#!/bin/sh

while [ $# -gt 0 ] ; do
  case $1 in
    --projectroot) PROJECTROOT=$2; shift 2;;
       --dataroot)    DATAROOT=$2; shift 2;;
               * )  shift 1;;
  esac
done

cd `dirname $0`
 
 . /etc/os-release

if [ "$ID" = "ubuntu" ]; then
  cat appamor.server | sed -e "s@####PROJECTROOT####@$PROJECTROOT@g" > /etc/apparmor.d/`echo $PROJECTROOT | sed -e 's@/@@' -e 's@/@.@g'`.sbs.programs.server
  cat appamor.rexec  | sed -e "s@####PROJECTROOT####@$PROJECTROOT@g" > /etc/apparmor.d/`echo $PROJECTROOT | sed -e 's@/@@' -e 's@/@.@g'`.sbs.programs.rexec
fi
 
if [ ! -f /etc/mne/sbs/standard.conf ]; then
  mv /etc/mne/sbs/standard.install /etc/mne/sbs/standard.conf
else
  rm /etc/mne/sbs/standard.install
fi

modified=
if [ -f /etc/apache2/conf-available/mne_sbs.conf ]; then
    modified=`cat /etc/apache2/conf-available/mne_sbs.conf | awk '/mne_custom/ { print "1"; exit }'`
fi

if [ ! "$modified" = "1" ]; then
	mv /etc/apache2/conf-available/mne_sbs.conf.dist /etc/apache2/conf-available/mne_sbs.conf
fi

modified=
if [ -f /etc/apache2/sites-available/mne_sbs.conf ]; then
    modified=`cat /etc/apache2/sites-available/mne_sbs.conf | awk '/mne_custom/ { print "1"; exit }'`
fi

if [ ! "$modified" = "1" ]; then
	cp /etc/apache2/sites-available/mne_sbs.conf.dist /etc/apache2/sites-available/mne_sbs.conf
fi
rm /etc/apache2/sites-available/mne_sbs.conf.dist

mkdir /var/log/mne >/dev/null 2>&1
if [ "$ID" = "ubuntu" ]; then
  chown syslog:syslog /var/log/mne
fi
  
systemctl enable mne_sbs.service

if [ -f $PROJECTROOT/sbs/programs/server.arg ]; then
    echo 'server.arg exists - update manual'
else
   cp $PROJECTROOT/sbs/programs/server.dist.arg     $PROJECTROOT/sbs/programs/server.arg
   echo                                          >> $PROJECTROOT/sbs/programs/server.arg
   echo "projectroot:  $PROJECTROOT"             >> $PROJECTROOT/sbs/programs/server.arg
fi

chown root:root $PROJECTROOT/sbs/programs/rexec
chmod ug+s  $PROJECTROOT/sbs/programs/rexec

chgrp -R postgres $PROJECTROOT/sbs/db;
chmod -R g+rw  $PROJECTROOT/sbs/db;

chmod -R g+rwx $PROJECTROOT/sbs/db/dbupdate;

mkdir -p $DATAROOT
chown -R root:www-data $DATAROOT
chmod -R g+w $DATAROOT
find $DATAROOT -type d | xargs -d"\n" chmod g+ws

if [ -d $DATAROOT/cert ]; then
	chown -R root:root "$DATAROOT/cert" 
    find "$DATAROOT/cert" -type d | xargs chmod  770 

	chown -R root:root $DATAROOT/cert/key 2>/dev/null 1>&2
	chmod  600 $DATAROOT/cert/key/* 2>/dev/null 1>&2

	#setfacl -R -m   u:www-data:rwx $DATAROOT/cert/key
    #setfacl    -m d:u:www-data:rwx $DATAROOT/cert/key
fi

chown root:root /etc/mne
chown -R root:root /etc/mne/sbs

a2enmod ssl
a2enmod rewrite
a2enmod proxy
a2enmod proxy_http
a2enmod proxy_wstunnel
a2enmod headers
a2enmod sed

a2enmod dbd
a2enmod authn_dbd
a2enmod authz_dbd
a2enmod authz_host
a2enmod authnz_ldap
a2enmod dav
a2enmod dav_fs

if [ ! -f /etc/apache2/sites-available/000-default-ssl.conf ]; then
  mv /etc/apache2/sites-available/default-ssl.conf /etc/apache2/sites-available/000-default-ssl.conf
fi
a2ensite 000-default-ssl.conf

a2enconf mne_sbs.conf

systemctl restart apache2.service
