#!/bin/bash

echo "For the following, please only use digits, UPPERCASE and lowercase."

echo -n "Please provide a root password for your MariaDB: "
read sqlrootpass
echo -n "Please provide a name for the Nextcloud database: "
read dbname
echo -n "Please provide a user for the Nextcloud database: "
read dbuser
echo -n "Please provide a password for the Nextcloud database: "
read dbpass
echo -n "Please provide a name for the Nextcloud admin user: "
read adminuser
echo -n "Please provide a password for the Nextcloud admin user: "
read adminpass





## First we update the server

apt update && apt -y upgrade

## Now install some basic tools:
##  curl    - Tool for doing advanced http calls etc. Useful for working with APIs.
##  wget    - Tool for doing http downloads.
##  apache2 - Web Server
##  extrepo - Tool for automatic configuration of external repos for Debian
##  unzip   - Needed to extract the Nextcloud zip file

apt -y install curl wget apache2 unzip sudo

## Now we enable Sury for installing the very latest PHP files

curl -sSL https://packages.sury.org/php/README.txt | bash -x && apt update

## Now we install PHP 8.3 and required modules

apt -y install php8.3-{ctype,curl,dom,gd,common,mysql,mbstring,opcache,posix,simplexml,xmlreader,xmlwriter,xmlrpc,xml,cli,zip,bz2,fpm,intl,ldap,smbclient,ftp,imap,bcmath,gmp,exif,apcu,memcached,redis,imagick} libapache2-mod-php8.3 libapache2-mod-fcgid libxml2

## Configure Apache2 and PHP8.3

systemctl stop apache2
a2dismod php8.3
a2dismod mpm_prefork
a2enmod mpm_event proxy proxy_fcgi setenvif rewrite
a2enconf php8.3-fpm
systemctl restart apache2
cp /etc/apache2/apache2.conf /etc/apache2/apache2.conf.original
linenum=$(cat /etc/apache2/apache2.conf | grep -n '<Directory /var/www/>' | cut -d: -f1)
until sed -n "${linenum}p" /etc/apache2/apache2.conf | grep "AllowOverride"> /dev/null; do
  ((linenum++))
done
sed -i "${linenum}s/\bNone\b/All/" /etc/apache2/apache2.conf
systemctl restart apache2

## Set optimal settings for PHP to make Nextcloud happy...

echo "max_execution_time = 240" >> /etc/php/8.3/fpm/conf.d/99-nextcloud.ini
echo "memory_limit = 512M" >> /etc/php/8.3/fpm/conf.d/99-nextcloud.ini
echo "post_max_size = 512M" >> /etc/php/8.3/fpm/conf.d/99-nextcloud.ini
echo "upload_max_filesize = 2048M" >> /etc/php/8.3/fpm/conf.d/99-nextcloud.ini
echo "[opcache]" >> /etc/php/8.3/fpm/conf.d/99-nextcloud.ini
echo "opcache.enable=1" >> /etc/php/8.3/fpm/conf.d/99-nextcloud.ini
echo "opcache.memory_consumption=1024" >> /etc/php/8.3/fpm/conf.d/99-nextcloud.ini
echo "opcache.interned_strings_buffer=128" >> /etc/php/8.3/fpm/conf.d/99-nextcloud.ini
echo "opcache.max_accelerated_files=50000" >> /etc/php/8.3/fpm/conf.d/99-nextcloud.ini
echo "opcache.validate_timestamps=0" >> /etc/php/8.3/fpm/conf.d/99-nextcloud.ini
echo "opcache.revalidate_freq=60" >> /etc/php/8.3/fpm/conf.d/99-nextcloud.ini
echo "opcache.save_comments=1" >> /etc/php/8.3/fpm/conf.d/99-nextcloud.ini
systemctl restart php8.3-fpm.service

## Let's install MariaDB

apt -y install mariadb-server mariadb-client

## Time to harden MariaDB

systemctl enable mariadb
systemctl start mariadb
echo "UPDATE mysql.global_priv SET priv=json_set(priv, '$.password_last_changed', UNIX_TIMESTAMP(), '$.plugin', 'mysql_native_password', '$.authentication_string', 'invalid', '$.auth_or', json_array(json_object(), json_object('plugin', 'unix_socket'))) WHERE User='root';" | mysql
echo "FLUSH PRIVILEGES;" | mysql
echo "UPDATE mysql.global_priv SET priv=json_set(priv, '$.plugin', 'mysql_native_password', '$.authentication_string', PASSWORD('basic_single_escape \"$sqlrootpass\"')) WHERE User='root';" | mysql
echo "DELETE FROM mysql.global_priv WHERE User='';" | mysql
echo "DELETE FROM mysql.global_priv WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1');" | mysql
echo "DROP DATABASE IF EXISTS test;" | mysql
echo "DELETE FROM mysql.db WHERE Db='test' OR Db='test\\_%'" | mysql
echo "FLUSH PRIVILEGES;" | mysql

