#!/bin/bash
###============================================================
##      Ubuntu 18.04 VestaCP Installer
###============================================================
## Zet comments hieronder:
#
#
#
##=============================================================

##----------##
#    Menu    #
##----------##

echo "Ubuntu 18.04 VestaCP install"
echo "Welk domein (zonder WWW) mag gekoppeld worden?"
read domain
echo "Algemeen wachtwoord"
read passwd
echo "Administrator email"
read email
echo "Webserver:"
PS3='Keuze:'
options=("NGINX+PHP-FPM" "NGINX+Apache" "Apache" "Quit")
select opt in "${options[@]}"
do
    case $opt in
        "NGINX+PHP-FPM")
            webserver="--nginx yes --phpfpm yes --apache no"
            break;;
        "NGINX+Apache")
            webserver="--nginx yes --phpfpm no --apache yes"
            break;;
        "Apache")
            webserver="--nginx no --phpfpm no --apache yes"
            break;;
        "Quit")
            exit;;
        *) echo "Fout commando $REPLY";;
    esac
done

echo "FTPServer:"
PS3='Keuze:'
options=("vsftpd" "proftpd" "off")
select opt in "${options[@]}"
do
    case $opt in
        "vsftpd")
            ftp="--vsftpd yes --proftpd no"
            break;;
        "proftpd")
            ftp="--vsftpd no --proftpd yes"
            break;;
        "off")
            ftp="--vsftpd no --proftpd no"
            break;;
        *) echo "Fout commando $REPLY";;
    esac
done

echo "MailServer:"
PS3='Keuze:'
options=("exim" "exim+dovecot" "exim+dovecot+spamassassin" "exim+dovecot+spamassassin+clamav" "Off" )
select opt in "${options[@]}"
do
    case $opt in
        "exim")
            mail="---exim yes --dovecot no --spamassassin no --clamav no"
            break;;
        "exim+dovecot")
            mail="--exim yes --dovecot yes --spamassassin no --clamav no"
            break;;
        "exim+dovecot+spamassassin")
            mail="--exim yes --dovecot yes --spamassassin no --clamav yes"
            break;;
        "exim+dovecot+clamav")
            mail="--exim yes --dovecot yes --spamassassin no --clamav yes"
            break;;
        "exim+dovecot+spamassassin+clamav")
            mail="--exim yes --dovecot yes --spamassassin no --clamav yes"
            break;;
            "Off")
            mail="--exim no --dovecot no --spamassassin no --clamav no"
            break;;
        *) echo "Fout commando $REPLY";;
    esac
done

while true; do
    read -p "Installeer Netdata -> yes/no?" yn
    case $yn in
        [Yy]* ) netdata=1
        break;;
        [Nn]* ) netdata=0
        break;;
        * ) echo "Kies yes of no.";;
    esac
done

while true; do
    read -p "Installeer Wordpress -> yes/no?" yn
    case $yn in
        [Yy]* ) wordpress=1
        break;;
        [Nn]* ) wordpress=0
        break;;
        * ) echo "Kies yes of no.";;
    esac
done

cd /tmp
curl -O http://vestacp.com/pub/vst-install.sh
bash vst-install.sh "$webserver" --named no --remi yes "$ftp" --iptables yes --fail2ban yes --quota no "$mail" --softaculous no --mysql yes --postgresql no --hostname "$domain" --email "$email" --password "$passwd" --interactive yes

##-------------##
#    Certbot    #
##-------------##

case $webserver in
    "NGINX+PHP-FPM")
        certbot --nginx -n -d "$domain" -d "www.$domain" -m "$email" --hsts --redirect --no-eff-email --agree-tos
        sed -i 's/ssl ipv6only/ssl http2 ipv6only/g' /etc/nginx/sites-available/"$domain"
        sed -i 's/listen 443 ssl/listen 443 ssl http2/g' /etc/nginx/sites-available/"$domain"
        sed -i 's#include /etc/letsencrypt/options-ssl-nginx.conf;#ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;#g' /etc/nginx/sites-available/"$domain"
        break;;
    "NGINX+apache")
        certbot --nginx -n -d "$domain" -d "www.$domain" -m "$email" --hsts --redirect --no-eff-email --agree-tos
        sed -i 's/ssl ipv6only/ssl http2 ipv6only/g' /etc/nginx/sites-available/"$domain"
        sed -i 's/listen 443 ssl/listen 443 ssl http2/g' /etc/nginx/sites-available/"$domain"
        sed -i 's#include /etc/letsencrypt/options-ssl-nginx.conf;#ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;#g' /etc/nginx/sites-available/"$domain"
        break;;
    "Apache")
        certbot --apache -n -d "$domain" -d "www.$domain" -m "$email" --hsts --redirect --no-eff-email --agree-tos
        break;;
esac

cp /etc/letsencrypt/live/"$domain"/cert.pem /usr/local/vesta/ssl/certificate.crt
cp /etc/letsencrypt/live/"$domain"/privkey.pem /usr/local/vesta/ssl/certificate.key
service vesta restart

