#!/bin/bash -e

#
# Unfortunately, we cannot use cli-shezargs
#

start_dir="$(pwd)"
script_dir="$(dirname $0)"

source "${script_dir}/helpers"

bucket_namespace="$1"
service="$2"

# What should we run?
install_nginx="1"
if [[ $service =~ bastion ]]; then
  unset install_nginx
fi

[[ $service == web ]] && install_nessus="1"

echo "================== $service Install nginx: $install_nginx ================================="

# Which S3 bucket should we get things from?
if [[ -n $is_dev ]]; then
  bucket="${bucket_namespace}-deploy"
  http_bucket="${bucket_namespace}-deploy"
elif [[ -n $is_prod ]]; then
  bucket="${bucket_namespace}-prod-deploy"
  http_bucket="${bucket_namespace}-deploy"
fi

jsaws-set-env SERVERASSIST_BUILDOUT_BUCKET "$http_bucket"


# ---------- Nothing works without 777 /tmp ----------
if ! stat /tmp | egrep -i '^access:.+777'; then
  sudo chmod 777 /tmp
  echo "Must log back in"

  # We are going to exit the script, but we are not done and we are not rebooting
  sleep 1
  exit 253
fi

#was: ---------- Format and mount extra data drive -------------------

# ---------- Preliminaries -------------------
if jsaws-build-block "prelim" "Setting up preliminary stuff"; then
  if ! [[ -f ~/zz_packages/prelim ]]; then

    # Update
    sudo DEBIAN_FRONTEND=noninteractive apt-get update
    sudo DEBIAN_FRONTEND=noninteractive apt-get upgrade -y
    sudo DEBIAN_FRONTEND=noninteractive apt-get install -y git curl  ntp build-essential autoconf libc6-dev automake libtool bison

    # Make a user-specific binary dir
    mkdir -p ~/local/bin
    sudo perl -pi -e "s/PATH=\"/PATH=\"\/home\/${username}\/local\/bin:/g" /etc/environment
    export PATH="${HOME}/local/bin:$PATH"

    jsaws-set-env SERVERASSIST_MY_IP "$(curl -s 'http://169.254.169.254/latest/meta-data/local-ipv4')"

    touch ~/zz_packages/prelim
  fi

  jsaws-build-block "prelim" "done"
fi

# ---------- Install AWS CLI tools ----------
if jsaws-build-block "aws-tools" "Installing AWS CLI tools"; then

  # setup ~/.cache ahead of time with the proper permissions
  mkdir -p ~/.cache
  chmod a+rx ~/.cache
  chmod ug+w ~/.cache

  # AWS cli
  mkdir -p ~/zz_packages && cd $_
  curl -s -O 'https://bootstrap.pypa.io/get-pip.py'
  sudo -H ${python_cmd} get-pip.py
  sudo -H pip install awscli
  sudo -H pip install saws

  jsaws-build-block "aws-tools" "done"
fi

# ---------- Validate against github ----------
if jsaws-build-block "validate-github" "Validate with github"; then
  if ! git config --global user.email; then

    # Github
    ssh -o "StrictHostKeyChecking no" git@github.com || true

    # Github Enterprise
    ssh -o "StrictHostKeyChecking no" git@github.azc.ext.hp.com || true

    git config --global user.email "yoshi.t.munchakoopas@hp.com"
    git config --global user.name "Yoshi T. Munchakoopas"

    if [[ $osversion != precise ]]; then
      git config --global push.default simple
    fi
  fi

  jsaws-build-block "validate-github" "done"
fi

# ---------- Get Node.js ----------
if jsaws-build-block "nodejs" "Installing node.js"; then
  if ! which node > /dev/null; then

    # Node dependencies -
    sudo DEBIAN_FRONTEND=noninteractive apt-get update
    sudo DEBIAN_FRONTEND=noninteractive apt-get install -y curl ntp build-essential autoconf libc6-dev automake libtool bison

    if [[ $(lsb_release -c) =~ xenial ]]; then
      sudo DEBIAN_FRONTEND=noninteractive apt-get install -y python python-dev python-software-properties
    fi

    # Node.js
    curl -s https://deb.nodesource.com/gpgkey/nodesource.gpg.key | sudo apt-key add -

    echo "deb https://deb.nodesource.com/node_8.x ${osversion} main" | sudo tee /etc/apt/sources.list.d/nodesource.list
    sudo DEBIAN_FRONTEND=noninteractive apt-get update
    sudo DEBIAN_FRONTEND=noninteractive apt-get install -y nodejs

    # Update so that "npm install -g" does not require sudo -- see https://docs.npmjs.com/getting-started/fixing-npm-permissions
    export NPM_CONFIG_PREFIX=/home/${username}/.npm-global
    mkdir -p $NPM_CONFIG_PREFIX
    set_env NPM_CONFIG_PREFIX $NPM_CONFIG_PREFIX

