#!/usr/bin/env bash

hascmd() { command -v "$@" &>/dev/null; }
xsudo() {
    if (( EUID == 0 )); then
        eval "$@"
        return $?
    else
        if hascmd sudo; then
            sudo -- "$@"
            return $?
        elif hascmd su; then
            su -c "$*"
            return $?
        else
            >&2 echo -e "\n [!!!] ERROR: Neither sudo nor su appear to be available, and you're not root! Cannot run: $*"
            >&2 echo -e "  [!!!] PLEASE RUN THIS SCRIPT AS ROOT! \n"
            return 99
        fi
    fi
}

xupdate() {
    if hascmd apt; then
        xsudo apt update -qy
    elif hascmd dnf; then
        xsudo dnf update -y
    elif hascmd yum; then
        xsudo yum update -y
    elif hascmd pacman; then
        xsudo pacman -Sy
    elif hascmd apk; then
        xsudo apk update
    else
        >&2 echo -e " [!!!] Cannot detect package manager. Cannot update repos."
        return 99
    fi
}

xinstall() {
    if hascmd apt; then
        xsudo apt install -y "$@"
    elif hascmd dnf; then
        xsudo dnf install -y "$@"
    elif hascmd yum; then
        xsudo yum install -y "$@"
    elif hascmd pacman; then
        xsudo pacman -Sy "$@"
    elif hascmd apk; then
        xsudo apk add "$@"
    else
        >&2 echo -e " [!!!] Cannot detect package manager. Cannot install: $*"
        return 99
    fi
}
hasuser() {
    local u="$1"
    grep -Eq "^${u}:" /etc/passwd
}
hasgroup() {
    local u="$1"
    grep -Eq "^${u}:" /etc/group
}

if ! hascmd curl && ! hascmd wget; then
    xupdate
    xinstall wget
    xinstall curl
fi

xdownload() {
    ZARGS=()
    if [[ "$1" == "-4" || "$1" == "-6" ]]; then
        ZARGS+=("$1"); shift
    fi
    local srcfile="$1" dstfile="-" ZARGS
    (( $# > 1 )) && dstfile="$2"
    if hascmd wget; then
        wget -q -O "$dstfile" "$srcfile"
        return $?
    elif hascmd curl; then
        if [[ "$dstfile" == "-" ]] || [[ -z "$dstfile" ]]; then
            curl -fsSL "$srcfile"
            return $?
        else
            curl -fsSL "$srcfile" > "$dstfile"
            return $?
        fi
    fi
    >&2 echo -e "\n [!!!] ERROR: Neither wget nor curl appear to be available... Cannot download $srcfile to $dstfile"
}

if ! [[ -f /etc/apt/sources.list.d/privex.list ]]; then
    xdownload https://apt.privex.io/add-repo.sh | bash
fi


if ! xsudo ls > /dev/null; then
    exit 99
fi

msg() { echo -e "$@"; }
msgerr() { >&2 msg "$@"; }
export DEBIAN_FRONTEND=noninteractive

msg "\n >>> Running apt update ...\n"

xupdate


msg "
-----------------------------------------------------------------------------------------------

>>> Installing ipfs + ipfs-cluster + pvx-caddy...

-----------------------------------------------------------------------------------------------
"

xinstall ipfs ipfs-cluster pvx-caddy
msg "
-----------------------------------------------------------------------------------------------

>>> Installing squid + squid-cgi + squidclient + squid-common

-----------------------------------------------------------------------------------------------
"

xinstall squid
xinstall squidclient
xinstall squid-common
xinstall squid-cgi

if ! hasuser proxy; then
    xsudo adduser --system --gecos "" --home "/var/spool/proxy" --disabled-password proxy
fi

hasgroup proxy || xsudo groupadd proxy
hasgroup www-data || xsudo groupadd www-data

xsudo gpasswd -a proxy proxy
xsudo gpasswd -a proxy www-data
xsudo gpasswd -a proxy adm
xsudo gpasswd -a www-data proxy
if hasuser squid; then
    if hasgroup squid; then
        xsudo gpasswd -a squid squid
        xsudo gpasswd -a proxy squid
    fi
    xsudo gpasswd -a squid proxy
    xsudo gpasswd -a squid www-data
fi

xsudo tee /etc/systemd/system/squid.service.d/override.conf <<EOF
[Service]
User=proxy
Group=www-data

