#!/bin/bash

#apt update; apt -y upgrade; apt -y dist-upgrade

if [[ $# -eq 0 ]] ; then
    echo 'Specify domain!'
    exit 0
fi

domain=$1
latestnc="https://download.nextcloud.com/server/releases/latest.zip"

get-php () {
	apt -y install ca-certificates apt-transport-https dirmngr
	wget -q https://packages.sury.org/php/apt.gpg -O- | apt-key add -
	echo "deb https://packages.sury.org/php/ stretch main" | tee /etc/apt/sources.list.d/php.list

	apt -y update
	apt -y upgrade

	apt -y install php7.2 php7.2-fpm curl unzip php7.2-gd php7.2-json php7.2-mysql php7.2-curl php7.2-mbstring php7.2-intl php-imagick php7.2-xml php7.2-zip php-sqlite3

	sed -i 's/upload_max_filesize = 2M/upload_max_filesize = 1024M/' /etc/php/7.2/fpm/php.ini
	sed -i 's/post_max_size = 8M/post_max_size = 1024M/' /etc/php/7.2/fpm/php.ini

	service php7.2-fpm restart
}

get-caddy () {
	curl https://getcaddy.com | bash -s personal
	
	mkdir /var/log/caddy
	chown -R www-data:www-data /var/log/caddy
	
	cat >/etc/systemd/system/caddy.service << EOL
[Unit]
Description=Caddy HTTP/2 web server
Documentation=https://caddyserver.com/docs
#After=network-online.target
#Wants=network-online.target systemd-networkd-wait-online.service

[Service]
Restart=always

User=www-data
Group=www-data

Environment=CADDYPATH=/etc/ssl/caddy

ExecStart=/usr/local/bin/caddy -log stdout -agree=true -conf=/etc/caddy/Caddyfile -root=/var/tmp -agree -email=no@than.ks
ExecReload=/bin/kill -USR1 $MAINPID

KillMode=mixed
KillSignal=SIGQUIT
#TimeoutStopSec=5s

LimitNOFILE=1048576
LimitNPROC=64

PrivateTmp=true
PrivateDevices=true
ProtectHome=true
ProtectSystem=full
ReadWriteDirectories=/etc/ssl/caddy

CapabilityBoundingSet=CAP_NET_BIND_SERVICE
AmbientCapabilities=CAP_NET_BIND_SERVICE
NoNewPrivileges=true

[Install]
WantedBy=multi-user.target
EOL

	mkdir -p /etc/ssl/caddy
	mkdir -p /etc/caddy
	mkdir -p /var/www/html/nextcloud

	chown -R www-data:www-data /var/log/caddy
	chown -R www-data:www-data /var/www
	chown -R www-data:www-data /etc/ssl/caddy

	cat >/etc/caddy/Caddyfile << EOL
$domain {
	root   /var/www/html/nextcloud
	log    /var/log/caddy/nextcloud_access.log
	errors /var/log/caddy/nextcloud_errors.log

	fastcgi / /run/php/php7.2-fpm.sock php {
		env PATH /bin
	}

	header / {
		 Strict-Transport-Security	   "max-age=15768000;"
	}

	# checks for images
        rewrite {
	        ext .svg .gif .png .html .ttf .woff .ico .jpg .jpeg
		r ^/index.php/(.+)$
		to /{1} /index.php?{1}
	}
	
	rewrite {
                r ^/\.well-known/host-meta$
                to /public.php?service=host-meta&{query}
        }
	rewrite {
                r ^/\.well-known/host-meta\.json$
                to /public.php?service=host-meta-json&{query}
        }
	rewrite {
                r ^/\.well-known/webfinger$
                to /public.php?service=webfinger&{query}
        }

	rewrite {
		r ^/index.php/.*$
		to /index.php?{query}
	}

	# client support (e.g. os x calendar / contacts)
	redir /.well-known/carddav /remote.php/carddav 301
	redir /.well-known/caldav /remote.php/caldav 301

	# remove trailing / as it causes errors with php-fpm
	rewrite {
		r ^/remote.php/(webdav|caldav|carddav|dav)(\/?)(\/?)$
		to /remote.php/{1}
	}

	rewrite {
		r ^/remote.php/(webdav|caldav|carddav|dav)/(.+?)(\/?)(\/?)$
		to /remote.php/{1}/{2}
	}

	rewrite {
		r ^/public.php/(dav|webdav|caldav|carddav)(\/?)(\/?)$
		to /public.php/{1}
	}

	rewrite {
		r ^/public.php/(dav|webdav|caldav|carddav)/(.+)(\/?)(\/?)$
		to /public.php/{1}/{2}
	}
}
EOL
	systemctl enable caddy
	systemctl start caddy
}

get-nextcloud () {
	wget $latestnc
	mkdir -p /var/www/html
	unzip latest.zip -d /var/www/html
	chown -R www-data:www-data /var/www/html
	rm -r latest.zip
}

echo "Let's update everything so nothing's in the way"
apt update > /dev/null 2>&1
apt -y upgrade > /dev/null 2>&1
apt -y dist-upgrade > /dev/null 2>&1

echo "Installing latest Nextcloud with PHP 7.2 for $domain"
echo "Now kick back and relax, while we're getting PHP"
get-php > /dev/null 2>&1
echo "Done. Now we're gonna install Caddy, a maximum lazy web server that serves static and takes care of HTTPS automatically thanks to Let's Encrypt"
get-caddy > /dev/null 2>&1
echo "We're downloading Nextcloud now. Almost done."
get-nextcloud > /dev/null 2>&1
echo "==================================================================="
echo "Now go to https://$domain and set your account up, and you're done!"
echo "==================================================================="