#!/bin/sh
#
# Configuration for an Iciniga2 master (with icingaweb2, director, and mysql backend)

ido_user="icinga2"
ido_password="changeme"

icingaweb2_user="icingaweb2"
icingaweb2_password="changeme"

director_user="director"
director_password="changeme"

admin_user="admin"
admin_password="changeme"

websrv="nginx"
#websrv="apache"

# Install packages
apt install -y icinga2 icingaweb2 icinga2-ido-mysql icingaweb2-module-director \
			   monitoring-plugins monitoring-plugins-contrib default-mysql-server

[ "$websrv" = "nginx" ] && apt install -y nginx || apt install -y apache2

# Secure mysql
mysql_secure_installation

# Create primary monitoring database
echo "Creating IDO database..."
mysql -u root -e "CREATE DATABASE icinga2; GRANT SELECT, INSERT, UPDATE, DELETE, DROP, CREATE VIEW, INDEX, EXECUTE ON icinga2.* TO '$ido_user'@'localhost' IDENTIFIED BY '$ido_password'; FLUSH PRIVILEGES;"
mysql -u root icinga2 </usr/share/icinga2-ido-mysql/schema/mysql.sql
echo "library \"db_ido_mysql\"
object IdoMysqlConnection \"ido-mysql\" {
  user = \"$ido_user\",
  password = \"$ido_password\",
  host = \"localhost\",
  database = \"icinga2\"
}" > /etc/icinga2/features-available/ido-mysql.conf
icinga2 feature enable ido-mysql

# Create icingaweb2 database
echo "Creating icingaweb2 database..."
mysql -u root -e "CREATE DATABASE icingaweb2;GRANT ALL ON icingaweb2.* TO '$icingaweb2_user'@'localhost' IDENTIFIED BY '$icingaweb2_password'; FLUSH PRIVILEGES;"
mysql icingaweb2 </usr/share/icingaweb2/etc/schema/mysql.schema.sql
# Create initial admin user to login to icingaweb2
passhash="$(php -r "echo password_hash(\"$admin_password\", PASSWORD_DEFAULT);")"
mysql -u root -e "USE icingaweb2; INSERT INTO icingaweb_user (name, active, password_hash) VALUES (\"$admin_user\", 1, \"$passhash\"); FLUSH PRIVILEGES;"

# Create director database
echo "Creating director database..."
mysql -u root -e "CREATE DATABASE director CHARACTER SET 'utf8'; GRANT ALL on director.* TO '$director_user'@'localhost' IDENTIFIED BY '$director_password';FLUSH PRIVILEGES;"

# Setup API
echo "Setting up API..."
icinga2 api setup

# Restart service
systemctl restart icinga2

# Configure web server
websrv=
webstr=
[ $websrv = "apache" ] && webstr="apache2"
[ $websrv = "nginx" ] && webstr="nginx"
sitefile="/etc/$webstr/sites-available/icingaweb2.conf"
icingacli module enable setup
icingacli setup config directory 
if [ "$websrv" = "nginx" ]; then
	apt install -y php-fpm
	echo "server {\nlisten 80;" > $sitefile
	icingacli setup config webserver $websrv --fpm-uri unix:/var/run/php/php-fpm.sock >> $sitefile
	echo "}" >> $sitefile
else
	icingacli setup config webserver $websrv >> $sitefile
fi
ln -s $sitefile /etc/$webstr/sites-enabled
[ "$websrv" = "apache" ] && a2enmod ssl && a2enmod php7.4 && a2enconf icingaweb2 && a2ensite default-ssl.conf
systemctl restart $webstr
icingacli module disable setup


# -- Icingaweb2 Configuration --
echo "Configuring icingaweb2..."
# Configure authentication
echo "[icingaweb2]
backend = \"db\"
resource = \"icingaweb2\"
" > /etc/icingaweb2/authentication.ini

# Configure resources
echo "[icinga2]
type = \"db\"
db = \"mysql\"
host = \"localhost\"
port = \"\"
dbname = \"icinga2\"
username = \"$ido_user\"
password = \"$ido_password\"
charset = \"\"
use_ssl = \"0\"

[icingaweb2]
type = \"db\"
db = \"mysql\"
host = \"localhost\"
port = \"\"
dbname = \"icingaweb2\"
username = \"$icingaweb2_user\"
password = \"$icingaweb2_password\"
charset = \"\"
use_ssl = \"0\"

[director]
type = \"db\"
db = \"mysql\"
host = \"localhost\"
port = \"\"
dbname = \"director\"
username = \"$director_user\"
password = \"$director_password\"
charset = \"utf8\"
use_ssl = \"0\"
" > /etc/icingaweb2/resources.ini

# Configure roles
echo "[admins]
users = \"$admin_user\"
permissions = \"*\" " > /etc/icingaweb2/roles.ini

# Configure monitoring module
echo "Configuring monitoring..."
icingacli module enable monitoring
mkdir -p /etc/icingaweb2/modules/monitoring
echo "[icinga]
type = \"ido\"
resource = \"icinga2\"
" > /etc/icingaweb2/modules/monitoring/backends.ini
api_pass="$(grep password /etc/icinga2/conf.d/api-users.conf | tr -d ' "' | cut -d '=' -f 2)"
echo "[icinga2]
transport = \"api\"
host = \"$(hostname)\"
port = \"5665\"
username = \"root\"
password = \"$api_pass\"
" > /etc/icingaweb2/modules/monitoring/commandtransports.ini

echo "[security]
protected_customvars = \"*pw*,*pass*,*community*\"
" > /etc/icingaweb2/modules/monitoring/config.ini


# Configure director
echo "Configuring director..."
mkdir -p /etc/icingaweb2/modules/director
echo "[db]
resource = \"director\"
" > /etc/icingaweb2/modules/director/config.ini
icingacli module enable director
icingacli director migration run
echo "[config]
endpoint = \"monitoring.home.local\"
username = \"root\"
password = \"$api_pass\"
" > /etc/icingaweb2/modules/director/kickstart.ini
icingacli director kickstart run
icingacli director config render
icingacli director config deploy
shred -uz /etc/icingaweb2/modules/director/kickstart.ini

echo "\n\nNOW\n\nBrowse to http://$(hostname)/icingaweb2/ and login as $admin_user"