EOF
[[ -d /var/spool/squid ]] || mkdir -p /var/spool/squid
[[ -d /var/cache/squid ]] || mkdir -p /var/cache/squid
[[ -d /var/log/squid ]] || mkdir -p /var/log/squid
[[ -f /var/run/squid.pid ]] || touch /var/run/squid.pid

chown -R proxy:www-data /var/spool/squid /var/log/squid /var/cache/squid /var/run/squid.pid

#xsudo sudo -H -u ipfs -- ipfs config --json Bootstrap '["/dnsaddr/bootstrap.libp2p.io/p2p/QmNnooDu7bfjPFoTZYxMNLWUQJyrVwtbZg5gBMjTezGAJN","/dnsaddr/bootstrap.libp2p.io/p2p/QmQCU2EcMqAqQPR2i9bChDtGNJchTbq5TbXJJ16u19uLTa","/dnsaddr/bootstrap.libp2p.io/p2p/QmbLHAnMoJPWSCR5Zhtx6BHJX9KiKNN6tpvbUcqanj75Nb","/dnsaddr/bootstrap.libp2p.io/p2p/QmcZf59bWwK5XFi76CZX8cbJ4BhTzzA3gU1ZjYZcYW3dwt","/ip4/104.131.131.82/tcp/4001/p2p/QmaCpDMGvV2BGHeYERUEnRQAwe3N8SzbUtfsmvsqQLuvuJ","/ip4/104.131.131.82/udp/4001/quic/p2p/QmaCpDMGvV2BGHeYERUEnRQAwe3N8SzbUtfsmvsqQLuvuJ","/dns4/se1-filesrv-new.privex.bz/tcp/4001/p2p/12D3KooWJnrTQgRjv1VNsdcwJPym4sVcF8eNbECyqYXidd455fEr","/dns6/se1-filesrv-new.privex.bz/tcp/4001/p2p/12D3KooWJnrTQgRjv1VNsdcwJPym4sVcF8eNbECyqYXidd455fEr","/dns4/cust06.se1.privex.cc/tcp/4001/p2p/12D3KooWLMyLSQgQ1Y6RmtCZAQge6FwQTnLZkMRuUa6wgwajGqav","/dns6/cust06.se1.privex.cc/tcp/4001/p2p/12D3KooWLMyLSQgQ1Y6RmtCZAQge6FwQTnLZkMRuUa6wgwajGqav","/dns4/fin1.files.privex.io/tcp/4001/p2p/12D3KooWQBYACq2A8XeeiZWiHhp2TkqK9RLyJtpFoby3pJYP3uTf","/dns6/fin1.files.privex.io/tcp/4001/p2p/12D3KooWQBYACq2A8XeeiZWiHhp2TkqK9RLyJtpFoby3pJYP3uTf","/dns4/se1.files.privex.io/tcp/4001/p2p/12D3KooWJxi43jwEV8WKvPRJtiGi89UXRDyYgDyHtbHZNG8FvNnS","/dns6/se1.files.privex.io/tcp/4001/p2p/12D3KooWJxi43jwEV8WKvPRJtiGi89UXRDyYgDyHtbHZNG8FvNnS","/dns4/de1.files.privex.io/tcp/4001/p2p/12D3KooWJefeaXhgJGmxzcqFq9twQASbt9Fuc2Ez7MRgrcpt3aLu","/dns6/de1.files.privex.io/tcp/4001/p2p/12D3KooWJefeaXhgJGmxzcqFq9twQASbt9Fuc2Ez7MRgrcpt3aLu"]'

