#!/bin/bash

# wget https://git.kosenka.ru/kosenka/ubuntu.22.04/raw/branch/master/2-install.sh -O 2-install.sh && bash 2-install.sh

# Устанавливаемая версия PHP
FPM_V="8.2"

# В системе будет создан пользователь: admin
USERNAME="admin"
# Email пользователя
USERNAME_EMAIL="eis-web@rfclass.ru"
# Пароль пользователя
USERNAME_PASS="nhb[jgjk#786"

# Имя сайта. Будет создана папка /home/$USERNAME/$SITE_NAME
SITE_NAME="eis"
# Путь до папки
SITE_ROOT="/home/$USERNAME/$SITE_NAME"
ANGIE_SITECONF="/etc/angie/sites-available/$SITE_NAME.conf"
ANGIE_ENABLED="/etc/angie/sites-enabled/$SITE_NAME"

# Пароль для системного пользователя postgres
PGPASSWORD="6v5sgf79Qq9mGEku"
# Имя создаваемой базы данных в PostgreSQL
PGDB="admin_eis_pg"
# Имя пользователя для создаваемой базы данных в PostgreSQL
PGDBUSER="admin_eis_pg"
# Пароль пользователя для создаваемой базы данных в PostgreSQL
PGDBUSERPASS="A3liDUC72XDzFGLZ"

FOTOSVIDPASS="rDrh6inT2lYPhzjBEp!"

# Проверка на запуск от имени root
if [[ $EUID -ne 0 ]]; then
   echo "Этот скрипт должен быть запущен с правами root (sudo)."
   exit 1
fi

# Функция проверки результата
check_result() {
	if [ $1 -ne 0 ]; then
		echo "Ошибка: $2"
		exit $1
	fi
}

# Функция генерации пароля
gen_pass() {
	matrix=$1
	length=$2
	if [ -z "$matrix" ]; then
		matrix="A-Za-z0-9"
	fi
	if [ -z "$length" ]; then
		length=20
	fi
	head /dev/urandom | tr -dc $matrix | head -c$length
}

# Функция отображает запрос и ждет ответа
function confirm() {
    while true; do
        read -p "$1 ? (y/n) " yn
        case $yn in
            [Yy]* ) return 0;;
            [Nn]* ) return 1;;
        esac
    done
}

# Проверка на то, что нет пользователя admin
if [ -n "$(grep ^admin: /etc/passwd /etc/group)" ]; then
	echo "Пожалуйста, удалите пользователя $USERNAME: userdel -r $USERNAME"
	check_result 1 "Пользователь $USERNAME существует"
fi

install_user() {
    /usr/sbin/useradd "$USERNAME" -s "/bin/bash" -c "$USERNAME_EMAIL" -m -d "/home/$USERNAME" -U
    check_result $? "user creation failed" "$E_INVALID"
    echo "$USERNAME:$USERNAME_PASS" | /usr/sbin/chpasswd
    if [ $? -ne 0 ]; then
        # Delete user on failure
        /usr/sbin/deluser "$USERNAME" > /dev/null 2>&1
        check_result 2 "Пароль не соответствует правилам парольной защиты"
        exit 2
    fi
    chmod a+x /home/$USERNAME

    #usermod -aG wheel "$USERNAME"
    usermod -aG users "$USERNAME"
}

# Функция для установки Angie (форк Nginx)
install_angie() {
    echo "[ * ] Установка Angie (форк Nginx)..."

    # https://angie.software/angie/docs/installation/oss_packages/#angie-install-deb-oss
    mkdir -p /etc/ssl/angie/
    apt-get -qq install -y curl
    curl -o /etc/apt/trusted.gpg.d/angie-signing.gpg https://angie.software/keys/angie-signing.gpg
    echo "deb https://download.angie.software/angie/$(. /etc/os-release && echo "$ID/$VERSION_ID $VERSION_CODENAME") main" | sudo tee /etc/apt/sources.list.d/angie.list > /dev/null
    apt-get update
    apt-get install -y angie
    # Создаём структуру для виртуальных хостов
    mkdir -p /etc/angie/sites-available /etc/angie/sites-enabled 2>/dev/null || true

    # Добавляем include в основной конфиг, если ещё нет
    ANGIE_CONF_FILE="/etc/angie/angie.conf"
    if ! grep -q "sites-enabled" "$ANGIE_CONF_FILE"; then
        sed -i '/http {/a \    include /etc/angie/sites-enabled/*;' "$ANGIE_CONF_FILE"
        echo "Добавлен include для sites-enabled в $ANGIE_CONF_FILE"
    fi

    sed -i -e "s/user  angie;/user $USERNAME;/g" "$ANGIE_CONF_FILE"

