#!/bin/bash


echo "Welcome to the Rocky Linux to Koozali SME Server script. Are you sure you have at least one ethernet interface before proceeding ? Hit Ctrl+C if unsure, press 'enter' if you are OK to proceed."
read testme

echo "disabling and removing SELinux"
sed -i -e 's/rhgb quiet/selinux=0/g' /boot/grub2/grub.cfg
sed -i -e 's/^SELINUX=.*/SELINUX=disabled/g' /etc/selinux/config
setenforce 0
dnf remove selinux-policy-targeted setroubleshoot-server -y 1>/dev/null

echo "copy of current network config in root/rocky2sme-prenetwork"
ip address > /root/rocky2sme-prenetwork ; ip route >>/root/rocky2sme-prenetwork

echo "##########################################################################"
echo "setting dnf repo for SME Server"
mkdir -p /tmp/repo.bak
mv /etc/yum.repos.d/*.repo /tmp/repo.bak/
cp /etc/yum.prosmerepos.d/* /etc/yum.repos.d/

echo "##########################################################################"
echo "importing rpm gpg keys"
#yum install wget -y 1>/dev/null
for i in $( ls /usr/share/doc/smeserver-rocky2sme/keys ); do
	rpm --import /usr/share/doc/smeserver-rocky2sme/keys/$i
done

echo "##########################################################################"
echo "cleaning dnf cache"
dnf --enablerepo=* clean all 1>/dev/null

echo "##########################################################################"
echo "dnf upgrade to install last updates, this may take a while, output is hidden unless there is an error, be patient:"
yum upgrade -y 1>/dev/null

# they might have come back with upgrade...
rm /etc/yum.repos.d/Rocky*.repo -rf

echo "##########################################################################"
echo "dnf set modules:"
dnf module switch-to -y php:remi-8.4
#dnf module switch-to -y imariadb:10.5
dnf module disable mariadb
dnf module switch-to -y python36:3.6
dnf module enable -y redis:remi-7.2
dnf module enable -y httpd:2.4
dnf module enable -y perl:5.26
dnf module enable -y perl-DBD-MySQL:4.046
dnf module enable -y perl-DBD-SQLite:1.58
dnf module enable -y perl-DBI:1.641
dnf module enable -y perl-IO-Socket-SSL:2.066
dnf module enable -y perl-libwww-perl:6.34
dnf module enable -y squid:4
dnf module enable -y container-tools:rhel8
dnf module enable -y nginx:1.14
dnf module enable -y freeradius:3.0


echo "##########################################################################"
echo "dnf install, installing SME Server ... this may take a while:"
dnf install @smeserver -y

# check 
if [[ -f /sbin/e-smith/console ]]; then
	echo "... all seems good untill now"
else
	echo "... exiting something is missing, try again dnf --disablerepo=* --enablerepo=smeos install @smeserver -y"
	exit 1
fi

echo "##########################################################################"
echo "dnf upgrade"
dnf upgrade -y 1>/dev/null

echo "##########################################################################"
echo "starting runit, so we can run a few services"
/usr/bin/systemctl restart runit.service 

echo "##########################################################################"
echo "cleaning /var/service/"
find /var/service/ -type f -iname control -exec rm {} \;

echo "##########################################################################"
echo "starting syslog"
/usr/bin/systemctl restart rsyslog

echo "##########################################################################"
echo "running post-install event for SME..."
echo "but before, we unlink the S10init-passwords action"
unlink  /etc/e-smith/events/post-install/S10init-passwords
/sbin/e-smith/signal-event post-install

echo "##########################################################################"
echo "set admin password as set, to avoid locking you on reboot"
#need syslog to work. so just in case
#/etc/init.d/rsyslog restart
/usr/bin/systemctl restart rsyslog
/sbin/e-smith/db accounts setprop admin PasswordSet yes
/sbin/e-smith/db configuration set PasswordSet yes
/sbin/e-smith/db configuration setprop bootstrap-console Restore disabled

echo "... as we copy your current root password as admin password"
# here copy root password to admin user !!!
grep $USER /etc/shadow | cut -f 2 -d ':'>/tmp/encrypted
usermod -p $(cat /tmp/encrypted) admin
rm /tmp/encrypted -f
echo "... if access to server manager fails with admin, log to cli as root and do :"
echo "passwd admin"
# to test, there is chances it is salted, alternatively
# echo "Please give now the password for the created admin user :"
# passwd admin

echo "##########################################################################"
echo "Cleaning /service subfolders"
find /var/service/ -type f -iname control -exec rm {} \;

echo "##########################################################################"
echo "force quota check"
touch /forcequotacheck

#restart rsyslogd service in case , as console needs it to run...
echo "##########################################################################"
echo "retarting syslog"
/usr/bin/systemctl restart rsyslog.service

echo "##########################################################################"
echo "now time to configure your server using the SME Server console"
/usr/bin/perl -Mesmith::console -Mesmith::console::configure -e "esmith::console::configure->new->doit(esmith::console->new,esmith::ConfigDB->open)"

echo "##########################################################################"
echo "set SSHD to accept root login with rsa key"
/sbin/e-smith/db configuration setprop  sshd status enabled PermitRootLogin yes access public
/sbin/e-smith/expand-template /etc/ssh/ssh_config
/sbin/e-smith/expand-template /etc/ssh/sshd_config
/usr/bin/systemctl restart sshd.service
# a sshd reload does not regenerate the keys and failed
# doing one after to do the rest (masq etc.)
/sbin/e-smith/signal-event  remoteaccess-update

echo "##########################################################################"
echo "Enable access to server-manager to the following IPs:"
echo "Please type IP.IP.IP.IP/255.255.255.255,IP2.IP2.IP2.IP2/255.255.255.255  to allow access to the manager from the desired IP. Leave blank if you do want to have access to the manager from outside the lan. Fill with 0.0.0.0/0.0.0.0 if you live on the edge!"
read validfrom
if [ ! -z "$validfrom" ]; then
	/sbin/e-smith/db configuration setprop httpd-admin ValidFrom  $validfrom
	/sbin/e-smith/signal-event post-upgrade
else
	echo "nothing to do"
fi


echo "##########################################################################"
echo "Last cleaning:"
# last tidying
find /var/service/ -type f -iname control -exec rm {} \;

# just in case before reboot
/sbin/e-smith/db configuration set PasswordSet yes
/sbin/e-smith/db configuration setprop bootstrap-console Restore disabled


echo "##########################################################################"
echo "you just have to issue a '/sbin/e-smith/signal-event reboot'; or simply 'reboot' and enjoy your SME"
echo "But before that, are you sure you have added a working SSH key to ~/.ssh/authorized_keys ?"
echo "##########################################################################"

# some fixup to have a minimal working system 
/usr/bin/systemctl restart network wan tinydns dnscache dnscache.forwarder dhcpd
/usr/bin/systemctl restart httpd-e-smith smanager
# fix radiusd not starting
/sbin/e-smith/ignal-event smeserver-radiusd-update