#!/bin/ksh93

GL_VERSION='2.6.2'
# Since we wanna use focal, which comes with ruby 2.7 we need at least d4a9c5d,
# which is ~ 1 week younger than 2.5.6 and ~ 2 weeks older than 2.6.0.
#GL_VERSION='master'

typeset -r VERSION='1.0' FPROG=${.sh.file} PROG=${FPROG##*/} SDIR=${.sh.file%/*}
export LC_CTYPE='C.UTF-8'

typeset -A DEFAULTS=(
	[DATADIR]="/data/greenlight"	# SQlite and env store
	[USR]='webservd'			# run as user. 	systemd
	[GRP]='webservd'			# run as group.	systemd
	[INSTANCE]='bbb'			# name of the instance to setup - keep short.
)

LIC='[-?'"${VERSION}"' ]
[-copyright?Copyright (c) 2020 Jens Elkner. Alle Rechte vorbehalten.]
[-license?CDDL 1.0]'

for H in log.kshlib man.kshlib ; do
	X=${SDIR}/$H
	[[ -r $X ]] && . $X && continue
	X=${ whence $H; }
	[[ -z $X ]] && print "$H nicht gefunden - Abbruch." && exit 1
	. $X 
done
unset H

function showUsage {
	typeset WHAT="$1" X='--man'
	[[ -z ${WHAT} ]] && WHAT='MAIN' && X='-?'
    getopts -a "${PROG}" "${ print ${Man.FUNC[${WHAT}]}; }" OPT $X
}

function cleanup {
	[[ -z ${TMP} ]] && return 0
	rm -rf ${TMP}
}

function makeRubyRc {
	typeset L X= V=

	gem env |while read L ; do
		[[ ${L:0:30} == '- USER INSTALLATION DIRECTORY:' ]] || continue
		X="${L:31}"
		break
	done
	V=${X##*/}

	if [[ ! -e ~/.ruby_rc ]]; then
		cat >~/.ruby_rc<<EOF
setenv V $V
setenv BUNDLE bundle${V%.*}
setenv BUNDLE_DIR $X
setenv REPO ~/webapp
setenv INSTALL_DIR /var/lib/gems/\$V
setenv GEM_PATH "\${BUNDLE_DIR}:/usr/lib/ruby/gems/\${V}:/usr/share/rubygems-integration/\${V}:/usr/share/rubygems-integration/all:/usr/lib/x86_64-linux-gnu/rubygems-integration/\${V}:\${INSTALL_DIR}"

# see also ${SOPT[DATADIR]}/*.env

# puma -C config/puma.rb --control=\${CTRL_SOCKET} --control-token=
# pumactl --control-url=\${CTRL_SOCKET} \\
#	{stop|restart|status|stats|halt|phased-restart}
EOF
		Log.info '~/.ruby_rc created.'
	elif (( VERB )); then
		Log.info '~/.ruby_rc already exists. Leaving as is.'
	fi
	if [[ ! -e ~/.ruby_sh_rc ]]; then
		sed -e '/^setenv/ s/setenv \([A-Z_]*\) /\1=/' ~/.ruby_rc >~/.ruby_sh_rc
		Log.info '~/.ruby_sh_rc created.'
	elif (( VERB )); then
		Log.info '~/.ruby_sh_rc already exists. Leaving as is.'
	fi
	return 0
}

function makeGreenLightEnv {
	typeset SECRET=${ openssl rand -hex 64 ; } CFG="${1:-/tmp/cfg}" \
		NAME="${SOPT[INSTANCE]}" X VARS

	if [[ -s ${CFG} ]]; then
		(( VERB )) && Log.info "'${CFG}' already exists. Leaving as is."
		return 0
	fi
	if [[ -z ${ZDOMAIN} ]]; then
		set -- ${ getent hosts `uname -n`; }
		shift
		while [[ -n $1 ]]; do
			[[ $1 =~ \. ]] && ZDOMAIN="$1" && ZDOMAIN=${ZDOMAIN#*.} && break
		done
	fi
	[[ -z ${BASE_DN} ]] && BASE_DN="ou=${ZDOMAIN//,/,ou=}"

	cat >${CFG}<<EOF
# see ${PWD}/config/puma.rb
PORT=8080
RAILS_ENV=production
RAKE_ENV=production
CTRL_SOCKET="unix:///tmp/pumactl-${NAME}.sock"
RAILS_MAX_THREADS=5
WEB_CONCURRENCY=8
# Disable serving static files from '/public'. If != "", rails assumes that
# nginx or httpd serves them directly.
#RAILS_SERVE_STATIC_FILES=false

