#!/usr/bin/bash

# Clean configuration directories (will be filled with mkosi.extra/)
rm -r /etc/nginx/*
rm -r /etc/ssh/*
source /etc/os-release
if [[ $ID = "debian" ]]; then
	rm -r /etc/php/7.4/fpm/pool.d/*
fi

# Create system users
useradd -U -r -s /usr/sbin/nologin nginx
useradd -U -r -s /usr/sbin/nologin php-niver
useradd -U -r -s /usr/sbin/nologin php-errors
useradd -U -r -s /usr/sbin/nologin sftpgo

# Set proper permissions

chown -R knot:knot /var/log/knot
chmod -R 700 /var/log/knot

chown -R knot:php-niver /srv/ns
chmod -R 770 /srv/ns

chown -R php-niver:nginx /srv/ht
chmod -R 740 /srv/ht

chown -R php-niver:nginx /srv/php/niver/public/css/
chmod -R 750 /srv/php/niver/public/css/

chown -R php-niver:php-niver /srv/php/niver/db
chmod -R 700 /srv/php/niver/db

chown -R php-niver:php-niver /srv/php/niver/niver.log
chmod -R 600 /srv/php/niver/niver.log

# Load configuration in Knot database
systemctl stop knot
sudo -u knot knotc conf-import /etc/knot/knot.conf
systemctl start knot

# Generate default self-signed TLS key pair
openssl req -subj '/' -new -newkey RSA:3072 -days 3650 -nodes -x509 -keyout /etc/ssl/private/niver.key -out /etc/ssl/certs/niver.crt

# Generate SSH server key pair
ssh-keygen -f /etc/ssh/ed25519 -t ed25519 -N ""
ssh-keygen -lvf /etc/ssh/ed25519 > /etc/ssh/ed25519.fp

# Configure PHP-FPM properly
echo "display_errors = On" >> /etc/php/php.ini
echo "extension = pdo_sqlite" >> /etc/php/php.ini