#!/bin/bash
if [ -f /root/aggregate.version ]; then
  echo "System already configured. Skipping script"
  exit 0
fi

cat << EOF > /root/aggregate-config.json
{
  "home": "/root",
  "jdbc": {
    "host": "127.0.0.1",
    "port": 5432,
    "db": "aggregate",
    "schema": "aggregate",
    "user": "aggregate",
    "password": "aggregate"
  },
  "security": {
    "hostname": "foo.bar",
    "forceHttpsLinks": true,
    "port": 80,
    "securePort": 443,
    "checkHostnames": false
  },
  "tomcat": {
    "uid": "tomcat8",
    "gid": "tomcat8",
    "webappsPath": "/var/lib/tomcat8/webapps"
  }
}
EOF

DEBIAN_FRONTEND=noninteractive

add-apt-repository -y universe
add-apt-repository -y ppa:certbot/certbot
apt-get -y update
apt-get -y install \
 zip \
 unzip \
 wget \
 curl \
 tomcat8 \
 postgresql-10 \
 openjdk-8-jdk-headless \
 nginx \
 software-properties-common \
 python-certbot-nginx

apt-get -y remove openjdk-11-jre-headless

apt-get -y autoremove

su - postgres -c "psql -c \"CREATE ROLE aggregate WITH LOGIN PASSWORD 'aggregate'\""
su - postgres -c "psql -c \"CREATE DATABASE aggregate WITH OWNER aggregate\""
su - postgres -c "psql -c \"GRANT ALL PRIVILEGES ON DATABASE aggregate TO aggregate\""
su - postgres -c "psql -c \"CREATE SCHEMA aggregate\" aggregate"
su - postgres -c "psql -c \"ALTER SCHEMA aggregate OWNER TO aggregate\" aggregate"
su - postgres -c "psql -c \"GRANT ALL PRIVILEGES ON SCHEMA aggregate TO aggregate\" aggregate"

rm /etc/nginx/sites-enabled/default
cat << EOF > /etc/nginx/sites-enabled/aggregate
server {
    client_max_body_size 100m;
    server_name foo.bar;

    location / {
        proxy_pass http://127.0.0.1:8080;
    }
}
EOF

curl -H"Metadata-Flavor: Google" http://metadata.google.internal/computeMetadata/v1/instance/hostname > /tmp/domain-name
sed -i -e 's/foo\.bar/'"$(cat /tmp/domain-name)"'/' /root/aggregate-config.json
sed -i -e 's/foo\.bar/'"$(cat /tmp/domain-name)"'/' /etc/nginx/sites-enabled/aggregate

curl -sSL https://api.github.com/repos/getodk/aggregate-cli/releases/latest \
| grep "aggregate-cli.zip" \
| cut -d: -f 2,3 \
| tr -d \" \
| wget -O /tmp/aggregate-cli.zip -qi -

unzip /tmp/aggregate-cli.zip -d /usr/local/bin
chmod +x /usr/local/bin/aggregate-cli

aggregate-cli -i -y -c /root/aggregate-config.json

service nginx restart

(crontab -l 2>/dev/null; echo "0 0 1 * * /usr/bin/certbot renew > /var/log/letsencrypt/letsencrypt.log") | crontab -