# where bootsnap puts its precompiled stuff. Default: tmp/cache
BOOTSNAP_CACHE_DIR=/tmp/cache.${NAME}
; [[ -z \${INVOCATION_ID} ]] && BOOTSNAP_CACHE_DIR=tmp/cache.${NAME}
RAILS_LOG_TO_FILE=/var/log/greenlight/${NAME}.log
; [[ -z \${INVOCATION_ID} ]] && RAILS_LOG_TO_FILE=log/\${RAILS_ENV}.log


# see ${PWD}/sample.env

# Show application currently in maintenance mode page?
MAINTENANCE_MODE=false
# Optinal info about the maintenance window. E.g.:
#MAINTENANCE_WINDOW=Friday August 18 6pm-10pm EST

# Set the context root to use. Make sure the proxying httpd uses the same.
RELATIVE_URL_ROOT=/${NAME}

# source this file before running any app related commands
SECRET_KEY_BASE=${SECRET}

# The BBB server URL and secret. You can retrive these by running the
# following command on the related BigBlueButton server:   bbb-conf --secret
# It extracts from /usr/share/bbb-web/WEB-INF/classes/bigbluebutton.properties
# the values of 'bigbluebutton.web.serverURL' and 'securitySalt' property.
# Keep them in sync! Enable|disable SSL on the B3 server requires async!
BIGBLUEBUTTON_ENDPOINT=http://${NAME}.${ZDOMAIN}/bigbluebutton/
BIGBLUEBUTTON_SECRET=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

# Neither Google, nor Twitter, nor Office365 auths are allowed here. Just LDAP:
#LDAP_SERVER=ldap.${ZDOMAIN}
#LDAP_PORT=686
#LDAP_METHOD=ssl
#LDAP_UID=uid
#LDAP_BASE=ou=people,${BASE_DN}
#LDAP_BIND_DN=cn=proxy,ou=roles,${BASE_DN}
#LDAP_AUTH=simple
#LDAP_PASSWORD=my_proxy_secret
#LDAP_ROLE_FIELD=
#	Only accounts with no or future expiration date are allowed to login.
#LDAP_FILTER=(&(objectclass=posixAccount)(|(ds-pwp-account-expiration-time:relativeTimeOrderingMatch.gt:=-0w)(!(ds-pwp-account-expiration-time=*))))

# and Greenlight's own accounts.
ALLOW_GREENLIGHT_ACCOUNTS=true

# Any registration form shoud always be secured by recaptcha to prevent abuse.
# Get your keys via https://www.google.com/recaptcha/admin
RECAPTCHA_SITE_KEY=
RECAPTCHA_SECRET_KEY=

# Sent verification emails upon the creation of a new account.
ALLOW_MAIL_NOTIFICATIONS=true

# SMTP parameters. If SMTP_SERVER is not set, sendmail will be used, which is
# usually ok, because it adheres to the system settings.
#SMTP_SERVER=mail
#SMTP_SENDER=webadm+gl.${NAME}
#SMTP_PORT=25
#	Use STARTTLS if the server supports it.
#SMTP_STARTTLS_AUTO=false
#	Force to use the given HELO name. Usually this should be left empty!
#SMTP_DOMAIN=
#	How to sennd the password: none (use no authentication)| plain (clear text)
#	| login (Base64 encoded) | cram_md5 (combines a Challenge/Response 
#	mechanism to exchange and MD5 to hash information)
#SMTP_AUTH=none
#	Required if SMTP_AUTH != none
#SMTP_USERNAME=
#SMTP_PASSWORD=

# Default registration method to be used by Greenlight until an admin sets it
# explicitly. Allowed values are:
#	- open: open registration
#	- invite: invite only registration
#	- approval: approve/decline registration
DEFAULT_REGISTRATION=invite

# Password to use if one uses 'bundle exec rake admin:create' to create
# the default 'Administrator' account with the e-mail 'admin@example.com'.
# However, you should not do this, but create a different account using 
# 'bundle exec rake user:create[$name,$email,$password,$role]' with
# $role == 'admin'.
ADMIN_PASSWORD=123adm.