## Let's setup the database for Nextcloud

echo "CREATE DATABASE $dbname; CREATE USER $dbuser@localhost IDENTIFIED BY '$dbpass'; GRANT ALL PRIVILEGES ON $dbname.* TO $dbuser@localhost; FLUSH PRIVILEGES;" | mysql

## Let's add support for SVG files...

apt -y install librsvg2-bin
sed -i 's|</policymap>|  <policy domain="coder" rights="none" pattern="SVG" />\n</policymap>|' /etc/ImageMagick-6/policy.xml
apt -y install libmagickcore-6.q16-6-extra
systemctl restart apache2

## Let's install Redis Server to manage file locking...

apt -y install redis-server
systemctl start redis-server
systemctl enable redis-server

### Let's install APCu...

#apt -y install php-dev php-pear build-essential
#pecl install apcu
#systemctl restart apache2
#systemctl restart php8.3-fpm
#echo "[apcu]" >> /etc/php/8.3/fpm/conf.d/99-nextcloud.ini
#echo "apc.enabled=1" >> /etc/php/8.3/fpm/conf.d/99-nextcloud.ini
#echo "apc.shm_size=32M" >> /etc/php/8.3/fpm/conf.d/99-nextcloud.ini
#echo "apc.ttl=3600" >> /etc/php/8.3/fpm/conf.d/99-nextcloud.ini
#echo "apc.enable_cli=1" >> /etc/php/8.3/fpm/conf.d/99-nextcloud.ini
#systemctl restart php8.3-fpm

## Time to download the latest copy of Nextcloud

wget https://download.nextcloud.com/server/releases/latest.zip

## Unzip files to /var/www/html

unzip latest.zip -d /var/www/
rm -R /var/www/html
mv /var/www/nextcloud /var/www/html
chown -R www-data:www-data /var/www/html

## Let's create a safe place for your files

mkdir /home/nextcloudfiles
chown -R www-data:www-data /home/nextcloudfiles

## Let's do the web install without a browser

cd /var/www/html
echo "Installing Nextcloud..."
sudo -u www-data php occ maintenance:install --database="mysql" --database-host="localhost" --database-name="$dbname" --database-user="$dbuser" --database-pass="$dbpass" --admin-user="$adminuser" --admin-pass="$adminpass" --data-dir="/home/nextcloudfiles"

## Configuring Nextcloud

cp /var/www/html/config/config.php /var/www/html/config/config.php.original
echo "Configuring Trusted Domains..."
sudo -u www-data php occ config:system:set trusted_domains 0 --value="*"
echo "Configuring maintenance window..."
sudo -u www-data php occ config:system:set maintenance_window_start --type=integer --value=1
echo "Configuring debug mode off..."
sudo -u www-data php occ config:system:set debug --type=boolean --value=false
echo "Configuring local memcache as APCu..."
sudo -u www-data php occ config:system:set memcache.local --type=string --value="\OC\Memcache\APCu"
echo "Configuring locking memcache as Redis..."
sudo -u www-data php occ config:system:set memcache.locking --type=string --value="\OC\Memcache\Redis"
sudo -u www-data php occ config:system:set redis host --type=string --value=localhost
sudo -u www-data php occ config:system:set redis port --type=integer --value=6379
sudo -u www-data php occ config:system:set redis timeout --type=float --value=0.0
echo "Configuring crontab..."
( crontab -u www-data -l 2>/dev/null; echo '*/5 * * * * php -f /var/www/html/cron.php' ) | crontab -u www-data -
echo "Unabling cron for background jobs..."
sudo -u www-data php occ background:cron
echo "Running a full install check and repair..."
sudo -u www-data php occ maintenance:repair --include-expensive

## Let's make a script so you can use the occ CLI tool from anywhere on your server

echo "Creating a global script to allow occ CLI tool to be access from anywhere on the server..."
echo -e '#!/bin/bash\n\ncd /var/www/html\nsudo -u www-data php occ $@' > /usr/bin/occ && chmod +x /usr/bin/occ

## Clean up time...

echo "Cleaning up..."
apt -y autoremove

## DONE
echo
echo
echo
echo "You can now configure your networking for static IP, but what I do,"
echo "is assign a static IP by using DHCP reservation in my Router. You"
echo "can forward port 80 on your router if you want outside access."
echo
echo "To use the occ CLI tool you can simply type occ from any localtion"
echo "on the terminal."
echo
echo "Your user files are in the folder /home/nextcloudfiles"
echo
echo "To log on to your server point your browser to http://ipaddress"
echo "  Admin Username : $adminuser"
echo "  Admin Password : $adminpass"
echo
echo "Don't forget to give your Admin User a valid email address on the"
echo "profile page, or you will not be able to configure the mail server"
echo "settings. For the settings to be saved a test mail has to be sent"
echo "to the email address associated with the Admin User."
echo
echo "If you have any issues, DM me on Reddit u/thisiszeev"