#!/bin/bash

# env
REDMINE_VERSION="3.2.0"

# FireWall
systemctl enable firewalld.service
systemctl start firewalld.service
firewall-cmd --add-service=http --zone=public --permanent
firewall-cmd --add-service=https --zone=public --permanent
firewall-cmd --reload

# ssh disable password authentication
sed -i 's/^PasswordAuthentication yes/PasswordAuthentication no/' /etc/ssh/sshd_config
systemctl restart sshd.service

# Time zone
/bin/cp -p /usr/share/zoneinfo/Japan /etc/localtime
echo 'ZONE="Asia/Tokyo"' > /etc/sysconfig/clock
echo 'UTC=false' >> /etc/sysconfig/clock

# Yum
## Utility
yum install -y \
    bash-completion \
    bind-utils \
    lsof \
    net-tools \
    screen \
    sos \
    sysstat

## Editor
yum install -y \
    vim-enhanced

## MariaDB
yum install -y mariadb mariadb-server mariadb-devel

## DevTools
yum -y groupinstall "Development Tools"

## for Redmine
yum -y install openssl-devel readline-devel zlib-devel curl-devel libyaml-devel libffi-devel
yum -y install ImageMagick ImageMagick-devel ipa-pgothic-fonts
yum -y install ruby ruby-devel rubygems


# MariaDB Settings
mv /etc/my.cnf /etc/my.cnf.org
curl -OL https://raw.githubusercontent.com/kazuhisya/SL-Redmine/master/conf/mariadb-my.cnf
mv mariadb-my.cnf /etc/my.cnf

# Service Enable and Start
systemctl enable mariadb.service
systemctl start mariadb.service

# Create MariaDB Password
PASS=`date +%s | sha256sum | base64 | head -c 32`
echo $PASS > /root/db_password.txt

# Create Redmine DB
/usr/bin/mysql -e "CREATE DATABASE redmine DEFAULT CHARACTER SET utf8;" -D mysql
/usr/bin/mysql -e "GRANT ALL PRIVILEGES ON redmine.* TO redmine@'%' IDENTIFIED BY '${PASS}';" -D mysql

# mysql_secure_installation
/usr/bin/mysqladmin drop test -f
/usr/bin/mysql -e "DELETE FROM mysql.user WHERE User = '';" -D mysql
/usr/bin/mysql -e "DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1');" -D mysql
/usr/bin/mysql -e "SET PASSWORD FOR 'root'@'::1' = PASSWORD('${PASS}');" -D mysql
/usr/bin/mysql -e "SET PASSWORD FOR 'root'@'127.0.0.1' = PASSWORD('${PASS}');" -D mysql
/usr/bin/mysql -e "SET PASSWORD FOR 'root'@'localhost' = PASSWORD('${PASS}');" -D mysql
/usr/bin/mysqladmin flush-privileges -p${PASS}

# Ruby Gems
echo "gem: --no-ri --no-rdoc --user-install" > /root/.gemrc
echo "export PATH=\"\$HOME/.gem/ruby/bin:\$PATH\"" >> /root/.bashrc
export PATH="$HOME/.gem/ruby/bin:$PATH"
gem install bundler

# Redmine Download
curl -OL http://www.redmine.org/releases/redmine-${REDMINE_VERSION}.tar.gz
tar xvf redmine-${REDMINE_VERSION}.tar.gz
mv redmine-${REDMINE_VERSION} /var/lib/redmine

# Redmine Settings
cat << EOF | tee /var/lib/redmine/config/database.yml > /dev/null
production:
  adapter: mysql2
  database: redmine
  host: localhost
  username: root
  password: "$PASS"
  encoding: utf8
EOF

cp /var/lib/redmine/config/configuration.yml.example /var/lib/redmine/config/configuration.yml
sed -i -e 's/  rmagick_font_path:/  rmagick_font_path: \/usr\/share\/fonts\/ipa-pgothic\/ipagp.ttf/' /var/lib/redmine/config/configuration.yml

curl -OL https://raw.githubusercontent.com/kazuhisya/SL-Redmine/master/conf/redmine-config.ru
mv /var/lib/redmine/config.ru /tmp/config.ru
mv redmine-config.ru /var/lib/redmine/config.ru

