#!/bin/bash
certbot_path=$(which certbot)
snap_path=$(which snap)
if [ -z "$(which postfix)" ]; then
  echo "postfix postfix/mailname string $USER" | sudo debconf-set-selections
  echo "postfix postfix/main_mailer_type string 'Local only'" | sudo debconf-set-selections
  sudo -p 'sudo password:' apt-get install -y postfix
  sudo -p 'sudo password:' service postfix start
fi
if [ -z $certbot_path ]; then
  echo "checking kernel version"
  kernel_version=$(sudo -p 'sudo password:' uname -r)
  echo "kernel_version: ${kernel_version}"
  if [[ $kernel_version < 4.4 ]]; then
    echo "Downloading certbot by using python3(since kernel < 4.4)..."
    sudo -p 'sudo password:' add-apt-repository ppa:deadsnakes/ppa -y
    echo "execing apt update..."
    sudo -p 'sudo password:' apt-get -y -o DPkg::options::='--force-confdef' -o DPkg::options::='--force-confold' update
    # if [ ! -z "$(sudo -p 'sudo password:' apt list --upgradable|grep 'linux-generic' )" ]; then
    #   echo "execing apt upgrade..."
    #   sudo -p 'sudo password:' apt-get -y -o DPkg::options::='--force-confdef' -o DPkg::options::='--force-confold' upgrade
    #   echo "Computer will reboot 60 seconds later!"
    #   sleep 60 && sudo reboot
    #   exit 0
    # fi
    echo "Installing python3.8 python3.8-venv libaugeas0 ..."
    sudo -p 'sudo password:' apt-get install python3.8 python3.8-venv libaugeas0 -y
    python_path="$(which python3.8)"
    if [ -z "$python_path" ]; then
      echo "python3.8 not found!"
      echo "Installing python3.8 from source!"
      wget https://www.python.org/ftp/python/3.8.13/Python-3.8.13.tgz
      echo "Installing building tools!"
      sudo -p 'sudo password:' apt-get install -y make build-essential libssl-dev zlibc zlib1g-dev libbz2-dev libreadline-dev libsqlite3-dev wget curl llvm libncurses5-dev libncursesw5-dev xz-utils tk-dev
      echo "Installing openssl 1.1.1m..."
      wget https://www.openssl.org/source/openssl-1.1.1m.tar.gz --no-check-certificate
      tar xzvf openssl-1.1.1m.tar.gz
      cd openssl-1.1.1m
      ./config no-ssl2 no-ssl3 zlib-dynamic -fPIC shared --prefix=/usr/local/openssl
      make depend -j8 && sudo -p 'sudo password:' make install
      cd ..
      sudo -p 'sudo password:' bash -l -c "echo '/usr/local/openssl/lib' >> /etc/ld.so.conf.d/openssl.conf"
      sudo -p 'sudo password:' ldconfig -v
      tar xvf Python-3.8.13.tgz
      cd Python-3.8.13/ && ./configure --with-openssl=/usr/local/openssl --enable-optimizations --with-ensurepip=install
      sudo -p 'sudo password:' make altinstall
      cd ..
      python_path="$(which python3.8)"
    fi
    sudo -p 'sudo password:' rm -rf /opt/certbot/
    echo "generating venv for certbot ..."
    sudo -p 'sudo password:' python3.8 -m venv /opt/certbot/
    sudo -p 'sudo password:' /opt/certbot/bin/pip install --trusted-host pypi.python.org --trusted-host pypi.org --upgrade pip
    echo "Installing certbot on python3.8 ..."
    sudo -p 'sudo password:' /opt/certbot/bin/pip install --trusted-host pypi.python.org --trusted-host pypi.org certbot certbot-nginx
    sudo -p 'sudo password:' rm -f /usr/bin/certbot
    sudo -p 'sudo password:' ln -s /opt/certbot/bin/certbot /usr/bin/certbot
    sudo -p 'sudo password:' certbot register --email bohung@rulingcom.com --agree-tos -n
    sudo -p 'sudo password:' certbot --nginx -n 2>/dev/null || true
    echo "Finish install certbot!"
    certbot_path="/usr/bin/certbot"
  else
    if [ -z $snap_path ]; then
      echo "execing apt update..."
      sudo -p 'sudo password:' apt-get -y -o DPkg::options::='--force-confdef' -o DPkg::options::='--force-confold' update
      echo "Installing snap..."
      sudo -p 'sudo password:' apt install snapd -y
      snap_path=$(which snap)
    fi
    if [ ! -z $snap_path ]; then
      echo "Installing snap core..."
      sudo -p 'sudo password:' bash -l -c 'snap install core && snap refresh core'
      echo "Installing certbot with snap..."
      sudo -p 'sudo password:' snap install --classic certbot
      sudo -p 'sudo password:' ln -s /snap/bin/certbot /usr/bin/certbot
      sudo -p 'sudo password:' certbot register --email bohung@rulingcom.com --agree-tos -n
      sudo -p 'sudo password:' certbot --nginx -n 2>/dev/null || true
      echo "Finish install certbot!"
      certbot_path="/usr/bin/certbot"
    else
      echo "There was some error when installing snap!"
    fi
  fi
fi
if [ ! -z $certbot_path ]; then
  echo "Setting certbot renew to cronjob..."
  crontab_lines=$(sudo -p 'sudo password:' crontab -l)
  certbot_renew_command=$(sudo -p 'sudo password:' crontab -l|grep "certbot"|grep "renew")
  if [ -z "$certbot_renew_command" ]; then
    echo "Add certbot renew cronjob!"
    certbot_renew_command="30 2 * * * $certbot_path renew --no-self-upgrade --renew-hook 'sudo service nginx restart' > /var/log/le-renew.log"
    echo "$certbot_renew_command"
    CRON="$certbot_renew_command" && (sudo -p 'sudo password:' crontab -l; echo "$CRON" ) | sudo -p 'sudo password:' crontab -
  fi
  echo "Finish setting renew cronjob!"
fi