#!/bin/bash 

# https://docs.nextcloud.com/server/latest/admin_manual/installation/source_installation.html

IPV4=$(ip addr | grep 'inet ' | grep -v '127.0' | head -n1 | awk '{print $2}' | cut -f1 -d /)
DBNAME=$(whiptail --title "DB" --inputbox "DB Name :" 0 30 "nextcloud" 3>&1 1>&2 2>&3)
DBUSER=$(whiptail --title "DB" --inputbox "DB User :" 0 30 "nextcloud" 3>&1 1>&2 2>&3)
DBPASS=$(whiptail --title "DB" --inputbox "DB Pass :" 0 30 "nextcloud" 3>&1 1>&2 2>&3)
DATAPATH=$(whiptail --title "DATA" --inputbox "DATA Path :" 0 30 "/srv/nextcloud/data" 3>&1 1>&2 2>&3)
NCUSER=$(whiptail --title "NextCloud" --inputbox "Admin Name :" 0 30 "admin" 3>&1 1>&2 2>&3)
NCPASS=$(whiptail --title "NextCloud" --inputbox "Admin Pass :" 0 30 "admin" 3>&1 1>&2 2>&3)


apt install -y sudo apache2 coturn
apt install -y php7.4 php7.4-curl php7.4-gd php7.4-mbstring php7.4-zip php-xml php-bz2 php7.4-intl php7.4-fpm php-apcu php-memcached php-redis php-imagick php7.4-bcmath php7.4-gmp libapache2-mod-php7.4
apt install -y php7.4-mysql mariadb-server
apt install -y smbclient ffmpeg libmagickcore-6.q16-6-extra

a2dissite 000-default
a2dissite default-ssl.conf
a2enmod rewrite
a2enmod headers
a2enmod env
a2enmod dir
a2enmod mime
a2enmod ssl

sed -i "s/memory_limit =.*/memory_limit = 512M/g" /etc/php/7.4/apache2/php.ini
sed -i "s/memory_limit =.*/memory_limit = 512M/g" /etc/php/7.4/fpm/php.ini
sed -i "s/memory_limit =.*/memory_limit = 512M/g" /etc/php/7.4/cli/php.ini
echo "apc.enable_cli=1" >> /etc/php/7.4/cli/php.ini

mysql -e "CREATE DATABASE ${DBNAME};CREATE USER '${DBUSER}'@'localhost' IDENTIFIED BY '${DBPASS}';GRANT ALL ON ${DBNAME}.* TO '${DBUSER}'@'localhost' WITH GRANT OPTION;FLUSH PRIVILEGES;"

wget https://download.nextcloud.com/server/releases/latest-23.tar.bz2
tar -xvf latest-23.tar.bz2
mv nextcloud /var/www
chown -R www-data:www-data /var/www/nextcloud
mkdir -p ${DATAPATH}
chown -R www-data:www-data ${DATAPATH}

cat > /etc/apache2/sites-available/nextcloud.conf << "EOF"
<VirtualHost *:443>
	Protocols h2 http:/1.1
	DocumentRoot "/var/www/nextcloud"
	#ServerName nextcloud.your-domain.com
	ErrorLog ${APACHE_LOG_DIR}/error.log
	CustomLog ${APACHE_LOG_DIR}/access.log combined
	Header always set Strict-Transport-Security "max-age=15768000; includeSubDomains"
	SSLEngine on
	SSLCertificateFile    /etc/ssl/certs/ssl-cert-snakeoil.pem
	SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
	SSLCertificateChainFile /etc/ssl/certs/ssl-cert-snakeoil.pem
	SSLProtocol TLSv1.2

	<Directory /var/www/nextcloud/>
		Options +FollowSymlinks
		AllowOverride All
		<IfModule mod_dav.c>
			Dav off
		</IfModule>
		SetEnv HOME /var/www/nextcloud
		SetEnv HTTP_HOME /var/www/nextcloud
		Satisfy Any
	</Directory>

</VirtualHost>
EOF

a2ensite nextcloud
systemctl restart apache2

cd /var/www/nextcloud/
sudo -u www-data php occ maintenance:install \
	--database "mysql" \
	--database-name "${DBNAME}" \
	--database-user "${DBUSER}" \
	--database-pass "${DBPASS}" \
	--admin-user "${NCUSER}" \
	--admin-pass "${NCPASS}" \
	--data-dir "${DATAPATH}"
sed -i "s/0 => 'localhost/0 => '${IPV4}/" /var/www/nextcloud/config/config.php
sed -i "s/\/\/localhost/\/\/${IPV4}/" /var/www/nextcloud/config/config.php
sed -i "s/http:/https:/" /var/www/nextcloud/config/config.php
sed -i "/^);*/i\ \ 'memcache.local' => '\\\\OC\\\\Memcache\\\\APCu'," /var/www/nextcloud/config/config.php
sed -i "/^);*/i\ \ 'default_phone_region' => 'CH'," /var/www/nextcloud/config/config.php
echo "*/5  *  *  *  * php -f /var/www/nextcloud/cron.php" | crontab -u www-data -
sudo -u www-data php occ background:cron

cat >> /etc/turnserver.conf << "EOF"
listening-port=8080
listening-ip=0.0.0.0
fingerprint
use-auth-secret
static-auth-secret=AUTHSECRET
# realm=nextcloud.dom.lan
total-quota=0
bps-capacity=0
stale-nonce
no-multicast-peers
EOF
AUTHSECRET=$(openssl rand -hex 32)
sed "s/AUTHSECRET/${AUTHSECRET}/" turnserver.conf

if [ -f "/etc/iptables/rules.v4" ]; then
	sed -i '/^-A INPUT -i lo -j ACCEPT.*/a -A INPUT -p tcp -m tcp --dport 443 -m state --state NEW -j ACCEPT' /etc/iptables/rules.v4
	sed -i '/^-A INPUT -i lo -j ACCEPT.*/a # NextCloud' /etc/iptables/rules.v4
	sed -i '/^-A INPUT -i lo -j ACCEPT.*/a -A INPUT -p tcp -m tcp --dport 8080 -m state --state NEW -j ACCEPT' /etc/iptables/rules.v4
	sed -i '/^-A INPUT -i lo -j ACCEPT.*/a -A INPUT -p udp -m udp --dport 8080 -m state --state NEW -j ACCEPT' /etc/iptables/rules.v4
	sed -i '/^-A INPUT -i lo -j ACCEPT.*/a # TurnServer' /etc/iptables/rules.v4
	iptables-restore /etc/iptables/rules.v4
fi