#! /bin/bash
# @author   alban
# @since    2019-09-06
# @license  GPLv3
# @url      https://git.interhacker.space/alban/wekan-bash-installer

MSG="Please provide the domain name you want to host wekan on [Default:localhost] : "
read -p "$MSG" DOMAIN
DOMAIN=${DOMAIN:-localhost}

MSG="Please provide the email address for wekan service mails [Default:wekan@${DOMAIN}] : "
read -p "$MSG" EMAIL
DEFAULT_EMAIL="wekan@$DOMAIN"
EMAIL=${EMAIL:-$DEFAULT_EMAIL}

[ "$DOMAIN" != "localhost" ] && {
  MSG="Do you want to deploy an HTTPS vhost for wekan? [Y/n]"
  read -p "$MSG"
  REPLY=${REPLY:-Y}
  SSL=$( [ "${REPLY^^}" == "Y" ] && echo "yes" || echo "no" )

}

################################################################################
# You MIGHT change the following variables depending on your situation
################################################################################

# Which nodejs do you wish to install
NODEREPO="node_12.x"


################################################################################
# After that, you should not need to edit anything below.
# But hack at leisure ;)
################################################################################

# This script will only work on Debian 9 "Stretch"
DISTRO="stretch"

# Helper functions
ops=0
Lets(){ let $(( ops++ )); echo -e "\n# ${ops}: $@\n"; }
Red(){ echo -e "\033[0;31m$@\033[0m"; }

# Now comments will be noted by "^Lets" lines, see next line as an example
Lets install required packages for basic APT operations
apt update
apt install -y apt-transport-https curl gnupg

Lets install the nodejs repository
curl -s https://deb.nodesource.com/gpgkey/nodesource.gpg.key | apt-key add -
echo "deb https://deb.nodesource.com/${NODEREPO} ${DISTRO} main" > /etc/apt/sources.list.d/$NODEREPO.list

Lets install application packages and set the services auto up
apt update
apt install -y nodejs mongodb mongodb-server git nginx npm supervisor certbot make g++ unzip
for f in mongodb nginx supervisor ; do systemctl enable $f; done

dpkg -l postfix | grep -q -E "^.i +postfix" || {

  Lets install and configure the email service
  Red Caution! Please choose the  \"Internet Site\" option when requested!
  apt install -y postfix

  Lets configure Postfix to run on local loopback only
  postconf -e 'inet_interfaces = 127.0.0.1'
  service postfix restart

}

if [ $SSL == "yes" ] ; then

  Lets create the nginx HTTP virtual host
cat << HEREDOC > /etc/nginx/sites-available/wekan.conf
# nginx configuration for wekan proxying

# this section is needed to proxy web-socket connections
map \$http_upgrade \$connection_upgrade {
    default upgrade;
    ''      close;
}
server {
  listen 80;
  server_name $DOMAIN;
  large_client_header_buffers 8 64k;
  client_header_buffer_size 64k;
  location .well-known/acme-challenge {
    root /var/www/letsencrypt;
  }
  location / {
    return 301 https://\$host\$request_uri;
  }
}
HEREDOC
  [ -L /etc/nginx/sites-enabled/wekan.conf ] || ln -s ../sites-available/wekan.conf /etc/nginx/sites-enabled/wekan.conf

  Lets reload nginx
  nginx -t && service nginx reload

  Lets request the certificate from Letsencrypt
  mkdir -p /var/www/letsencrypt/.well-known/acme-challenge
  echo "test $(hostname) OK" > /var/www/letsencrypt/.well-known/acme-challenge/test.txt
  chown -R www-data:www-data /var/www/letsencrypt
  curl http://$DOMAIN/.well-known/acme-challenge/test.txt && \
  certbot certonly --webroot --agree-tos -w /var/www/letsencrypt/ --email certs@$DOMAIN -d $DOMAIN

  Lets create the HTTPS virtual host
cat << HEREDOC >> /etc/nginx/sites-available/wekan.conf
server {
  listen 443 http2;
  server_name $DOMAIN;
  large_client_header_buffers 8 64k;
  client_header_buffer_size 64k;
  ssl on;
  ssl_certificate     /etc/letsencrypt/live/$DOMAIN/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/$DOMAIN/privkey.pem;
  ssl_protocols TLSv1.2 TLSv1.1 TLSv1;

  # If your application is not compatible with IE <= 10, this will redirect visitors to a page advising a browser update
  # This works because IE 11 does not present itself as MSIE anymore
  if (\$http_user_agent ~ "MSIE" ) {
      return 303 https://browser-update.org/update.html;
  }

  # Pass requests to Wekan.
  # If you have Wekan at https://example.com/wekan , change location to:
  # location /wekan {
  location / {
      proxy_pass http://127.0.0.1:8080;
      proxy_http_version 1.1;
      proxy_set_header Upgrade \$http_upgrade; # allow websockets
      proxy_set_header Connection \$connection_upgrade;
      proxy_set_header X-Forwarded-For \$remote_addr; # preserve client IP

      # this setting allows the browser to cache the application in a way compatible with Meteor
      # on every applicaiton update the name of CSS and JS file is different, so they can be cache infinitely (here: 30 days)
      # the root path (/) MUST NOT be cached
      if (\$uri != '/wekan') {
          expires 30d;
      }
  }