# Specify which settings the users can configure on or edit after room creation.
# By default, all settings are turned OFF. Current settings available:
#	- mute-on-join: auto-mute users when joining a room
#	- require-moderator-approval: no room joining without moderator approval
#	- anyone-can-start: alllow anyone with a join url to start the room
#	- all-join-moderator: all users join as room moderator
ROOM_FEATURES=mute-on-join,require-moderator-approval,anyone-can-start

# Max. number of records to be sent to the B3 API in one call. Default: 25
PAGINATION_NUMBER=25

# Max. number of rows per page for a paginated table. Default: 25
NUMBER_OF_ROWS=100

# Display the Google Calendar button?
ENABLE_GOOGLE_CALENDAR_BUTTON=true

# Force all access to the app over SSL
ENABLE_SSL=false

# Database settings
EOF
	typeset MYSQL='#	MYSQL
DB_ADAPTER=mysql2
DB_NAME='"gl-${NAME}"'
DB_HOST=db
DB_PORT=3306
DB_USERNAME=gladm
DB_PASSWORD=gladm_pw
'
	typeset SQLITE='#	Sqlite3
DB_ADAPTER=sqlite3
DB_NAME='"${SOPT[DATADIR]}/db-${NAME}.sqlite3"'
#	keep blank
DB_HOST=
DB_PORT=
DB_USERNAME=
DB_PASSWORD=
'
	if (( ${SOPT[MYSQL]} )); then
		print "${MYSQL}\n${SQLITE//$'\n'/$'\n#'}" >>${CFG}
	else
		print "${MYSQL//$'\n'/$'\n#'}\n${SQLITE}" >>${CFG}
	fi
	while read X ; do
		[[ $X =~ ^[A-Z_]+= ]] && VARS+=" ${X%%=*}"
	done <${CFG}
	print "\nexport ${VARS}" >>${CFG}

	ln -sf ${CFG} ${REPO}/${CFG##*/}
	Log.info "'${CFG}' created."
	Log.warn "Adjust '${CFG}' and '+ systemctl restart greenlight:${NAME}'\n."
}

function setupSystemd {
	typeset NAME=${SOPT[INSTANCE]}
	typeset F=/lib/systemd/system/greenlight:${NAME}.service
	if [[ -e $F ]]; then
		(( VERB )) && Log.info "'$F' already exists - leaving as is."
		return 0
	fi
	Log.info "Creating '$F' ..."
	cat >$F<<EOF
[Unit]
Description=Greenlight - a simple front-end interface for BigBlueButton server
After=network.target auditd.service
Before=apache24.service nginx.service

[Service]
Type=simple

LimitNOFILE=64535
User=${SOPT[USR]}
Group=${SOPT[GRP]}

ExecStartPre=-+/lib/systemd/scripts/greenlight -i ${NAME} checkDB
ExecStart=/lib/systemd/scripts/greenlight -TALL -i ${NAME} start
ExecStartPost=-+/lib/systemd/scripts/greenlight -i ${NAME} fixSocket

ExecStop=/lib/systemd/scripts/greenlight -i ${NAME} stop
TimeoutStopSec=30s

ExecReload=/lib/systemd/scripts/greenlight -i ${NAME} restart

Restart=on-failure

StandardOutput=file:/var/log/greenlight:${NAME}.log
StandardError=file:/var/log/greenlight:${NAME}.log

[Install]
WantedBy=multi-user.target
EOF

	if [[ ! -e /lib/systemd/scripts/greenlight ]]; then
		if [[ -e ~admin/greenlight.sh ]]; then
			cp ~admin/greenlight.sh /lib/systemd/scripts/greenlight
			chmod 755 /lib/systemd/scripts/greenlight
		else
			Log.fatal "'/lib/systemd/scripts/greenlight' is missing."
			return 2
		fi
	fi
	systemctl daemon-reload
	return 0
}

function installGemsAsSystem {
	typeset M
	integer OOPS=0

	# see Dockerfile
	typeset GEMS=(
		bn-ldap-authentication							# ruby-net-ldap
		bigbluebutton-api-ruby							# ruby-xml-simple
		'--version=~>4.3.1,bootstrap'					# ruby-zeitwerk
			popper_js mini_portile
			'--version=>=9.1.0,autoprefixer-rails'
		'--version=~>0.1.4,tabler-rubygem' # ruby-{execjs,autoprefixer-rails}
		pagy
		'--version=~>5.9.0,font-awesome-sass'			# ruby-ffi ruby-sassc
		remote_syslog_logger
			syslog_protocol
		random_password
		i18n-language-mapping
		'--version=~>0.1.3,omniauth-bn-launcher'
		'--version=~>0.1.1,omniauth-bn-office365'
	)

	cd ${REPO} || return 1
	cp ~admin/etc/Gemfile .
	for M in ${GEMS[@]} ; do
		gem install --ignore-dependencies --no-document --minimal-deps \
			--without=development,test,assets \
			-i ${INSTALL_DIR} ${M//,/ } || (( OOPS++ ))
	done

