#module setup
mrepo=https://git.ictmaatwerk.com/VPS-scripts/MeetServer
mbranch=main/JMS

#config ssh
sed -i -e '/Port 22/c\Port 4242' -e 's/PermitRootLogin yes/PermitRootLogin prohibit-password/g' /etc/ssh/sshd_config
systemctl restart sshd > $OUTPUT 2>&1

if [ "$lecert" = "1" ] ; then
    bash /usr/share/jitsi-meet/scripts/install-letsencrypt-cert.sh
fi

##config ufw
ufw limit 4242/tcp > $OUTPUT 2>&1
ufw allow 80/tcp > $OUTPUT 2>&1
ufw allow 443/tcp > $OUTPUT 2>&1
ufw allow 4443/tcp > $OUTPUT 2>&1
ufw allow 10000/udp > $OUTPUT 2>&1

#allow other server(s) to connect
if [ "$extcon" = "1" ] ; then
    ufw allow in on "$innetworkif" to any port 53
    ufw allow in on "$innetworkif" to any port 5222
fi
echo "y" | ufw enable > $OUTPUT 2>&1

#config dnsmasq
if [ "$extcon" = "1" ] ; then
    systemctl stop dnsmasq
    curl --retry 7 --retry-delay 5 -s "$mrepo"/raw/branch/"$mbranch"/conf/dnsmasq.conf -o /etc/dnsmasq.d/main.conf 
    sed -i  -e 's/DOMAINname/'$domain'/g' -e 's/HOSTname/'${domain%%.*}'/g' -e 's/INTif/'$innetworkif'/g'  -e 's/INTip/''/g'  /etc/dnsmasq.d/main.conf
fi


#config Prosody
systemctl stop prosody jicofo
compsec=$(sed -n 's/component_secret = \(.*\)/\1/p' /etc/prosody/conf.avail/$domain.cfg.lua| head -1| tr -d '"; ')
turnsec=$(sed -n 's/turncredentials_secret = \(.*\)/\1/p' /etc/prosody/conf.avail/$domain.cfg.lua | head -1| tr -d '"; ')
sslcer=$(sed -n ' s/certificate = \(.*\)/\1/p' /etc/prosody/conf.avail/$domain.cfg.lua | head -1| tr -d '"; ')
sslkey=$(sed -n ' s/key = \(.*\)/\1/p' /etc/prosody/conf.avail/$domain.cfg.lua | head -1| tr -d '"; ')
mv /etc/prosody/conf.avail/$domain.cfg.lua /etc/prosody/conf.avail/$domain.cfg.lua.orig
curl --retry 7 --retry-delay 5 -s "$mrepo"/raw/branch/"$mbranch"/conf/prosody-Unconfigured -o /etc/prosody/conf.avail/$domain.cfg.lua
sed -i  -e 's/DOMAINname/'$domain'/g' -e 's/SSLKEY/'$sslcer'/g' -e 's/SSLKEY/'$sslkey'/g' -e 's/TURNSEC/'$turnsec'/g' -e 's/COMPSEC/'$compsec'/g' /etc/prosody/conf.avail/$domain.cfg.lua

#webappli-config
sed -i -e "/anonymousdomain:/c\anonymousdomain: 'guest.$domain'," -e '/startWithAudioMuted/c\startWithAudioMuted: true,' -e '/startWithVideoMuted/c\startWithVideoMuted: true,' -e '/fileRecordingsEnabled/c\fileRecordingsEnabled: false,' -e '/liveStreamingEnabled/c\liveStreamingEnabled: false,' -e "/^liveStreamingEnabled:.*/a\ hiddenDomain: 'recorder.$domain'," /etc/jitsi/meet/"$domain"-config.js
#Jicofo
echo "org.jitsi.jicofo.auth.URL=XMPP:$domain" >>/etc/jitsi/jicofo/sip-communicator.properties

## jibri prep
echo "org.jitsi.jicofo.jibri.BREWERY=JibriBrewery@internal.auth.$domain" >>/etc/jitsi/jicofo/sip-communicator.properties
echo "org.jitsi.jicofo.jibri.PENDING_TIMEOUT=90" >>/etc/jitsi/jicofo/sip-communicator.properties

if [ "$extcon" = "1" ] ; then
echo 'sed -i -e '/fileRecordingsEnabled/c\fileRecordingsEnabled: true,' /etc/jitsi/meet/"$domain"-config.js' > /opt/EnableJitsiRecordButton.sh
echo 'sed -i -e '/fileRecordingsEnabled/c\fileRecordingsEnabled: false,' /etc/jitsi/meet/"$domain"-config.js' > /opt/DisableJitsiRecordButton.sh
fi

#start services
systemctl enable --now prosody jicofo dnsmasq

#Create users
prosodyctl register jibri auth.$domain $jibsec
prosodyctl register recorder recorder.$domain $jibrsec
prosodyctl register $jituser $domain $jitpasswd