# Redmine Install
cd /var/lib/redmine
echo "gem \"unicorn\"" > Gemfile.local
bundle install --without development test --path vendor/bundle
bundle exec rake generate_secret_token
RAILS_ENV=production bundle exec rake db:migrate
RAILS_ENV=production REDMINE_LANG=ja bundle exec rake redmine:load_default_data

# Unicorn Settings
cat << EOF | tee config/unicorn.rb > /dev/null
working_directory "/var/lib/redmine"
pid "/var/lib/redmine/tmp/pids/unicorn.pid"
stderr_path "/var/lib/redmine/log/unicorn.log"
stdout_path "/var/lib/redmine/log/unicorn.log"

listen "/var/lib/redmine/tmp/sockets/unicorn.sock"
worker_processes 2
timeout 30
EOF

cat << EOF | tee /usr/lib/systemd/system/redmine-unicorn.service > /dev/null
[Unit]
Description=Redmine Unicorn Server

[Service]
WorkingDirectory=/var/lib/redmine
Environment=RAILS_ENV=production
SyslogIdentifier=redmine-unicorn
PIDFile=/var/lib/redmine/tmp/pids/unicorn.pid
User=root
Group=root

ExecStart=/root/.gem/ruby/bin/bundle exec "unicorn_rails -c config/unicorn.rb -E production --path /redmine"
ExecStop=/usr/bin/kill -QUIT \$MAINPID
ExecReload=/bin/kill -USR2 \$MAINPID

[Install]
WantedBy=multi-user.target
EOF

systemctl enable redmine-unicorn.service
systemctl start redmine-unicorn.service

# Nginx Repository
cat << EOF | tee /etc/yum.repos.d/nginx-mainline.repo > /dev/null
[nginx-mainline]
name=nginx mainline repo
baseurl=http://nginx.org/packages/mainline/centos/7/x86_64/
gpgcheck=0
enabled=1
EOF

# Hack for Nginx
echo 'net.ipv4.tcp_tw_recycle = 1' >> /etc/sysctl.conf
echo 'net.ipv4.tcp_tw_reuse = 1' >> /etc/sysctl.conf
echo 'net.ipv4.tcp_max_syn_backlog = 100000' >> /etc/sysctl.conf
echo 'net.netfilter.nf_conntrack_max = 100000' >> /etc/sysctl.conf
echo 'net.nf_conntrack_max = 100000' >> /etc/sysctl.conf
echo 'fs.file-max = 320000' >> /etc/sysctl.conf
sysctl -p

# Install Nginx
yum install -y nginx

sed -i 's/worker_processes  1;/worker_processes  auto;/' /etc/nginx/nginx.conf
curl -OL https://raw.githubusercontent.com/kazuhisya/SL-Redmine/master/conf/nginx-redmine.conf
mv /etc/nginx/conf.d/default.conf /etc/nginx/conf.d/default.conf.org
mv nginx-redmine.conf /etc/nginx/conf.d/redmine.conf
ln -s /var/lib/redmine/public /usr/share/nginx/html/redmine

mv /usr/share/nginx/html/index.html /tmp/index.html
cat << EOF | tee /usr/share/nginx/html/index.html > /dev/null
<html>
<meta http-equiv="Refresh" content="0;URL=/redmine">
</html>
EOF

# Make SSL
mkdir -p  /etc/nginx/conf.d/ssl
COMMONNAME=`curl -k https://api.service.softlayer.com/rest/v3/SoftLayer_Resource_Metadata/getFullyQualifiedDomainName 2> /dev/null | sed -n -e 's/^"\(.*\)"$/\1/p'`

openssl genrsa 2048 -sha256 > /etc/nginx/conf.d/ssl/server.key
openssl req -new -sha256 -key /etc/nginx/conf.d/ssl/server.key <<EOF > /etc/nginx/conf.d/ssl/server.csr
JP
Tokyo
Example Town
Example Company
Example Section
$COMMONNAME



EOF
openssl x509 -days 3650 -req -sha256 -signkey /etc/nginx/conf.d/ssl/server.key < /etc/nginx/conf.d/ssl/server.csr > /etc/nginx/conf.d/ssl/server.crt
openssl x509 -in /etc/nginx/conf.d/ssl/server.crt -inform PEM -out /etc/nginx/conf.d/ssl/server.der -outform DER

# Nginx Start
systemctl enable nginx.service
systemctl start nginx.service