#!/usr/bin/bash
source /etc/os-release

# Create system users
useradd -U -r -s /usr/sbin/nologin nginx
useradd -U -r -s /usr/sbin/nologin servnest
useradd -U -r -s /usr/sbin/nologin sftpgo

# Set proper permissions

chown -R knot:knot /var/lib/knot/confdb
chmod -R u=rwX,g=rwX,o= /var/lib/knot/confdb
usermod -aG knot servnest

chown -R knot:knot /var/log/knot
chmod -R u=rwX,g=,o= /var/log/knot

chown -R servnest:knot /srv/servnest/ns
chmod -R u=rwX,g=rwX,o= /srv/servnest/ns
chown -R servnest:knot /srv/servnest/reg
chmod -R u=rwX,g=rwX,o= /srv/servnest/reg

chown -R servnest:nginx /srv/servnest/nginx /srv/servnest/subpath /srv/servnest/subdomain
chmod -R u=rwX,g=rX,o= /srv/servnest/nginx /srv/servnest/subpath /srv/servnest/subdomain

chown -R sftpgo:sftpgo /etc/sftpgo
chmod -R u=rX,g=rX,o=rX /etc/sftpgo
chmod u=r,g=,o= /etc/sftpgo/ed25519

chown -R servnest:sftpgo /srv/servnest/ht
chmod -R u=rwX,g=rwX,o=rX /srv/servnest/ht

if [[ $ID = "debian" ]]; then
	chown -R servnest:debian-tor /srv/servnest/tor-config
	chown -R debian-tor:debian-tor /srv/servnest/tor-keys
else
	chown -R servnest:tor /srv/servnest/tor-config
	chown -R tor:tor /srv/servnest/tor-keys
fi
chmod -R u=rwX,g=rX,o= /srv/servnest/tor-config
chmod -R u=rwX,g=,o= /srv/servnest/tor-keys

chown -R servnest:nginx /srv/servnest/core /srv/servnest/errors
chmod -R u=rX,g=rX,o= /srv/servnest/core /srv/servnest/errors
chown -R servnest:servnest /srv/servnest/core/db
chmod -R u=rwX,g=,o= /srv/servnest/core/db

# Load configuration in Knot database
sudo -u knot knotc conf-import /etc/knot/knot.conf

# PHP paths unification across distributions

export PHP_INI=/etc/php/php.ini

if [[ $ID = "debian" ]]; then
	rm /etc/php/8.2/fpm/php-fpm.conf
	ln -s /etc/php/php-fpm.conf /etc/php/8.2/fpm/php-fpm.conf
	ln -s /etc/php/php-fpm.d/ /etc/php/8.2/fpm/pool.d

	export PHP_INI=/etc/php/8.2/fpm/php.ini
fi

# Configure PHP-FPM properly

cat >> $PHP_INI << EOF
expose_php = Off
display_errors = On
extension = pdo_sqlite
extension = sodium
extension = gettext
zend_extension = opcache
opcache.jit_buffer_size = 32M
EOF

# Configure Tor

if [[ $ID = "debian" ]]; then
	mv /etc/systemd/system/tor.service.d/ /etc/systemd/system/tor@default.service.d/
	sed -i 's/User tor/User debian-tor/' /etc/tor/torrc
	sed -i 's/reload tor/reload tor@default/' /etc/sudoers.d/servnest
	sed -i 's/ALL=(tor)/ALL=(debian-tor)/' /etc/sudoers.d/servnest
	sed -i 's/systemctl reload tor"/systemctl reload tor@default"/' /srv/servnest/core/config.ini
	sed -i 's/tor_user = "tor"/tor_user = "debian-tor"/' /srv/servnest/core/config.ini
fi

# Start SystemD services at startup

systemctl enable sftpgo

if [[ $ID = "arch" ]]; then
	systemctl enable sshd
	systemctl enable knot
	systemctl enable nginx
	systemctl enable tor
	systemctl enable php-fpm

	pacman-key --init
	pacman-key --populate
fi