#!/bin/bash
###============================================================
##      Ubuntu 18.04 Web Server Installer
###============================================================
## Zet comments hieronder:
#
#
#
##=============================================================

##----------##
#    Menu    #
##----------##

echo "Ubuntu 18.04 installatie script."
echo "Domein zonder www:"
read domain
while true; do
    read -p "bestaat www.${domain} in DNS -> yes/no?" yn
    case $yn in
        [Yy]* ) domainwww=1
        break;;
        [Nn]* ) domainwww=0
        break;;
        * ) echo "Kies yes of no.";;
    esac
done
echo "Algemeen wachtwoord:"
read password
echo "Administrator email:"
read email
echo "Webserver:"
PS3='Keuze:'
options=("Apache" "Nginx proxy" "Nginx proxy & standalone" "Nginx, PHP-FPM" "Quit")
select opt in "${options[@]}"
do
    case $opt in
        "Apache")
            webserv=a
            script=https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Web/raw/branch/master/Apache-Installer.sh
            break;;
        "Nginx proxy")
        	webserv=np
            script=https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Web/raw/branch/master/RevProxySimple.sh
            break;;
        "Nginx proxy & standalone")
        	webserv=nps
            script=https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Web/raw/branch/master/RevProxyAdvanced.sh
            break;;
        "Nginx, PHP-FPM")
        	webserv=n
            script=https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Web/raw/branch/master/NGINX-Installer.sh
            break;;
        "Quit")
            exit;;
        *) echo "Fout commando $REPLY";;
    esac
done

while true; do
    read -p "Password login uit zetten -> yes/no?" yn
    case $yn in
        [Yy]* ) sshkey=1
        break;;
        [Nn]* ) sshkey=0
        break;;
        * ) echo "Kies yes of no.";;
    esac
done

if [ $webserv = n ]; then
    while true; do
        read -p "Brotli Precompression > yes/no?" yn
        case $yn in
            [Yy]* ) brotlinginx=1
            break;;
            [Nn]* ) brotlinginx=0
            break;;
            * ) echo "Kies yes of no.";;
        esac
    done
    while true; do
        read -p "Nextcloud Setup? > yes/no?" yn
        case $yn in
            [Yy]* ) nextcloud=1
            break;;
            [Nn]* ) nextcloud=0
            break;;
            * ) echo "Kies yes of no.";;
        esac
    done
else
    brotlinginx=0
    nextcloud=0
fi


while true; do
    read -p "Installeer Cockpit -> yes/no?" yn
    case $yn in
        [Yy]* ) cockpit=1
        break;;
        [Nn]* ) cockpit=0
        break;;
        * ) echo "Kies yes of no.";;
    esac
done

while true; do
    read -p "Installeer Netdata -> yes/no?" yn
    case $yn in
        [Yy]* ) netdata=1
        break;;
        [Nn]* ) netdata=0
        break;;
        * ) echo "Kies yes of no.";;
    esac
done

while true; do
    read -p "Installeer Memcached -> yes/no?" yn
    case $yn in
        [Yy]* ) memcached=1
        break;;
        [Nn]* ) memcached=0
        break;;
        * ) echo "Kies yes of no.";;
    esac
done

while true; do
    read -p "Installeer Redis Cache -> yes/no?" yn
    case $yn in
        [Yy]* ) redis=1
        break;;
        [Nn]* ) redis=0
        break;;
        * ) echo "Kies yes of no.";;
    esac
done

while true; do
    read -p "Installeer Wordpress -> yes/no?" yn
    case $yn in
        [Yy]* ) wordpress=1
        break;;
        [Nn]* ) wordpress=0
        break;;
        * ) echo "Kies yes of no.";;
    esac
done

