#!/bin/bash

toolName="nginx"
sq_toolDeps="nginx"
sq_repoUrl="https://nginx.org/packages/debian"
sq_keyUrl="https://nginx.org/keys"
sq_toolConfig="/etc/nginx/nginx.conf"
sq_toolLogConfig="/etc/logrotate.d/nginx"

sq_aptOpt=

seq_config() {
  ## Apt cmdline option to suppress user interaction
  interactive || sq_aptOpt="-y"

  ## Return of non zero value will abort the sequence
  return 0
}

step_1_info() { echo "${toolName} status"; }
step_1_alias() { echo "status"; }
step_1() {
  if ! command -v nginx >/dev/null ; then
    exe apt-cache policy nginx
    return 1
  fi
  exe nginx --version
  exe systemctl status nginx
}

step_10_info() {
  echo "Setup latest apt source list for ${toolName}:"
  echoinfo "$sq_repoUrl"
}
step_10_alias() { echo "setup"; }
step_10() {
  local lArch=
  case $(uname -m) in
    aarch64)
      lArch=arm64;;
  esac
  if [[ -n ${lArch:-} ]] ; then
    info "Detected processor architecture: ${lArch}"
    lArch="[arch=${lArch}]"
  fi

  info "Installing custom repository prerequisites:"
  exe apt update
  exe apt install apt-transport-https lsb-release ca-certificates curl ${sq_aptOpt}
  info "Setup php repository including gpg key"
  exep curl -fsSL  ${sq_keyUrl:?}/nginx_signing.key "|" gpg --dearmor -o "/etc/apt/trusted.gpg.d/nginx-keyring.gpg"
  addConf -c "deb ${lArch:-} ${sq_repoUrl:?} $(lsb_release -sc) nginx" "/etc/apt/sources.list.d/nginx.list"
  addConf -es "Package: *\nPin: origin nginx.org\nPin: release o=nginx\nPin-Priority: 900" \
    /etc/apt/preferences.d/99nginx
  exe apt update
}

step_11_info() {
  echo "Installation of ${toolName} packages:"
  echoinfo "${sq_toolDeps}"
}
step_11_alias() { echo "install"; }
step_11() {
  exe apt update
  exe apt install ${sq_toolDeps} ${sq_aptOpt:-}
  endReturn "Failed to install ${toolName}"
}

step_12_info() {
  echo "Adapt default ${toolName} configuration"
  echoinfo "Use Debian default web user \"www-data\" instead of \"nginx\"."
}
step_12() {
  if ! grep -E "user\s*nginx;" "${sq_toolConfig}" >>/dev/null ; then
    info "Nothing to do."
    return 0
  fi

  exe systemctl stop nginx

  info    "Installation from nginx.org repository detected."
  info -a "Fixing nginx user in ${sq_toolConfig}..."
  exe sed -i "s|user\(\s*\)nginx;|user\1www-data;|g" "${sq_toolConfig}"

  info -a "Fixing nginx user in ${sq_toolLogConfig}..."
  exe sed -i "s|create\(.*\)nginx adm|create\1www-data adm|g" "${sq_toolLogConfig}"

  local lQuiet=
  interactive || lQuiet="-q"
  info "Removing user nginx"
  exe deluser ${lQuiet} nginx || true # allowed to fail if non existent

  if [[ ! -e "/var/www" ]] ; then
    info "Create default web server directory."
    exe mkdir "/var/www"
    exe chown www-data: "/var/www"
  fi
}

step_13_info() { echo "Basic nginx configuration for initial letsencrypt certificate creation"; }
step_13_alias() { echo "initconf"; }
step_13() {
  exe mkdir -p "$(dirname -- "$snippetLetsencryptLoc")"

  # Writing acme-challenge code snipped for certbot web root authentication
  addConf -c "$snippetLetsencrypt" "$snippetLetsencryptLoc"

  # Writing minimal default (see below)
  addConf -c "$siteDefaultIp4" "$siteDefaultLoc"

  # try fix errors on first install attempt
  # (possible missing ipv6 support on system)
  if [ $ERNO -ne 0 ] ; then
    exe apt install ${sq_toolDeps} ${sq_aptOpt:-}
  fi

  # create webroot
  exe mkdir -p "$siteLetsencryptWww"

  info -n "Restarting Nginx..."
  if exe service nginx restart ; then
    info "ok"
  else
    info "failed"
    endReturn -o 1 "Failed to install ${toolName}"
  fi
}
snippetLetsencryptLoc="/etc/nginx/snippets/letsencrypt.conf"
siteLetsencryptWww="/var/www/letsencrypt"
snippetLetsencrypt="\
location ^~ /.well-known/acme-challenge/ {
default_type \"text/plain\";
root ${siteLetsencryptWww};
}"
siteDefaultLoc="/etc/nginx/conf.d/default"
siteDefaultIp4="server {
listen 80 default_server;

include ${snippetLetsencryptLoc};
}"

step_20_info() { echo "Installation notes"; }
step_20_alias() { echo "notes"; }
step_20() {
  color green
  cat <<NOTES_EOF
# Set user to www-data on debian and tune performance a bit

  [/etc/nginx/nginx.conf]
user www-data;
worker_processes  1;

events {
    worker_connections  1024;
    multi_accept        on;
    use                 epoll;
}
NOTES_EOF
}

# shellcheck disable=SC2034 # Appears unused
readonly sqr_minVersion=16
# shellcheck disable=SC1091 # Don't follow this source
. /usr/local/bin/sequencer.sh