    # Включаем и запускаем Angie
    systemctl enable angie
    systemctl start angie
}

# Создание сайта
create_site() {
    echo "[ * ] Создание сайта: $SITE_NAME"

    # 1. Создаём директорию сайта
    mkdir -p "$SITE_ROOT"
    mkdir -p "$SITE_ROOT/web"
    chown -R $USERNAME:$USERNAME "$SITE_ROOT"
    chmod -R 755 "$SITE_ROOT"    

    # 2. Создаём index.php
    cat << 'EOF' > "$SITE_ROOT/web/index.php"
<?php
echo "<h1>Привет от Angie + PHP $FPM_V!</h1>";
echo "<p>Сайт работает: <?php echo \$_SERVER['SERVER_NAME']; ?></p>";

// Информация о PostgreSQL
if (extension_loaded('pgsql')) {
    echo "<p>✅ Расширение pgsql загружено.</p>";
} else {
    echo "<p>❌ Расширение pgsql НЕ загружено.</p>";
}

// Информация о подключении к MS SQL (через FreeTDS)
if (function_exists('mssql_connect') || function_exists('sqlsrv_connect')) {
    echo "<p>✅ Поддержка MSSQL (FreeTDS) доступна.</p>";
} else {
    echo "<p>❌ Поддержка MSSQL недоступна. Установите pdo_dblib или sqlsrv при необходимости.</p>";
}

phpinfo();
?>
EOF

    # 3. Создаём конфиг Angie
    cat << EOF > "$ANGIE_SITECONF"
server {
    charset utf-8;
    client_max_body_size 128M;

    listen 80; ## listen for ipv4
    #listen [::]:80 default_server ipv6only=on; ## listen for ipv6

    server_name eis;
    root        $SITE_ROOT/web;
    index       index.php;

    access_log /var/log/angie/$SITE_NAME-access.log;
    error_log /var/log/angie/$SITE_NAME-error.log;

    location / {
        # Redirect everything that isn't a real file to index.php
        try_files \$uri \$uri/ /index.php\$is_args\$args;
    }

    # uncomment to avoid processing of calls to non-existing static files by Yii
    location ~ \.(js|css|png|jpg|gif|swf|ico|pdf|mov|fla|zip|rar)$ {
        try_files \$uri =404;
    }
    #error_page 404 /404.html;

    # deny accessing php files for the /assets directory
    location ~ ^/assets/.*\.php$ {
        deny all;
    }

    location ~ \.php$ {
        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name;
        fastcgi_pass 127.0.0.1:9000;
        #fastcgi_pass unix:/var/run/php5-fpm.sock;
        try_files \$uri =404;
    }

    location ~* /\. {
        deny all;
    }
}

EOF

    # 4. Включаем сайт
    ln -sf "$ANGIE_SITECONF" "$ANGIE_ENABLED"

    # 5. Перезагружаем Angie
    systemctl reload angie
}


# Установка PostgreSQL
install_postgresql() {
    echo "[ * ] Установка PostgreSQL 16..."

    echo "deb http://apt.postgresql.org/pub/repos/apt $(lsb_release -cs)-pgdg main" > /etc/apt/sources.list.d/pgdg.list
    curl -fsSL https://www.postgresql.org/media/keys/ACCC4CF8.asc | sudo gpg --dearmor -o /etc/apt/trusted.gpg.d/postgresql.gpg
    apt-get update
    apt-get -qq install -y postgresql-16 postgresql-contrib-16
	
    #rm -rf /var/lib/pgsql
    #mkdir -p /var/lib/pgsql
    #chown postgres:postgres /var/lib/pgsql
    #sudo -u postgres initdb -D /var/lib/pgsql/data

    sudo -u postgres wget https://git.kosenka.ru/kosenka/AltLinuxWeb/raw/branch/master/pg_hba.conf -O /var/lib/postgresql/16/main/pg_hba.conf