}
HEREDOC

  Lets reload nginx to handle HTTPS
  nginx -t && service nginx restart
else

  Lets create the nginx HTTP virtual host
cat << HEREDOC > /etc/nginx/sites-available/wekan.conf
# nginx configuration for wekan proxying

# this section is needed to proxy web-socket connections
map \$http_upgrade \$connection_upgrade {
    default upgrade;
    ''      close;
}
server {
  listen 80;
  server_name $DOMAIN;
  large_client_header_buffers 8 64k;
  client_header_buffer_size 64k;
  location .well-known/acme-challenge {
    root /var/www/letsencrypt;
  }

  # If your application is not compatible with IE <= 10, this will redirect visitors to a page advising a browser update
  # This works because IE 11 does not present itself as MSIE anymore
  if (\$http_user_agent ~ "MSIE" ) {
      return 303 https://browser-update.org/update.html;
  }

  # Pass requests to Wekan.
  # If you have Wekan at https://example.com/wekan , change location to:
  # location /wekan {
  location / {
      proxy_pass http://127.0.0.1:8080;
      proxy_http_version 1.1;
      proxy_set_header Upgrade \$http_upgrade; # allow websockets
      proxy_set_header Connection \$connection_upgrade;
      proxy_set_header X-Forwarded-For \$remote_addr; # preserve client IP

      # this setting allows the browser to cache the application in a way compatible with Meteor
      # on every applicaiton update the name of CSS and JS file is different, so they can be cache infinitely (here: 30 days)
      # the root path (/) MUST NOT be cached
      if (\$uri != '/wekan') {
          expires 30d;
      }
  }
}
HEREDOC

fi

Lets create the supervisor configuration
mkdir /var/log/wekan
ROOT_URL=$( [ $SSL == "yes" ] && echo "https://$DOMAIN" || echo "http://$DOMAIN")

cat << HEREDOC > /etc/supervisor/conf.d/wekan.conf
[program:wekan]
command=/usr/bin/node main.js
process_name=%(program_name)s
numprocs=1
directory=/home/wekan/bundle
umask=022
priority=999
autostart=true
startsecs=1
startretries=3
autorestart=unexpected
exitcodes=0,2
stopsignal=QUIT
stopwaitsecs=10
stopasgroup=false
killasgroup=false
user=wekan
redirect_stderr=false
stdout_logfile=/var/log/wekan/out.log
stdout_logfile_maxbytes=1MB
stdout_logfile_backups=10
stdout_capture_maxbytes=1MB
stdout_events_enabled=false
stderr_logfile=/var/log/wekan/err.log
stderr_logfile_maxbytes=1MB
stderr_logfile_backups=10
stderr_capture_maxbytes=1MB
stderr_events_enabled=false
environment=MONGO_URL='mongodb://127.0.0.1:27017/wekan',ROOT_URL='$ROOT_URL',MAIL_URL='smtp://localhost:25/',MAIL_FROM='$EMAIL',PORT=8080,BIND_IP=127.0.0.1,HTTP_FORWARDED_COUNT=1
serverurl=AUTO
HEREDOC

Lets create the auto upgrade script
cat << HEREDOC > /usr/local/sbin/auto_upgrade_wekan
#! /bin/bash
exec & >> /var/log/auto_upgrade_wekan.log
URL="https://releases.wekan.team/"
NEW=\$(curl -s \$URL | grep -e ">wekan.*zip"|sed -r "s/^.*>wekan-(.*?).zip<.*\$/\1/"| sort | tail -n 1)
CUR=\$(readlink /home/wekan/bundle| cut -d"/" -f 4)
[ "\$NEW" == "\$CUR" ] && exit 0
[ -e /home/wekan/\$NEW ] && exit 0
echo "\$(date) Install \$NEW"
TMP=\$( mktemp -d )
cd "\$TMP"
wget --quiet "\$URL/wekan-\$NEW.zip"
unzip "wekan-\$NEW.zip" &>/dev/null
mv bundle "/home/wekan/\$NEW"
cd "/home/wekan/\$NEW/programs/server"
npm uninstall fibers
npm install fibers
chown -R wekan:wekan "/home/wekan/\$NEW"
rm -rf "\$TMP"
rm -f "/home/wekan/bundle"
ln -s "/home/wekan/\$NEW" "/home/wekan/bundle"
supervisorctl restart wekan
echo "\$(date) Restarted"
HEREDOC
chmod +x /usr/local/sbin/auto_upgrade_wekan
cat << HEREDOC > /etc/cron.d/auto_upgrade_wekan
PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin/:/usr/local/bin/
0 0 * * * root /usr/local/sbin/auto_upgrade_wekan
HEREDOC

Lets add a wekan user
adduser --disabled-password --gecos "" wekan

Lets download the latest bundle
URL="https://releases.wekan.team/"
NEW=$(curl -s $URL | grep -e ">wekan.*zip"|sed -r "s/^.*>wekan-(.*?).zip<.*$/\1/"| sort | tail -n 1)
TMP=$( mktemp -d )
cd "$TMP"
wget --quiet "$URL/wekan-$NEW.zip"
unzip "wekan-$NEW.zip" &>/dev/null
mv bundle "/home/wekan/$NEW"
cd "/home/wekan/$NEW/programs/server"
npm uninstall fibers
npm install fibers
chown -R wekan:wekan "/home/wekan/$NEW"
rm -rf "$TMP"
ln -s "/home/wekan/$NEW" "/home/wekan/bundle"

Lets reload supervisor
supervisorctl reread
supervisorctl update