#!/bin/bash

# IMPORT GENERIC HELPERS
source _common.sh
source /usr/share/yunohost/helpers

# https://codeberg.org/ChriChri/flohmarkt_ynh/issues/9
# check if couchdb is already installed
if [[ -e /opt/couchdb ]] || pgrep epmd > /dev/null || pgrep beam.smp || dpkg-query -W couchdb > /dev/null 2>&1; 
then
  ynh_die --message="CouchDB already installed on this host - will not proceed."
  exit 1
fi

# INITIALIZE AND STORE SETTINGS
# todo: do we need to store the password un-encrypted somewhere on the system?
# → there's no way to get the admin password later if sometimes in the future deleting
#   the app will delete its specific database only (instead of the whole couchdb server as
#   of now in the earliest versions of the integration).
ynh_app_setting_set --app=$app --key=password_couchdb_admin --value="$password_couchdb_admin"

# get port, admin_pw for already installed couchdb
# skip the installation steps below
ynh_script_progression --message="Installing CouchDB..." --weight=60

# A CouchDB node has an Erlang magic cookie value set at startup.
# This value must match for all nodes in the cluster. If they do not match,
# attempts to connect the node to the cluster will be rejected.
couchdb_magic_cookie=$(ynh_string_random --length=23 --filter='A-Za-z0-9_')
ynh_app_setting_set --app=$app --key=couchdb_magic_cookie --value="$couchdb_magic_cookie"

echo "\
couchdb couchdb/mode select standalone
couchdb couchdb/mode seen true
couchdb couchdb/bindaddress string 127.0.0.1
couchdb couchdb/bindaddress seen true
couchdb couchdb/cookie string $couchdb_magic_cookie
couchdb couchdb/adminpass password $password_couchdb_admin
couchdb couchdb/adminpass seen true
couchdb couchdb/adminpass_again password $password_couchdb_admin
couchdb couchdb/adminpass_again seen true" | debconf-set-selections
DEBIAN_FRONTEND=noninteractive # apt-get install -y --force-yes couchdb

ynh_install_extra_app_dependencies \
    --repo="deb https://apache.jfrog.io/artifactory/couchdb-deb/ $(lsb_release -c -s) main" \
    --key="https://couchdb.apache.org/repo/keys.asc" \
    --package="couchdb"

# add couchdb configuration
ynh_script_progression --message="Adding a configuration file..." --weight=2
# customize couchdb config
ynh_add_config --template="../conf/05-flohmarkt.ini" --destination="/opt/couchdb/etc/local.d/05-flohmarkt.ini"
chown root:couchdb /opt/couchdb/etc/local.d/05-flohmarkt.ini
chmod 640 /opt/couchdb/etc/local.d/05-flohmarkt.ini

# restart couchdb to pick up changes
systemctl restart couchdb
systemctl status couchdb

# get flohmarkt
ynh_setup_source --dest_dir="$install_dir/$app/"

# setup python environment for flohmarkt
ynh_secure_remove "$install_dir/venv"
python3 -m venv --without-pip "$install_dir/venv"

# install python dependencies
(
    set +o nounset
    source "$install_dir/venv/bin/activate"
    set -o nounset
    set -x
    $install_dir/venv/bin/python3 -m ensurepip
    $install_dir/venv/bin/pip3 install -r "$install_dir/$app/requirements.txt"
)

# JwtSecret
# workaround for https://github.com/YunoHost/issues/issues/2379
jwtsecret=$(ynh_string_random -l 200 -f 'a-zA-Z0-9/+'; ynh_string_random -l 142 -f 'a-zA-Z0-9/+'; echo -n '==')
ynh_app_setting_set --app=$app --key=jwtsecret --value="$jwtsecret"

password_couchdb_flohmarkt=$(ynh_string_random --length=31 --filter='A-Za-z0-9_.:,')
ynh_app_setting_set --app=$app --key=password_couchdb_flohmarkt --value="$password_couchdb_flohmarkt"

# generate flohmarkt.conf
ynh_add_config --template="../conf/flohmarkt.conf" --destination="$install_dir/$app/flohmarkt.conf"

# setup couchdb
(
    set +o nounset
    source "$install_dir/venv/bin/activate"
    set -o nounset
    cd "$install_dir/$app"
    # initialize_couchdb seems to re-try on connect problems endlessly blocking the yunohost api
    # give it 45 seconds to finish and then fail
    # https://codeberg.org/ChriChri/flohmarkt_ynh/issues/13
    timeout 45 python3 initialize_couchdb.py $password_couchdb_admin $password_couchdb_flohmarkt
)

# SETUP LOGROTATE
ynh_script_progression --message="Configuring log rotation..." --weight=2
# Use logrotate to manage application logfile(s)
ynh_use_logrotate

# NGINX CONFIGURATION
ynh_script_progression --message="Configuring NGINX web server..." --weight=3
# Create a dedicated NGINX config
ynh_add_nginx_config

# systemd.service
ynh_script_progression --message="Configuring a systemd service..." --weight=1
# Create a dedicated systemd config
ynh_add_systemd_config
# integrate into yunohost
ynh_script_progression --message="Integrating service in YunoHost..." --weight=1
yunohost service add $app --description="A decentral federated small advertisement platform" --log="/var/log/$app/$app.log"
#  logfile contains possibly the secret setup URL
mkdir -m755 -p "/var/log/$app"
touch "/var/log/$app/$app.log"
chmod 640 "/var/log/$app/$app.log"
# start service
ynh_systemd_action --service_name=$app --action="start"

# SETUP FAIL2BAN
# no need for couchdb, because it will not listen externally
# ynh_script_progression --message="Configuring Fail2Ban..." --weight=3
# 
# # Create a dedicated Fail2Ban config
# ynh_add_fail2ban_config --logpath="/var/log/couchdb/couchdb.log" --failregex="[warning] .*couch_httpd_auth: Authentication failed for user .+ from <HOST>" --max_retry=5

ynh_script_progression --message="Installation of $app completed" --last