#xsudo sudo -H -u ipfs -- ipfs config --json Peering.Peers '[{"ID":"QmcfgsJsMtx6qJb74akCw1M24X1zFwgGo11h1cuhwQjtJP","Addrs":["/ip6/2606:4700:60::6/tcp/4009","/ip4/172.65.0.13/tcp/4009"]},{"ID":"QmWaik1eJcGHq1ybTWe7sezRfqKNcDRNkeBaLnGwQJz1Cj","Addrs":["/dnsaddr/fra1-1.hostnodes.pinata.cloud"]},{"ID":"QmNfpLrQQZr5Ns9FAJKpyzgnDL2GgC6xBug1yUZozKFgu4","Addrs":["/dnsaddr/fra1-2.hostnodes.pinata.cloud"]},{"ID":"QmUEMvxS2e7iDrereVYc5SWPauXPyNwxcy9BXZrC1QTcHE","Addrs":["/dns/cluster0.fsn.dwebops.pub"]},{"ID":"QmNSYxZAiJHeLdkBg38roksAR9So7Y5eojks1yjEcUtZ7i","Addrs":["/dns/cluster1.fsn.dwebops.pub"]},{"ID":"12D3KooWCRscMgHgEo3ojm8ovzheydpvTEqsDtq7Vby38cMHrYjt","Addrs":["/dns4/nft-storage-am6.nft.dwebops.net/tcp/18402"]},{"ID":"12D3KooWQcgCwNCTYkyLXXQSZuL5ry1TzpM8PRe9dKddfsk1BxXZ","Addrs":["/dns4/nft-storage-sv15.nft.dwebops.net/tcp/18402"]},{"ID":"QmR69wtWUMm1TWnmuD4JqC1TWLZcc8iR2KrTenfZZbiztd","Addrs":["/ip4/104.210.43.77"]},{"ID":"12D3KooWLMyLSQgQ1Y6RmtCZAQge6FwQTnLZkMRuUa6wgwajGqav","Addrs":["/dns4/cust06.se1.privex.cc/tcp/4001","/dns6/cust06.se1.privex.cc/tcp/4001"]},{"ID":"12D3KooWQBYACq2A8XeeiZWiHhp2TkqK9RLyJtpFoby3pJYP3uTf","Addrs":["/dns4/fin1.files.privex.io/tcp/4001","/dns6/fin1.files.privex.io/tcp/4001"]},{"ID":"12D3KooWJnrTQgRjv1VNsdcwJPym4sVcF8eNbECyqYXidd455fEr","Addrs":["/dns4/se1-filesrv-new.privex.bz/tcp/4001","/dns6/se1-filesrv-new.privex.bz/tcp/4001"]},{"ID":"12D3KooWJefeaXhgJGmxzcqFq9twQASbt9Fuc2Ez7MRgrcpt3aLu","Addrs":["/dns4/de1.files.privex.io/tcp/4001","/dns6/de1.files.privex.io/tcp/4001"]}]'

msg "
-----------------------------------------------------------------------------------------------

>>> Detecting your external IPv4 / IPv6 address 

-----------------------------------------------------------------------------------------------
"


EXT_V4="$(xdownload -4 https://myip.privex.io/flat/)"
EXT_V6="$(xdownload -6 https://myip.privex.io/flat/)"
REV_IP="127.0.0.1"


msg "
-----------------------------------------------------------------------------------------------

Detected IPv4: $EXT_V4
Detected IPv6: $EXT_V6

-----------------------------------------------------------------------------------------------
"

if [[ -n "$EXT_V6" ]]; then
    msg " >>> Looks like you have a public IPv6. Setting IPFS gateway to use all available IPv6 addresses."
    xsudo su -c 'ipfs config --json Addresses.Gateway '"/ip6/::/tcp/8080"'' ipfs
    REV_IP="[$EXT_V6]"
fi
msg "
-----------------------------------------------------------------------------------------------

>>> Generating  /etc/caddy/Caddyfile 

-----------------------------------------------------------------------------------------------
"

xsudo tee /etc/caddy/Caddyfile <<EOF

{
    order cgi last
}

*.ipcdn.privex.io {
    route /squid/mgr/* {
        cgi * /usr/lib/cgi-bin/cachemgr.cgi
    }
    route /squid/mgr {
        cgi * /usr/lib/cgi-bin/cachemgr.cgi
    }
    route {
        reverse_proxy ${REV_IP}:8085 {
            header_up X-Real-IP {remote_host}
            header_up X-Forwarded-For {remote_host}
            header_up Host ipcdn.privex.io
        }
    }
    tls {
        on_demand
    }
}