    # Put NODE_PATH in the environment
    export NODE_PATH="$(npm root -g)"
    set_env NODE_PATH "$NODE_PATH"

    # Put the new npm global in the path
    sudo perl -pi -e "s/PATH=\"/PATH=\"\/home\/${username}\/.npm-global\/bin:/g" /etc/environment
    export PATH="${NPM_CONFIG_PREFIX}/bin:$PATH"

#    # Put yarn bin at ~/local/bin
#    npm install -g yarn
#    yarn config set prefix $HOME/local
  fi

  echo $PATH

  jsaws-build-block "nodejs" "done"

  # Force a reboot
  reboot "installing Node.js deps"
fi

# ---------- Node-based utils -----------
if jsaws-build-block "node-utils" "Node-based Utilities"; then

  npm install -g cli-shezargs underscore-cli run-anywhere serve

  jsaws-build-block "node-utils" "done"
fi

# ---------- First big apt-get ----------
if jsaws-build-block "first-big-apt-get" "Big first apt-get"; then

  # Add other repos
  sudo DEBIAN_FRONTEND=noninteractive add-apt-repository -y ppa:adiscon/v8-stable

  # Install big, basic stuff
  sudo DEBIAN_FRONTEND=noninteractive apt-get update
  sudo DEBIAN_FRONTEND=noninteractive apt-get install -y \
      apt-transport-https curl tree ntp htop jq \
      libreadline6 git-core build-essential openssl nmap mercurial socat gawk libcurl4-openssl-dev ncurses-dev libncurses5-dev \
      libgdbm-dev libyaml-dev libffi-dev libreadline6-dev zlib1g zlib1g-dev libssl-dev autoconf libc6-dev automake libtool \
      bison subversion pkg-config libperl-dev liblzma-dev libpcre3 libpcre3-dev libgd-tools libsqlite3-dev sqlite3 libxml2-dev \
      libxslt-dev libmysqlclient-dev cscope exuberant-ctags realpath unzip libcairo2 libcairo2-dev libjpeg-dev rsyslog

  jsaws-build-block "first-big-apt-get" "done"

  # Reboot?
  check_reboot "big initial install"
fi

# ---------- rsyslog ----------
if jsaws-build-block "rsyslog" "Fixing for logging"; then

  # Turn on UDP inside rsyslog
  sudo perl -pi -e 's/^#(.*ModLoad\s+imudp.*)$/$1/'    /etc/rsyslog.conf
  sudo perl -pi -e 's/^#(.*UDPServerRun\s+514.*)$/$1/' /etc/rsyslog.conf

  jsaws-build-block "rsyslog" "done"
fi

# ---------- Admin ----------
if env | egrep -i '_service=admin'; then

  unset install_nginx

  # ---------- Ansible ----------
  if jsaws-build-block "ansible" "Installing ansible"; then
    if ! which ansible > /dev/null; then
      sudo DEBIAN_FRONTEND=noninteractive apt-get install software-properties-common
      sudo DEBIAN_FRONTEND=noninteractive apt-add-repository ppa:ansible/ansible
      sudo DEBIAN_FRONTEND=noninteractive apt-get update
      sudo DEBIAN_FRONTEND=noninteractive apt-get update -y
      sudo DEBIAN_FRONTEND=noninteractive apt-get install -y ansible
    fi

    jsaws-build-block "ansible" "done"
  fi

  # ---------- Admin repos ----------
  if jsaws-build-block "admin-repos" "Getting repos for admin"; then
    if ! [[ -d $HOME/dev/js-aws ]]; then

      mkdir -p ~/dev && cd $_

      [[ -d sgsg         ]] || (git clone git@github.com:briancsparks/sg sgsg       && cd sgsg                                        && npm install --production    && npm link --production)
      [[ -d js-cluster   ]] || (git clone git@github.com:briancsparks/js-cluster    && cd js-cluster    && git checkout "no-mario"    && npm install --production    && npm link --production)
      [[ -d run-anywhere ]] || (git clone git@github.com:briancsparks/run-anywhere  && cd run-anywhere                                && npm install --production    && npm link --production)
      [[ -d js-aws       ]] || (git clone git@github.com:briancsparks/js-aws        && cd js-aws                                      && npm install --production    && npm link --production)

    fi

    jsaws-build-block "admin-repos" "done"
  fi
fi

#
# Above here are mostly system utilities and such, below here are our own code. Hence,
# at this point, the software that does the system level config is generally done. So,
# we make some final fixups that should not get clobbered.
#