	# fix sass dependency which is in 0.1.4.1 on github
	cd /var/lib/gems/*/gems/tabler-rubygem-* && \
		patch -p1 -i ~admin/etc/greenlight-tabler.patch
	cd -

	# finally
	${BUNDLE} lock --local
	return ${OOPS}
}

function installGemsAsUser {
	cd ${REPO} || return 1

	# + 123 MiB lz4 compressed dev env + 130 MB local gems
	${BUNDLE} config set without 'development:test:assets'
	${BUNDLE} config build.nokogiri --use-system-libraries
	# cat ~/.bundle/config
	${BUNDLE} install -j20 --path=${INSTALL_DIR} --binstubs=bin/
	${BUNDLE} config set deployment 'true'
	${BUNDLE} config --global frozen 1
}

function installGreenLight {
	typeset X

	if [[ -e ${REPO}/config.ru ]]; then
		(( VERB )) && Log.info "~/webapp already exists. Skip cloning."
	else
		cd ${REPO%/*}
		git clone https://github.com/bigbluebutton/greenlight.git webapp
		cd webapp
		if [[ ${GL_VERSION} != 'master' ]]; then
			git checkout release-${GL_VERSION} || return 1
		fi
		git checkout -b jel

		# ruby 2.7 support
		sed -i -e "/^gem 'bootsnap'/ s/1\..\../1.4.6/" Gemfile

		# no postgres bloat, but sqlite3 for production as well
		sed -i -e "/'pg'/ s/^/#/" -e '/sqlite3/ d' \
			-e "/^group :production/ i\gem 'sqlite3', '~> 1.4.2'\n" \
			Gemfile
		sed -i -e '/^# workers ENV/ s/^# //' -e '/^# preload_app/ s/^# //' \
			config/puma.rb
	fi

	X=${ ls -d ${INSTALL_DIR}/ruby/$V/gems/bigbluebutton-api-ruby* 2>/dev/null; }
	if [[ -z $X ]]; then
		(( VERB )) && Log.info "Installing GEMs ..."
		rm -rf ~/.bundle ~/.gem ~/.cache 
		rm -rf ${INSTALL_DIR}/*
		# motherfucking ruby bundler brain damaged stuff does not work with
		# system installed Gems, even if version matches. 
		(( 1 )) && installGemsAsUser || installGemsAsSystem
		rm -rf ~/.bundle/cache/* ${REPO}/tmp/cache/*
		find ${INSTALL_DIR} -name "*.o" -exec rm -f {} +
	elif (( VERB )); then
		Log.info 'GEMs seem to be installed already.' \
			"If not, 'rm -rf ${INSTALL_DIR}/*' and try again."
	fi

	return 0
	# bin/puma -C config/puma.rb
}

function updateDBandAssets {
	cd ${REPO}

	(( VERB )) && Log.info "RAILS_ENV=${RAILS_ENV}"

	typeset X=${ ${BUNDLE} exec rake db:create 2>&1 ; }
	if [[ $X =~ already\ exists ]]; then
		${BUNDLE} exec rake db:migrate
	else	# if [[ $X =~ ^Created database ]]; then
		${BUNDLE} exec rake db:schema:load
	fi
	Log.info 'Precompiling assets ...'
	${BUNDLE} exec rake assets:precompile
}

function doMain {
	[[ -z ${SOPT[DATADIR]} ]] && SOPT[DATADIR]=${DEFAULTS[DATADIR]}
	[[ -z ${SOPT[GRP]} ]] && SOPT[GRP]=${DEFAULTS[GRP]}
	[[ -z ${SOPT[USR]} ]] && SOPT[USR]=${DEFAULTS[USR]}
	[[ -z ${SOPT[INSTANCE]} ]] && SOPT[INSTANCE]=${DEFAULTS[INSTANCE]}
	[[ ! -d ${SOPT[DATADIR]} ]] && { mkdir -p ${SOPT[DATADIR]} || return 4 ; }

	if (( ${SOPT[SVCS]} )); then
		setupSystemd
		return $?
	fi

	if [[ ${LOGNAME} == 'root' || ${ id -u; } == "0" ]]; then
		Log.fatal "This script should be run by a non-root user like 'webadm'."
		return 5
	fi

