fpCheck=true
    else
        echoLog ERROR "Fingerprint mismatch!"
    fi
done

mkdir -p /data/wwwroot

git clone git@github.com:lwl12/LWS-Utility.git /data/wwwroot/utility

# Confidential Script [AUTH REQUIRED]
echoLog WARN "Connecting to LFS API..."
if [ $(curl -I --write-out %{http_code} --silent --output /dev/null "https://api.lwl12.com/project/lfs/getDeployScript?sid=$sid&esid=$esid") == "200" ]; then
    source <(curl -sL "https://api.lwl12.com/project/lfs/getDeployScript?sid=$sid&esid=$esid")
else
    echoLog ERROR "Failed to fetch remote script. May Auth Issue?"
fi

# LFS
echoLog INFO "Setting up LFS..."
apt install git -y
cd /opt
git clone https://github.com/lwl12/LFS-Docker-Compose.git
echo -e "TZ=Asia/Shanghai\nHostname=$sid" > /opt/LFS-Docker-Compose/.env
passwdCheck=false
while [ "$passwdCheck" == false ]; do
    echoLog WARN "Input MySQL ROOT Password: "
    read -s mysqlPW  </dev/tty
    echo
    read -s -p "Password (again): " mysqlPWA  </dev/tty
    echo
    if [ "$mysqlPW" == "$mysqlPWA" ]; then
        passwdCheck=true
    else
        echoLog ERROR "Password mismatch, try again."
    fi
done

echo "$mysqlPW" > /opt/LFS-Docker-Compose/mysql_root_password.txt

if [ -f /opt/ssl/cn2.network.key ] && [ -f /opt/ssl/cn2.network.cer ] && [ -f /opt/ssl/cn2.network_ecc.key ] && [ -f /opt/ssl/cn2.network_ecc.cer ]; then
    echoLog WARN "Trying to boot LFS Docker Compose..."
    cd /opt/LFS-Docker-Compose
    docker-compose up -d
else
    echoLog WARN "SSL Certs not found! DON'T FORGET TO INSTALL THEM."
fi

echoLog INFO "LFS OK!"

echoLog WARN 'Run following command for oh my zsh install: sh -c "$(curl -fsSL https://raw.github.com/robbyrussell/oh-my-zsh/master/tools/install.sh)"'
echoLog WARN 'Auto start SSH-Agent: https://github.com/robbyrussell/oh-my-zsh/tree/master/plugins/ssh-agent'
echoLog WARN "DON'T FORGET DEL DEFAULT USER!"
echoLog INFO "INIT OK!"
exit 0;