#!/bin/bash

if [ "${EUID}" -ne 0 ]; then
  echo "This script must be run as root"
  exit
fi

# check for Ubuntu 20.04
if ! grep -q "Ubuntu 20.04" /etc/issue; then
  echo "This installer is only tested on Ubuntu 20.04. If you are on a"
  echo "different version of Ubuntu or a Debian/Debian based distro"
  echo "and want to try running this installer open this script and"
  echo "comment out the exit command below this line and re-run."
  exit
fi

# check if install is already in place
if [ -f "/etc/vmail.conf" ] || [ -d "/var/vmail/" ]; then
  echo "vmail-stack is already installed, bailing out."
  exit
fi

# check for existing server software installs
if [ -d "/etc/apache2/" ] || [ -d "/etc/php/" ] || [ -d "/etc/exim4/" ] || [ -d "/etc/spamassassin/" ] || [ -d "/etc/dovecot/" ]; then
  echo "One or more of the required server software packages are already"
  echo "installed. This script expects to be run on a new server install"
  echo "that does not have any mail server software installed yet. If you"
  echo "wish to proceed with the install anyway it is recommend to work"
  echo "through this install script manually running commands one line at"
  echo "a time as needed so as to not overwrite any existing configurations."
  echo ""
  echo "If you want to force the installer to run anyway simply comment out"
  echo "the exit command that appears immediately below this line and re-run."
  exit
fi

# install pwgen, used to create randmo passwords
apt -y install pwgen

# install mariadb (mysql)
if [ ! -d "/etc/mysql/" ]; then

  MARIADBPWORD=`pwgen 12 1`
  apt -y install mariadb-client mariadb-server
  # record the initial root password
  echo "#[client]" > /root/.my.cnf
  echo "#password=$MARIADBPWORD" >> /root/.my.cnf
  echo '!include /etc/mysql/debian.cnf' >> /root/.my.cnf
  chmod 600 /root/.my.cnf
  mysql -e "SET PASSWORD FOR 'root'@'localhost' = PASSWORD('$MARIADBPWORD');"
  sed -i "s|password = |password = $MARIADBPWORD|g" /etc/mysql/debian.cnf
  mysql -e "CREATE USER 'nagios'@'localhost' IDENTIFIED WITH mysql_native_password AS '';"
  mysqladmin flush-privileges

fi

# create vmail user & db
mysqladmin create vmail
mysql vmail < vmail.sql
VMAILPASS=`pwgen -1 12`
mysql -e "CREATE USER 'vmail'@'localhost' IDENTIFIED BY '$VMAILPASS';"
mysql -e "GRANT ALL PRIVILEGES ON vmail.* TO 'vmail'@'localhost';"
mysqladmin flush-privileges

# install apache
if [ ! -d "/etc/apache2/" ]; then
  apt -y install apache2
fi
cp etc/apache2/conf-available/vmail_macro.conf /etc/apache2/conf-available/vmail_macro.conf
chmod 644 /etc/apache2/conf-available/vmail_macro.conf
a2enmod macro
a2enconf vmail_macro

# install php
apt -y install php-fpm php-cli php-gd php-imagick php-imap php-intl php-mysql php-pspell php-zip
a2enconf php7.4-fpm
sed -i "s|post_max_size = 8M|post_max_size = 256M|g" /etc/php/7.4/fpm/php.ini
sed -i "s|upload_max_filesize = 2M|upload_max_filesize = 256M|g" /etc/php/7.4/fpm/php.ini
sed -i "s|pm = dynamic|pm = ondemand|g" /etc/php/7.4/fpm/pool.d/www.conf

# install mail server software
apt -y install exim4-daemon-heavy spf-tools-perl spamassassin libclass-dbi-mysql-perl dovecot-core dovecot-imapd dovecot-mysql dovecot-pop3d dovecot-lmtpd

# configure system users
usermod -a -G ssl-cert Debian-exim
useradd --create-home --home-dir /var/vmail --shell /usr/sbin/nologin --system --user-group vmail

# configure vmail user .my.cnf for db access
install --owner=vmail --group=vmail --mode=640 /dev/null /var/vmail/.my.cnf
echo "[client]" > /var/vmail/.my.cnf
echo "host     = localhost" >> /var/vmail/.my.cnf
echo "database = vmail" >> /var/vmail/.my.cnf
echo "user     = vmail" >> /var/vmail/.my.cnf
echo "password = $VMAILPASS" >> /var/vmail/.my.cnf
echo "socket   = /var/run/mysqld/mysqld.sock" >> /var/vmail/.my.cnf

