#!/bin/bash

# Retrieve arguments
domain=${1}
url_path=${2}
server_name=${3}
crt_client_path=${4}
crt_client_key_path=${5}
crt_server_ca_path=${6}
ip6_net=${7}

# Check arguments
# TODO

# Check domain/path availability
sudo yunohost app checkurl ${domain}${url_path} -a vpnclient
if [ ! $? -eq 0 ]; then
  exit 1
fi

# Install packages
sudo apt-get --assume-yes --force-yes install openvpn php5-fpm

# Install extra packages
sudo apt-get --assume-yes --force-yes install sipcalc

# Compute extra arguments
ip6_expanded_net=$(sipcalc "${ip6_net}" | grep Expanded | awk '{ print $NF; }')
ip6_net=$(sipcalc "${ip6_net}" | grep Compressed | awk '{ print $NF; }')
ip6_addr=$(echo "$(echo "${ip6_expanded_net}" | cut -d: -f1-7):1")
ip6_addr=$(sipcalc "${ip6_addr}" | grep Compressed | awk '{ print $NF; }')

# Save arguments
sudo yunohost app setting vpnclient server_name -v "${server_name}"
sudo yunohost app setting vpnclient server_port -v 1194
sudo yunohost app setting vpnclient server_proto -v udp
sudo yunohost app setting vpnclient ip6_addr -v "${ip6_addr}"
sudo yunohost app setting vpnclient ip6_net -v "${ip6_net}"

# Copy confs
sudo install -b -o root -g root -m 0644 ../conf/openvpn_client.conf.tpl /etc/openvpn/client.conf.tpl
sudo install -b -o root -g root -m 0644 ../conf/nginx_vpnadmin.conf "/etc/nginx/conf.d/${domain}.d/vpnadmin.conf"
sudo install -b -o root -g root -m 0644 ../conf/phpfpm_vpnadmin.conf /etc/php5/fpm/pool.d/vpnadmin.conf

# Copy web sources
sudo mkdir -pm 0755 /var/www/vpnadmin/
sudo cp -a ../sources/* /var/www/vpnadmin/

sudo chown -R root: /var/www/vpnadmin/
sudo chmod -R 0644 /var/www/vpnadmin/*
sudo find /var/www/vpnadmin/ -type d -exec chmod +x {} \;

# Copy certificates
sudo mkdir -pm 0770 /etc/openvpn/keys/
sudo chown root:admins /etc/openvpn/keys/

sudo install -b -o root -g admins -m 0660 "${crt_client_path}" /etc/openvpn/keys/user.crt
sudo install -b -o root -g admins -m 0660 "${crt_client_key_path}" /etc/openvpn/keys/user.key
sudo install -b -o root -g admins -m 0660 "${crt_server_ca_path}" /etc/openvpn/keys/ca-server.crt

sudo rm -f "${crt_client_path}" "${crt_client_key_path}" "${crt_server_ca_path}"

# Create user for the web admin
sudo useradd -MUr vpnadmin

# Fix confs
## nginx
sudo sed "s|<TPL:NGINX_LOCATION>|${url_path}|g" -i "/etc/nginx/conf.d/${domain}.d/vpnadmin.conf"
sudo sed 's|<TPL:NGINX_REALPATH>|/var/www/vpnadmin/|g' -i "/etc/nginx/conf.d/${domain}.d/vpnadmin.conf"
sudo sed 's|<TPL:PHP_NAME>|vpnadmin|g' -i "/etc/nginx/conf.d/${domain}.d/vpnadmin.conf"

## php-fpm
sudo sed 's|<TPL:PHP_NAME>|vpnadmin|g' -i /etc/php5/fpm/pool.d/vpnadmin.conf
sudo sed 's|<TPL:PHP_USER>|admin|g' -i /etc/php5/fpm/pool.d/vpnadmin.conf
sudo sed 's|<TPL:PHP_GROUP>|admins|g' -i /etc/php5/fpm/pool.d/vpnadmin.conf
sudo sed 's|<TPL:NGINX_REALPATH>|/var/www/vpnadmin/|g' -i /etc/php5/fpm/pool.d/vpnadmin.conf
sudo sed 's|^;\?\s*max_execution_time.\+|max_execution_time = 600|' -i /etc/php5/fpm/php.ini

# Fix sources
sudo sed "s|<TPL:NGINX_LOCATION>|${url_path}|g" -i /var/www/vpnadmin/config.php

# Copy init script
sudo install -b -o root -g root -m 0755 ../conf/init_ynh-vpnclient /etc/init.d/ynh-vpnclient

# Set default inits
# The openvpn configuration is modified before the start, so the service is disabled by default
# and the ynh-vpnclient service handles it.
# All services are registred by yunohost in order to prevent conflicts after the uninstall.
sudo yunohost service add openvpn
sudo yunohost service stop openvpn
sudo yunohost service disable openvpn

sudo yunohost service add php5-fpm
sudo yunohost service enable php5-fpm
sudo yunohost service stop php5-fpm
sudo yunohost service start php5-fpm

sudo yunohost service add ynh-vpnclient
sudo yunohost service enable ynh-vpnclient
sudo service ynh-vpnclient start

sudo service nginx reload

# Update SSO for vpnadmin
sudo yunohost app ssowatconf

# Restart hotspot service if installed to change NAT configuration (now on tun0)
# A new start will fix the interface without unsetting all stuff
sudo yunohost app list -f hotspot --json | grep -q '"installed": true'
if [ $? -eq 0 ]; then
  sudo service ynh-hotspot start
fi

exit 0