	TMP=${ mktemp -td gl.XXXXXX ; }
	[[ -z ${TMP} ]] && Log.fatal 'No temp dir - exiting.' && return 6

	makeRubyRc && . ~/.ruby_sh_rc || return 7

	# setup the app env, which we use in the systemd file as well
	typeset CFG=${SOPT[DATADIR]}/${SOPT[INSTANCE]}.env
	makeGreenLightEnv "${CFG}" && . ${CFG} || return 8
#	while read X ; do
#		[[ ${X:0:8} == '#export ' ]] && export ${X:8} && break
#	done <${CFG}

	installGreenLight && updateDBandAssets
}

Man.addFunc MAIN '' '[+NAME?'"${PROG}"' - Greenlight service setup.]
[+DESCRIPTION?Simple script to clone greenlight via git, install all required GEMs, initialize/update the instance related database if needed, and to generate a simple systemd script to start/stop the related greenlight server instance. One may run this script multiple times. Software including GEMs get installed only ones, i.e. all instances use the same software but different environment variables, which are honored by greenlight.]
[+?This script should be run by an unprivileged user like \awebadm\a except when option \b-s\b is given.]
[h:help?Print this help and exit.]
[F:functions?Print a list of all functions available.]
[T:trace]:[functionList?A comma separated list of functions of this script to trace (convinience for troubleshooting).] 
[+?]
[d:datadir]:[path?Use the given \apath\a to store the config file, user database and certificate incl. key. Default: '"${DEFAULTS[DATADIR]}"']
[g:group]:[name?Run the server using the GID of group \aname\a. Default: '"${DEFAULTS[GRP]}"']
[i:instance]:[name?Setup the environment for the instance with the given \aname\a. Default: '"${DEFAULTS[INSTANCE]}"'.]
[m:mysql?If given, prepare MySQL db usage, otherwise use Sqlite3.]
[s:svcs?Just setup the systemd service and exit. This action requires write privileges to \b/lib/systemd/system/\b and privileges to reload systemd config.]
[u:user]:[name?Run the server using the UID of user \aname\a. Default: '"${DEFAULTS[USR]}"']
[v:verbose?Print some additional infos about what the script is doing.]
[+FILES?]{
	[+~/.ruby_rc?Ruby related settings for tcsh.]
	[+~/.ruby_sh_rc?Ruby related settings for bourne shell compatible shells.]
	[+~webadm/webapp?The default directory, where greenlight gets cloned to (\b$REPO\b).]
	[+${REPO}/${INAME}.env?Seetings for the Greenlight instance named \aINAME\a.]
	[+${DATADIR}/${INAME}.sqlite3?Sqlite3 DB for the Greenlight instance \aINAME\a.]
	[+/lib/systemd/system/greenlight::${INAME}.service?The systemd service management file for the Greenlight instance named \aINAME\a.]
}
'
unset SOPT TMP VERB; typeset -A SOPT
typeset TMP
integer VERB=0
typeset X="${ print ${Man.FUNC[MAIN]} ; }"

while getopts "${X}" option ; do
	case "${option}" in
		h) showUsage MAIN ; exit 0 ;;
		F) typeset +f ; exit 0 ;;
		H)  if [[ ${OPTARG%_t} != $OPTARG ]]; then
				${OPTARG} --man   # self-defined types
			else
				showUsage "${OPTARG}"   # function
			fi
			exit 0
			;;
		T)	if [[ ${OPTARG} == 'ALL' ]]; then
				typeset -ft ${ typeset +f ; }
			else
				typeset -ft ${OPTARG//,/ }
			fi
			;;
		d) SOPT[DATADIR]="${OPTARG}" ;;
		g) SOPT[GRP]="${OPTARG}" ;; 
		i) SOPT[INSTANCE]="${OPTARG}" ;;
		m) SOPT[MYSQL]=1 ;;
		u) SOPT[USR]="${OPTARG}" ;;
		s) SOPT[SVCS]=1 ;;
		v) VERB=1 ;;
		*) showUsage ;;
	esac
done
X=$((OPTIND-1))
shift $X ; unset X

trap cleanup EXIT

doMain "$@"