##-------------##
#    Netdata    #
##-------------##

if [ $netdata = 1 ]
    then
    apt install -y netdata
    sed -i 's/SEND_EMAIL="YES"/SEND_EMAIL="NO"/g' /etc/netdata/health_alarm_notify.conf
    iptables -I INPUT -p tcp --dport 19999 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT
    # systemctl stop netdata
    # systemctl disable netdata
fi

##---------------##
#    Wordpress    #
##---------------##

if [ $wordpress = 1 ]; then
    db_suffix=`expr $(ls -l /var/www | grep -c ^d) - 1`
    db_name="wp_$db_suffix"
    db_user="wp_$db_suffix"
    db_pass=$(date +%s|sha256sum|base64|head -c 32)
    mysql -u root -p"$password" -e "CREATE DATABASE "$db_name" DEFAULT CHARACTER SET utf8 COLLATE utf8_unicode_ci;"
    mysql -u root -p"$password" -e "GRANT ALL ON "$db_name".* TO '"$db_user"'@'localhost' IDENTIFIED BY '"$db_pass"';"
    mysql -u root -p"$password" -e "FLUSH PRIVILEGES;"
    wget https://wordpress.org/latest.tar.gz -O /tmp/wp.tar.gz
    tar xzvf /tmp/wp.tar.gz -C /tmp
    mv /tmp/wordpress/wp-config-sample.php /tmp/wordpress/wp-config.php
    cp -a /tmp/wordpress/. /var/www/"$domain"/html
    WPSalts=$(wget https://api.wordpress.org/secret-key/1.1/salt/ -q -O -)
cat <<EOF > /var/www/"$domain"/html/wp-config.php
<?php
define('DB_NAME', '$db_name');
define('DB_USER', '$db_user');
define('DB_PASSWORD', '$db_pass');
define('DB_HOST', 'localhost');
define('DB_CHARSET', 'utf8');
define('DB_COLLATE', '');
#define( 'WP_SITEURL', '' );
#define( 'WP_HOME', '' );
#define( 'ALTERNATE_WP_CRON', true );
#define('DISABLE_WP_CRON', 'true');
#define('WP_CRON_LOCK_TIMEOUT', 900);
#define('AUTOSAVE_INTERVAL', 300);
define( 'WP_MEMORY_LIMIT', '256M' );
define( 'DISALLOW_FILE_EDIT', true );
#define( 'EMPTY_TRASH_DAYS', 7 );
define( 'NOBLOGREDIRECT', 'https://$domain' );
#define( 'FS_CHMOD_DIR', ( 0755 & ~ umask() ) );
#define( 'FS_CHMOD_FILE', ( 0644 & ~ umask() ) );
#define( 'WP_ALLOW_REPAIR', true );
#define( 'FORCE_SSL_ADMIN', true );
#define( 'AUTOMATIC_UPDATER_DISABLED', true );
#define( 'WP_AUTO_UPDATE_CORE', false );
$WPSalts
\$table_prefix = '$db_name';

define('WP_DEBUG', false);
if ( !defined('ABSPATH') )
	define('ABSPATH', dirname(__FILE__) . '/');

#\$memcached_servers = array(
#    'default' => array(
#        '127.0.0.1:11211'
#    )
#);
#define('WP_REDIS_HOST', '127.0.0.1');
#define('WP_REDIS_PASSWORD', '$password');
#define('WP_REDIS_PORT', '6379');
require_once(ABSPATH . 'wp-settings.php');
EOF
fi

##-----------------##
#    Opcache GUI    #
##-----------------##

#wget https://raw.githubusercontent.com/amnuts/opcache-gui/master/index.php -O /var/www/"$domain"/html/opcache.php

##--------------##
#    Info.php    #
##--------------##

#cat > /var/www/"$domain"/html/info.php <<- "EOF"
#<?php
#phpinfo();
#EOF