# configure vmail dirs
chmod 750 /var/vmail/
if [ ! -d "/etc/ssl/dkim" ]; then
  mkdir /etc/ssl/dkim
fi
chown Debian-exim:ssl-cert /etc/ssl/dkim
chmod 750 /etc/ssl/dkim

# spamassassin config
sed -i "s|userpref|sa_userpref|g" /usr/share/doc/spamassassin/sql/userpref_mysql.sql
sed -i "s|username varchar(100)|username varchar(255)|g" /usr/share/doc/spamassassin/sql/userpref_mysql.sql
sed -i "s|TYPE=MyISAM||g" /usr/share/doc/spamassassin/sql/userpref_mysql.sql
mysql vmail < /usr/share/doc/spamassassin/sql/userpref_mysql.sql
sed -i 's|OPTIONS="--create-prefs --max-children 5 --helper-home-dir"|OPTIONS="-x -q -v -u Debian-exim -m 5"|g' /etc/default/spamassassin
sed -i 's|CRON=0|CRON=1|g' /etc/default/spamassassin
cp etc/spamassassin/*.cf /etc/spamassassin/
sed -i "s|user_scores_sql_password         password|user_scores_sql_password         $VMAILPASS|g" /etc/spamassassin/sql.cf
chown root:root /etc/spamassassin/local.cf
chmod 644 /etc/spamassassin/local.cf
chown debian-spamd:mail /etc/spamassassin/sql.cf
chmod 640 /etc/spamassassin/sql.cf

# exim config
sed -i 's/size 10M/daily/g' /etc/logrotate.d/exim4-paniclog
install --owner=Debian-exim --group=Debian-exim --mode=640 /dev/null /etc/exim4/relay_domains
cp etc/exim4/* /etc/exim4/
chmod 640 /etc/exim4/exim4.conf
chown Debian-exim:Debian-exim /etc/exim4/autowhitelist.filter
chmod 640 /etc/exim4/autowhitelist.filter
chown Debian-exim:Debian-exim /etc/exim4/return-resender.sh
chmod 640 /etc/exim4/return-resender.sh
chown Debian-exim:Debian-exim /etc/exim4/skip_greylisting_hosts
chmod 640 /etc/exim4/skip_greylisting_hosts
sed -i "s|password|$VMAILPASS|g" /etc/exim4/exim_local.conf

# dovecot config
mkdir /etc/dovecot/sites.d
cp -a etc/dovecot/* /etc/dovecot/
chgrp dovecot /etc/dovecot/dovecot-sql.conf.ext
chmod 640 /etc/dovecot/dovecot-sql.conf.ext
sed -i "s|password=password|password=$VMAILPASS|g" /etc/dovecot/dovecot-sql.conf.ext
cp -a libexec/vmail-quota-warning.sh /usr/libexec/
chmod 750 /usr/libexec/vmail-quota-warning.sh
chown dovecot:mail /usr/libexec/vmail-quota-warning.sh

# restart services
systemctl enable spamassassin
systemctl restart spamassassin
systemctl restart exim4
systemctl restart php7.4-fpm
systemctl restart apache2
systemctl restart dovecot

chmod 755 bin/*
cp bin/* /usr/local/bin/

# download and install roundcubemail
cd /usr/local/src/
wget --continue --quiet https://github.com/roundcube/roundcubemail/releases/download/1.4.11/roundcubemail-1.4.11-complete.tar.gz
tar zxf roundcubemail-1.4.11-complete.tar.gz
cd roundcubemail-1.4.11
pwd
# apache_document_root=`apachectl -t -D DUMP_RUN_CFG|grep DocumentRoot|cut -d \" -f 2`
# config
#   change product_name as desired
#   change support_url
# bin/initdb.sh
#
#
# # set webmail password
# sed -i "s|vmail:password@localhost|vmail:$VMAILPASS@localhost|g" /var/www/html/webmail/config/config.inc.php
# sed -i "s|vmail:password@localhost|vmail:$VMAILPASS@localhost|g" /var/www/html/webmail/plugins/sauserprefs/config.inc.php
#
#
#
# notes about firewalls