#!/usr/bin/env bash

run_directory=$(dirname $(readlink -f "$0"))
user=$(whoami)

if [[ $user != 'root' ]]; then
  sudo="sudo"
else
  sudo=""
fi

distro=$(lsb_release -si)

# TODO if Arch
if [[ $distro == "Debian" ]]; then
  echo "Setting CUPS configuration"
  $sudo mv /etc/cups/cupsd.conf /etc/cups/cupsd.conf.orig
  $sudo cp $run_directory/cupsd.conf /etc/cups/cupsd.conf
else
  echo "TODO: Edit cupsd.conf so as to allow remote access (see Arch wiki)."
fi

if [[ $distro == "Debian" ]]; then
  echo "Installing scanservjs directly from GitHub..."
  curl -s https://raw.githubusercontent.com/sbs20/scanservjs/master/bootstrap.sh | sudo bash -s -- -v latest
fi
if [[ $distro == "Arch" ]]; then
  echo "Starting and enabling scanservjs..."
  $sudo systemctl enable --now scanservjs.service
fi

echo "Generating TLS certificate"
$sudo openssl req -newkey rsa:4096 -x509 -sha256 -days 999 -nodes -out /etc/ssl/cert.crt -keyout /etc/ssl/cert.key \
  -subj "/C=/ST=/L=/O=/OU=/CN="
$sudo chmod o+r /etc/ssl/cert.key

echo "Setting up Apache HTTP Server"
if [[ $distro == "Arch" ]]; then
  $sudo cp $run_directory/apache-sites/scanservjs.conf /etc/apache2/sites-available/scanservjs.conf
  $sudo a2dissite 000-default
  $sudo a2ensite scanservjs
  $sudo a2enmod ssl proxy proxy_http proxy_http2
fi
if [[ $distro == "Arch" ]]; then
  $sudo cp $run_directory/apache-sites/scanservjs.conf /etc/httpd/conf/scanservjs.conf
  $sudo sed -i -e "s/#ServerName www.example.com:80/#ServerName www.example.com:80\nServerName mn2.hr.kto.black/g" \
    /etc/httpd/conf/httpd.conf
  $sudo sed -i -e "s:#LoadModule ssl_module modules/mod_ssl.so:LoadModule ssl_module modules/mod_ssl.so:g" \
    /etc/httpd/conf/httpd.conf
  $sudo sed -i -e "s:#LoadModule socache_shmcb_module modules/mod_socache_shmcb.so:LoadModule socache_shmcb_module modules/mod_socache_shmcb.so:g" \
    /etc/httpd/conf/httpd.conf
  $sudo sed -i -e "s/Listen 80/Listen 443/g" /etc/httpd/conf/httpd.conf
  $sudo sed -i -e "s:#LoadModule proxy_module modules/mod_proxy.so:LoadModule proxy_module modules/mod_proxy.so:g" \
    /etc/httpd/conf/httpd.conf
  $sudo sed -i -e "s:#LoadModule proxy_http_module modules/mod_proxy_http.so:LoadModule proxy_http_module modules/mod_proxy_http.so:g" \
    /etc/httpd/conf/httpd.conf
  $sudo sed -i -e "s:#LoadModule proxy_balancer_module modules/mod_proxy_balancer.so:LoadModule proxy_balancer_module modules/mod_proxy_balancer.so:g" \
    /etc/httpd/conf/httpd.conf
  $sudo sed -i -e "s:#LoadModule proxy_hcheck_module modules/mod_proxy_hcheck.so:LoadModule proxy_hcheck_module modules/mod_proxy_hcheck.so:g" \
    /etc/httpd/conf/httpd.conf
  $sudo sed -i -e "s:#LoadModule watchdog_module modules/mod_watchdog.so:LoadModule watchdog_module modules/mod_watchdog.so:g" \
    /etc/httpd/conf/httpd.conf
  $sudo bash -c 'echo "Include conf/scanservjs.conf" >> /etc/httpd/conf/httpd.conf'
  $sudo systemctl enable --now httpd.service
fi

# TODO add a firewall rule to prevent access to http:8080 from other than local

exit 0