# ---------- Post fixups ----------
if jsaws-build-block "post-fixups" "Post fixups"; then

  # /var/log needs to have group write access
  sudo chmod g+w /var
  sudo chmod g+w /var/log

  ls -l /
  ls -l /var

  jsaws-build-block "post-fixups" "done"
fi

# ---------- nginx ----------
if jsaws-build-block "build-nginx" "NGINX"; then

  #
  # THE guide to building Nginx
  #
  # https://www.nginx.com/resources/admin-guide/installing-nginx-open-source/
  #

  if [[ -n $install_nginx ]]; then

    if ! which nginx > /dev/null; then
      mkdir -p ~/zz_packages && cd $_
      #aws s3 cp "s3://${bucket}/buildout/packages/nginx-1.9.15.tar.gz" ./
      #aws s3 cp "s3://${bucket}/buildout/packages/openssl-1.0.1u.tar.gz" ./
      #aws s3 cp "s3://${bucket}/buildout/packages/pcre-8.38.tar.gz" ./
      #aws s3 cp "s3://${bucket}/buildout/packages/zlib-1.2.8.tar.gz" ./

      curl -s -O "https://s3.amazonaws.com/${http_bucket}/buildout/packages/zlib-1.2.8.tar.gz"
      curl -s -O "https://s3.amazonaws.com/${http_bucket}/buildout/packages/pcre-8.38.tar.gz"
      curl -s -O "https://s3.amazonaws.com/${http_bucket}/buildout/packages/openssl-1.0.1u.tar.gz"
      curl -s -O "https://s3.amazonaws.com/${http_bucket}/buildout/packages/nginx-1.9.15.tar.gz"

      tar xzf "$(find ./ -maxdepth 1 -type f | egrep 'openssl.*\.tar\.gz$')"
      tar xzf "$(find ./ -maxdepth 1 -type f | egrep 'pcre.*\.tar\.gz$')"
      tar xzf "$(find ./ -maxdepth 1 -type f | egrep 'zlib.*\.tar\.gz$')"
      tar xzf "$(find ./ -maxdepth 1 -type f | egrep 'nginx.*\.tar\.gz$')"

      ln -fs "$(find ./ -maxdepth 1 -type d | egrep 'nginx')" nginx

      # According to https://forum.nginx.org/read.php?2,256012,256064#msg-256064
      # This is required on Mac to compile OpenSSL
      #export KERNEL_BITS=64

      # This name clashes with the NGINX tarball
      git clone git@github.com:vkholodkov/nginx-eval-module.git

      cd nginx
      ./configure \
        --prefix=/usr/local/nginx \
        --conf-path=/etc/nginx/nginx.conf \
        --http-log-path=/var/log/nginx/access.log \
        --error-log-path=/var/log/nginx/error.log \
        --pid-path=/var/run/nginx.pid \
        --lock-path=/var/lock/nginx.lock \
        --http-client-body-temp-path=/var/tmp/nginx/client \
        --http-proxy-temp-path=/var/tmp/nginx/proxy \
        --user=www-data \
        --group=www-data \
        --add-module=${HOME}/zz_packages/nginx/$(find ../ -maxdepth 1 -type d | egrep nginx.eval) \
        --with-http_realip_module \
        --with-openssl=${HOME}/zz_packages/nginx/$(find ../ -maxdepth 1 -type d | egrep openssl) \
        --with-pcre \
        --with-pcre=${HOME}/zz_packages/nginx/$(find ../ -maxdepth 1 -type d | egrep pcre) \
        --with-zlib=${HOME}/zz_packages/nginx/$(find ../ -maxdepth 1 -type d | egrep zlib) \
        --with-http_ssl_module \
        --with-http_perl_module \
        --with-http_stub_status_module

      # Make it!
      make

      # DO NOT use -j on these makes
      sudo make install

      # Make a link to the nginx binary from sbin
      test -f /usr/local/nginx/sbin/nginx && sudo ln -fs /usr/local/nginx/sbin/nginx /usr/sbin/nginx

      # vim
      if [ -d contrib/vim ]; then
        mkdir -p $HOME/.vim/bundle/nginx
        cp -r contrib/vim/* $HOME/.vim/bundle/nginx/
      fi

      # Give ownership of logs dirs
      sudo mkdir -p /var/log/nginx
      sudo touch /var/log/nginx/access.log
      sudo touch /var/log/nginx/error.log
      sudo chown -R www-data:www-data /var/log/nginx

      cd

      # Make dirs
      sudo mkdir -p /var/tmp/nginx && sudo chown -R www-data:www-data $_
      sudo mkdir -p /etc/nginx/sites-available
      sudo mkdir -p /etc/nginx/sites-enabled

      mkdir -p ~/www

      cd
    fi
  fi

  jsaws-build-block "build-nginx" "done"
fi



## ---------- Format and mount extra data drive -------------------
#if [[ -b /dev/xvdf && ! -d /data ]]; then
#
#  sudo mkfs.ext4 /dev/xvdf
#  echo '/dev/xvdf   /data    ext4  defaults,auto,comment=cloudconfig 0 2' | sudo tee -a /etc/fstab
#
#  sudo mkdir /data && sudo mount /data
#  sudo mkdir -p /data/data
#  sudo chown ${USER}:${USER} /data/data
#
#  # Now you can ln to the extra capacity
#  #ln -s  /data/data /home/${username}/data
#fi