*.ipfs.privex.io {
    route /squid/mgr/* {
        cgi * /usr/lib/cgi-bin/cachemgr.cgi
    }
    route /squid/mgr {
        cgi * /usr/lib/cgi-bin/cachemgr.cgi
    }
    route {
        reverse_proxy ${REV_IP}:8085 {
            header_up X-Real-IP {remote_host}
            header_up X-Forwarded-For {remote_host}
            header_up Host ipfs.privex.io
        }
    }
    tls {
        on_demand
    }
}

:443 {
    reverse_proxy ${REV_IP}:8085 {
        header_up X-Real-IP {remote_host}
        header_up X-Forwarded-For {remote_host}
    }
    tls {
        on_demand
    }
}

EOF

msg "
-----------------------------------------------------------------------------------------------

>>> Installing Pyrewall firewall + downloading base config into /etc/pyrewall/rules.pyre

-----------------------------------------------------------------------------------------------
"

msg " >>> Installing pyrewall package from pip ..."

(( EUID )) && xsudo -H pip3 install -U pyrewall || pip3 install -U pyrewall

msg " >>> Auto-created /etc/pyrewall folder + downloading rules.pyre file..."

xsudo mkdir -pv /etc/pyrewall

if ! [[ -f /etc/pyrewall/rules.pyre ]]; then
    xdownload https://cdn.privex.io/extras/configs/rules.pyre | xsudo tee /etc/pyrewall/rules.pyre
fi

msg " >>> Installing pyrewall.service"
xsudo pyre install_service
msg " >>> Enabling pyrewall.service"
xsudo systemctl enable pyrewall
msg " >>> Restarting pyrewall.service"
xsudo systemctl restart pyrewall

msg " >>> Installing .pyre syntax highlighting for Vim (${HOME}/.vim)"
mkdir -p "${HOME}/.vim/syntax"
cd "${HOME}/.vim/syntax"
xdownload https://raw.githubusercontent.com/Privex/pyrewall-syntax-highlighters/master/Vim/pyrewall.vim pyrewall.vim
if ! grep -q 'pyrewall' "${HOME}/.vimrc"; then
    echo "autocmd BufNewFile,BufRead *.pyre set syntax=pyrewall" >> "${HOME}/.vimrc"
fi

msg " >>> Installing .pyre syntax highlighting for Vim (/etc/vim)"
xsudo mkdir -p /etc/vim/syntax
cd /etc/vim/syntax
xdownload https://raw.githubusercontent.com/Privex/pyrewall-syntax-highlighters/master/Vim/pyrewall.vim | xsudo tee pyrewall.vim

if ! grep -q 'pyrewall' "/etc/vim/vimrc.local"; then
    echo "autocmd BufNewFile,BufRead *.pyre set syntax=pyrewall" | xsudo tee -a "/etc/vim/vimrc.local"
fi

msg "
-----------------------------------------------------------------------------------------------

>>> Adding ipfs-gw to /etc/hosts + configuring Squid caching proxy server 

-----------------------------------------------------------------------------------------------
"

if [[ -z "$EXT_V6" ]]; then
    echo "127.0.0.1    ipfs-gw" | xsudo tee -a /etc/hosts
else
    echo "$EXT_V6    ipfs-gw" | xsudo tee -a /etc/hosts
fi

xdownload https://cdn.privex.io/extras/configs/squid-ipfs.conf | xsudo tee /etc/squid/conf.d/privex.conf

msg " >>> Enabling + restarting squid service ..."

xsudo systemctl enable squid
xsudo systemctl restart squid

msg "\n +++ FINISHED. +++\n"

msg "

Check Caddy, Squid, and IPFS's status:

    systemctl status caddy
    systemctl status ipfs
    systemctl status squid

Test your Caddy + Squid setup by requesting a domain:

	curl -k -H 'Host: ipcdn.privex.io' https://${REV_IP}

"