    # Включаем автозапуск 
    systemctl enable postgresql
    systemctl start postgresql
    
	sudo -u postgres psql -c "ALTER USER postgres WITH PASSWORD '$PGPASSWORD'" > /dev/null 2>&1
    sudo -u postgres psql -c "CREATE DATABASE $PGDB ENCODING UTF8 TEMPLATE template0;" > /dev/null 2>&1
    sudo -u postgres psql -c "CREATE USER $PGDBUSER WITH PASSWORD '$PGDBUSERPASS';" > /dev/null 2>&1
    sudo -u postgres psql -c "ALTER DATABASE $PGDB OWNER TO $PGDBUSER;" > /dev/null 2>&1
    sudo -u postgres psql -c "GRANT ALL PRIVILEGES ON DATABASE $PGDB TO $PGDBUSER;" > /dev/null 2>&1
    sudo -u postgres psql -c "GRANT CONNECT ON DATABASE template0 to $PGDBUSER;" > /dev/null 2>&1
}

# Установка fail2ban
install_fail2ban() {
    echo "[ * ] Установка fail2ban..."
    apt-get -qq install -y fail2ban

    # Создаем базовую конфигурацию
    cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local 2>/dev/null || true
    systemctl enable fail2ban
    systemctl start fail2ban
}

# Установка PHP-FPM
install_php_fpm() {
    echo "[ * ] Установка PHP-FPM $FPM_V..."

    apt-get -qq install -y lsb-release ca-certificates 

    add-apt-repository -y ppa:ondrej/php

    apt-get -qq update
    apt-get -qq install -y php$FPM_V-fpm php$FPM_V-cli php$FPM_V-common php$FPM_V-xsl php$FPM_V-sockets
    apt-get -qq install -y php$FPM_V-readline php$FPM_V-pdo php$FPM_V-memcached php$FPM_V-smbclient 
    apt-get -qq install -y php$FPM_V-imap php$FPM_V-imagick php$FPM_V-igbinary php$FPM_V-exif php$FPM_V-mbstring php$FPM_V-pgsql 
    apt-get -qq install -y php$FPM_V-curl php$FPM_V-zip php$FPM_V-gd php$FPM_V-opcache php$FPM_V-intl php$FPM_V-xml php$FPM_V-xmlrpc 
    apt-get -qq install -y php$FPM_V-ldap php$FPM_V-soap php$FPM_V-xmlreader php$FPM_V-fileinfo composer

    sed -i -e "s/user = www-data/user = $USERNAME/g" /etc/php/$FPM_V/fpm/pool.d/www.conf
    sed -i -e "s/group = www-data/group = $USERNAME/g" /etc/php/$FPM_V/fpm/pool.d/www.conf

    sed -i -e 's/listen = /run/php/php8.2-fpm.sock/listen = 127.0.0.1:9000/g' /etc/php/$FPM_V/fpm/pool.d/www.conf
    sed -i -e 's/pm = dynamic/pm = ondemand/g' /etc/php/$FPM_V/fpm/pool.d/www.conf
    sed -i -e 's/pm.max_children = 5/pm.max_children = 8/g' /etc/php/$FPM_V/fpm/pool.d/www.conf
    sed -i -e 's/pm.max_requests = 500/pm.max_requests = 4000/g' /etc/php/$FPM_V/fpm/pool.d/www.conf
    sed -i -e 's/;pm.process_idle_timeout/pm.process_idle_timeout/g' /etc/php/$FPM_V/fpm/pool.d/www.conf
    sed -i -e 's/;pm.status_path/pm.status_path/g' /etc/php/$FPM_V/fpm/pool.d/www.conf
    sed -i -e 's/;env/env/g' /etc/php/$FPM_V/fpm/pool.d/www.conf
    
    sed -i -e 's/;cgi.fix_pathinfo=1/cgi.fix_pathinfo=0/g' /etc/php/$FPM_V/fpm/php.ini
    sed -i -e 's/session.save_handler = files/session.save_handler = files/g' /etc/php/$FPM_V/fpm/php.ini
    sed -i -e 's/;session.save_path = "\/tmp"/session.save_path = "\/tmp"/g' /etc/php/$FPM_V/fpm/php.ini
    sed -i -e 's/short_open_tag = On/short_open_tag = Off/g' /etc/php/$FPM_V/fpm/php.ini
    sed -i -e 's/post_max_size = 20M/post_max_size = 128M/g' /etc/php/$FPM_V/fpm/php.ini
    sed -i -e 's/upload_max_filesize = 20M/upload_max_filesize = 128M/g' /etc/php/$FPM_V/fpm/php.ini
    sed -i -e "s/;open_basedir =/open_basedir =\/mnt\/FOTOSVID:\/home\/$USERNAME\/$SITE_NAME:\/tmp:\/bin:\/usr\/bin:\/usr\/local\/bin:\/usr\/share:\/opt/g" /etc/php/$FPM_V/fpm/php.ini
    sed -i -e 's/disable_functions =/disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,system,passthru,shell_exec,popen/g' /etc/php/$FPM_V/fpm/php.ini