##----------------##
#    Pre-Config    #
##----------------##


if [ ! -d ~/.ssh ]
then
   mkdir ~/.ssh
fi
echo "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDOtJ4ZiLi+SntA3m54oEJjlA8bE73gggkhGjOaVHsLNo6YmKtZlPaxwWiGvoATv4Vm41WWxKbUWbYGHVTe8DusqKpf/JCgB1r/8rQe828qwaEGXWGxta1Ykq+ndDeBLFGhVp0nNdcnND5HIwarEW4zhBDXUMzYw7IBxPYb48tVIobs/yPN6nSWT2G8FX7XDJNifS+ThVLnCHHS3i/uio8b8jz1oT2s6UH09EBwxg99+0yVaSQV2q8CthDZ8rSgz8pAhQ6FwVfUd9c/PQjtbUSQStvKvr3muv5Q8UnzAvKiO83rsM91aDwv0E6kqpB77BrkpfQXOJNDmdqlnsa2AlkL ICTMaatwerk@Key" >> ~/.ssh/authorized_keys
echo "root:$password" | chpasswd
cd /tmp
#mv /boot/grub/menu.lst /boot/grub/menu.lst.bck
apt install -y software-properties-common
add-apt-repository -y ppa:certbot/certbot
apt update
apt upgrade -y
apt dist-upgrade -y
apt install -y rsync grsync sshpass
apt clean
apt autoremove -y
hostnamectl set-hostname $domain
sed -i 's/;preserve_hostname: false/preserve_hostname: true/g' /etc/cloud/cloud.cfg
timedatectl set-timezone Europe/Amsterdam
sed -i 's/#/vm.swappiness=10/g' /etc/sysctl.conf
sed -i 's/#/vm.vfs_cache_pressure=50/g' /etc/sysctl.conf

sed -i 's/IPV6=yes/IPV6=no/g'   /etc/default/ufw
sed -i "\$a0 3 * * 1 root apt update >/dev/null 2>&1&& apt upgrade -y >/dev/null 2>&1" /etc/crontab
systemctl restart cron
ufw allow OpenSSH
ufw allow 443/tcp
ufw allow 80/tcp
ufw limit ssh
echo "y" | ufw enable

mkdir /root/.ssh

apt install fail2ban -y

##-------------------##
#    Install Phase    #
##-------------------##

echo "****************************"
sleep 0.5
echo "Installatie duurt 5 minuten."
sleep 0.5
echo "****************************"

wget $script -O Ubuntu-Web_Installer.sh
source Ubuntu-Web_Installer.sh

##------------------##
#    MySQL Config    #
##------------------##

rm /etc/mysql/my.cnf
cat > /etc/mysql/my.cnf <<- "EOF"
# - "/etc/mysql/my.cnf" to set global options,
[mysqld_safe]
socket		= /var/run/mysqld/mysqld.sock
nice		= 0

[mysqld]
user		= mysql
pid-file	= /var/run/mysqld/mysqld.pid
socket		= /var/run/mysqld/mysqld.sock
port		= 3306
basedir		= /usr
datadir		= /var/lib/mysql
tmpdir		= /tmp
lc-messages-dir	= /usr/share/mysql
skip-external-locking

innodb_buffer_pool_size = 1G # (adjust value here, 50%-70% of total RAM)
innodb_log_file_size = 256M
innodb_flush_log_at_trx_commit = 1 # may change to 2 or 0
innodb_flush_method = O_DIRECT
bind-address		= 127.0.0.1
key_buffer_size		= 16M
max_allowed_packet	= 16M
thread_stack		= 192K
thread_cache_size       = 8
myisam-recover-options  = BACKUP
#max_connections        = 100
#table_open_cache       = 64
#thread_concurrency     = 10
query_cache_limit	= 1M
query_cache_size        = 16M
log_error = /var/log/mysql/error.log
expire_logs_days	= 10
max_binlog_size   = 100M
EOF

##-------------##
#    Cockpit    #
##-------------##

if [ $cockpit = 1 ]; then
    wget https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Cockpit/raw/branch/master/Slave-installer.sh -O Slave-Installer.sh
    source Slave-Installer.sh
fi



if [ $sshkey = 1 ]; then
	sed -i 's/PermitRootLogin yes/PermitRootLogin prohibit-password/g' /etc/ssh/sshd_config
fi

##------------------------##
#    PHP-Myadmin update    #
##------------------------##

bash <(curl -s https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Web/raw/branch/master/PHPMyAdmin_Updater.sh)

##-------------------##
#    Backup Script    #
##-------------------##
wget https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Backup/raw/branch/master/WP_Ftp-Backup.sh -O /root/backup.sh 
chmod +x /root/backup.sh 

wget https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Backup/raw/branch/master/install-backup-tools.sh -O /root/install-backup-tools.sh 
chmod +x /root/install-backup-tools.sh

echo "Installatie geslaagd!"

##------------##
#    Reboot    #
##------------##

echo "Reboot in:"
sleep 1
echo 3
sleep 1
echo 2
sleep 1
echo 1
reboot