#!/bin/bash

#########################################################################################
#
#  Copyright (c) 2015 arakasi72 (https://github.com/arakasi72)
#
#  --> Licensed under the MIT license: http://www.opensource.org/licenses/mit-license.php
#
#########################################################################################


headless=0
osname=$(lsb_release -si)
releasename=$(lsb_release -cs)

[ -z $logfile ] && logfile="/dev/null"
if [ -z $serverip ]; then
  headless=1
fi

#check it is being run as root
if [ "$(id -u)" != "0" ]; then
  echo "Must be run from root or using sudo" && exit 1
fi

if [ $headless = 1 ]; then
  serveripa=$(ip route get 8.8.8.8 | awk 'NR==1 {print $7}')
  serveripb=$(wget -qO- ipecho.net/plain)
  serveripc=$(wget -qO- --timeout=3 ipinfo.io/ip)
  if [ "$serveripa" = "$serveripb" ] || [ "$serveripa" = "$serveripc" ]; then
    serverip=$serveripa
  else
    echo "Select the IP address to use:"
    echo "1.) "$serveripa
    echo "2.) "$serveripb
    echo "3.) "$serveripc

    while true
      do
        read answer
        case $answer in [1] ) serverip=$serveripa && break ;;
                        [2] ) serverip=$serveripb && break ;;
                        [3] ) serverip=$serveripc && break ;;
                          * ) echo "Enter 1, 2 or 3";;
      esac
    done
  fi
  serverdn=$(perl -MSocket -le "print((gethostbyaddr(inet_aton('$serverip'), AF_INET))[0])")
fi

echo "IP: $serverip"
echo "DN: $serverdn"

if [ -z $serverdn ]; then
  echo "Unable to determine domain name cannot setup Lets Encypt"
  exit 1
fi

# Remove apt version of Certbot if installed
if [ $(dpkg-query -W -f='${Status}' "certbot" 2>/dev/null | grep -c "ok installed") = 1 ]; then
  echo "Removing apt version of Certbot"
  aptitude -q=5 -y remove certbot python*-certbot-nginx >> $logfile 2>&1
fi

# Install Snapd service
aptitude -q=5 -y install snapd >> $logfile 2>&1
# Install the core snap in order to get the latest snapd for Debian
if [ $osname = "Debian" ]; then snap install core >> $logfile 2>&1; snap refresh core; fi

# Installing Certbot
if [ $(snap list | grep -c "certbot") = 0 ]; then
  echo "Installing certbot"
  snap -y install --classic certbot >> $logfile 2>&1
else
  echo "certbot already installed"
fi

if [ $(snap list | grep -c "certbot") = 0 ]; then
  echo "Install Failed"
  exit 1
fi


#Generating Certificates
certbot -q --nginx --register-unsafely-without-email --agree-tos certonly -d $serverdn >> $logfile 2>&1

if [ $? = 1 ]; then
  echo "unable to generate certificates"
  exit 1
fi

echo "Certificates Generated"

if [ $headless = 0 ]; then
  exit 0
fi

if [ -d "/etc/letsencrypt/live/$serverdn" ]; then
  echo "Replacing certificates in nginx and vsftpd"
  
  sed -i "/^\(\s\|#\)*server_name/ c\        server_name $serverdn;" /etc/nginx/sites-available/default
  sed -i "/ssl_certificate / c\        ssl_certificate /etc/letsencrypt/live/$serverdn/fullchain.pem;" /etc/nginx/sites-available/default
  sed -i "/ssl_certificate_key / c\        ssl_certificate_key /etc/letsencrypt/live/$serverdn/privkey.pem;" /etc/nginx/sites-available/default
  
  service nginx restart
  
  sed -i "/^\(\s\|#\)*rsa_cert_file/ c\rsa_cert_file=/etc/letsencrypt/live/$serverdn/fullchain.pem" /etc/vsftpd.conf
  sed -i "/^\(\s\|#\)*rsa_private_key_file/ c\rsa_private_key_file=/etc/letsencrypt/live/$serverdn/privkey.pem" /etc/vsftpd.conf
  
  service vsftpd restart
fi