    sed -i -e 's/;cgi.fix_pathinfo=1/cgi.fix_pathinfo=0/g' /etc/php/$FPM_V/cli/php.ini
    sed -i -e 's/session.save_handler = files/session.save_handler = files/g' /etc/php/$FPM_V/cli/php.ini
    sed -i -e 's/;session.save_path = "\/tmp"/session.save_path = "\/tmp"/g' /etc/php/$FPM_V/cli/php.ini
    sed -i -e 's/short_open_tag = On/short_open_tag = Off/g' /etc/php/$FPM_V/cli/php.ini
    sed -i -e 's/post_max_size = 20M/post_max_size = 128M/g' /etc/php/$FPM_V/cli/php.ini
    sed -i -e 's/upload_max_filesize = 20M/upload_max_filesize = 128M/g' /etc/php/$FPM_V/cli/php.ini
    sed -i -e "s/;open_basedir =/open_basedir =\/mnt\/FOTOSVID:\/home\/$USERNAME\/$SITE_NAME:\/home\/$USERNAME\/.config:\/home\/$USERNAME\/.cache:\/home\/$USERNAME\/.local:\/tmp:\/bin:\/usr\/bin:\/usr\/local\/bin:\/usr\/share:\/opt/g" /etc/php/$FPM_V/cli/php.ini
    sed -i -e 's/disable_functions =/disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,system,passthru,shell_exec,popen/g' /etc/php/$FPM_V/cli/php.ini

    # Включаем и запускаем PHP-FPM
    systemctl enable php$FPM_V-fpm
    systemctl start php$FPM_V-fpm
}

# Установка FreeTDS (для подключения к MS SQL)
install_freetds() {
    echo "[ * ] Установка FreeTDS..."
    apt-get -qq install -y freetds-dev freetds-bin freetds-common tdsodbc odbcinst 

    # sed -i -e 's/tds version = auto/tds version = 7.3/g' /etc/freetds/freetds.conf

    echo "[FreeTDS]
Description=FreeTDS
Driver=/usr/lib64/libtdsodbc.so
Setup=/usr/lib64/libtdsodbc.so
" >> /etc/odbcinst.ini

odbcinst -i -d -f /etc/odbcinst.ini

}

# Основная логика установки
main() {
    echo "[ * ] Начинаем установку компонентов..."

    # Обновление системы
    apt-get -qq update
    apt-get -qq dist-upgrade -y

    # Установка утилит
    apt-get -qq install -y memcached cifs-utils pwgen wget curl gnupg lsb-release pwgen git htop ca-certificates 
    apt-get -qq install -y apt-utils aptitude squashfs-tools tzdata fdisk gdisk mc net-tools locales iproute2 smbclient
    apt-get -qq install -y libreoffice-core --no-install-recommends libreoffice-writer default-jre libreoffice-java-common
    apt-get -qq install -y gnupg2 apt-transport-https software-properties-common

    systemctl enable memcached
    systemctl start memcached

    control sudowheel enabled

    install_fail2ban

    # Вызов функций установки
    if confirm "Install user "; then
        install_user
    fi

    if confirm "Install Angie "; then            
        install_angie
        create_site    
    fi  

    if confirm "Install PostgreSQL "; then                      
        install_postgresql
    fi

    if confirm "Install PHP "; then                      
        install_php_fpm
    fi

    if confirm "Install FreeTDS "; then                                  
        install_freetds
    fi        

    if confirm "Install FOTOSVID "; then
        mkdir /mnt/FOTOSVID
        echo "[Unit]
    Description=Mount SMB share
    After=network.target
    Wants=network.target

    [Service]
    Type=oneshot
    ExecStartPre=sleep 15
    ExecStart=/bin/mount -t cifs //10.77.1.250/FOTOSVID /mnt/FOTOSVID -o username=fotosvid,password=$FOTOSVIDPASS,rw,file_mode=0666,dir_mode=0777

    [Install]
    WantedBy=multi-user.target
    " > /etc/systemd/system/mnt-fotosvid.service
        systemctl daemon-reload
        systemctl enable mnt-fotosvid.service 
        systemctl start mnt-fotosvid.service
    fi

    echo "[ * ] Установка завершена!"
    echo "Проверьте службы:"
    echo "  systemctl status angie"
    echo "  systemctl status postgresql"
    echo "  systemctl status php$FPM_V-fpm"
    echo "  systemctl status fail2ban"
}

# Запуск
main