#!/bin/bash
# shellcheck disable=2034,2059
true
# shellcheck source=lib.sh
. <(curl -sL https://raw.githubusercontent.com/nextcloud/vm/master/lib.sh)

# T&M Hansson IT AB © - 2019, https://www.hanssonit.se/

# Check for errors + debug code and abort if something isn't right
# 1 = ON
# 0 = OFF
DEBUG=0
debug_mode

# Activate the new config
printf "${Color_Off}We will now test that everything is OK\n"
any_key "Press any key to continue... "
a2ensite "$1"
a2dissite nextcloud_ssl_domain_self_signed.conf
a2dissite nextcloud_http_domain_self_signed.conf
a2dissite 000-default.conf
if restart_webserver
then
msg_box "New settings works! SSL is now activated and OK!

This cert will expire in 90 days if you don't renew it.
There are several ways of renewing this cert and here are some tips and tricks:
https://goo.gl/c1JHR0

To do your job a little bit easier we have added a autorenew script as a cronjob.
If you need to edit the crontab please type: crontab -u root -e
If you need to edit the script itself, please check: $SCRIPTS/letsencryptrenew.sh

Feel free to contribute to this project: https://goo.gl/3fQD65"
    crontab -u root -l | { cat; echo "@daily $SCRIPTS/letsencryptrenew.sh"; } | crontab -u root -

FQDOMAIN=$(grep -m 1 "ServerName" "/etc/apache2/sites-enabled/$1" | awk '{print $2}')
if [ "$(hostname)" != "$FQDOMAIN" ]
then
    print_text_in_color "$ICyan" "Setting hostname to $FQDOMAIN..."
    sudo sh -c "echo 'ServerName $FQDOMAIN' >> /etc/apache2/apache2.conf"
    sudo hostnamectl set-hostname "$FQDOMAIN"
    # Change /etc/hosts as well
    sed -i "s|127.0.1.1.*|127.0.1.1       $FQDOMAIN $(hostname -s)|g" /etc/hosts
    # And in the php-fpm pool conf
    sed -i "s|env\[HOSTNAME\] = .*|env[HOSTNAME] = $(hostname -f)|g" "$PHP_POOL_DIR"/nextcloud.conf
fi

# Set trusted domains
run_static_script trusted

add_crontab_le() {
# shellcheck disable=SC2016
DATE='$(date +%Y-%m-%d_%H:%M)'
cat << CRONTAB > "$SCRIPTS/letsencryptrenew.sh"
#!/bin/sh
if ! certbot renew --quiet --no-self-upgrade > /var/log/letsencrypt/renew.log 2>&1 ; then
        echo "Let's Encrypt FAILED!"--$DATE >> /var/log/letsencrypt/cronjob.log
else
        echo "Let's Encrypt SUCCESS!"--$DATE >> /var/log/letsencrypt/cronjob.log
fi

# Check if service is running
if ! pgrep apache2 > /dev/null
then
    service apache2 start
fi
CRONTAB
}
add_crontab_le

# Makeletsencryptrenew.sh executable
chmod +x $SCRIPTS/letsencryptrenew.sh

# Cleanup
rm -f $SCRIPTS/test-new-config.sh
rm -f $SCRIPTS/activate-ssl.sh
rm -f /var/www/index.php

else
# If it fails, revert changes back to normal
    a2dissite "$1"
    a2ensite nextcloud_ssl_domain_self_signed.conf
    a2ensite nextcloud_http_domain_self_signed.conf
    a2ensite 000-default.conf
    restart_webserver
    printf "${ICyan}Couldn't load new config, reverted to old settings. Self-signed SSL is OK!${Color_Off}\n"
    any_key "Press any key to continue... "
    exit 1
fi