#!/bin/bash

# 1) create new droplet **DO NOT PICK IPV6 just the monitoring option** if trial use anytrial.onayanova.com SSH key if production make a unique key, add to keepass biz
# 2) immediately set subdomain name in networking
# 3) Add droplet into raven-server-standard-firewall
# 4) check DNS available using https://letsdebug.net/
# 5) Open putty, select X.onayanova.com, change ip to new droplet domain name and open it
# 6) nano ayinit.sh paste in this
# 7) CHANGE the values at the top of the script to the desired time zone and subdomain, Save and exit nano
# 8) Update the server apt-get update && apt-get upgrade
# 9) chmod a+x ayinit.sh
# 10) ./ayinit.sh
# 11) profit$

TIMEZONE='America/Vancouver'
DOMAINNAME='subdomain.onayanova.com'


#############################
echo STARTING...
timedatectl set-timezone $TIMEZONE
apt-get update
apt-get dist-upgrade -y
echo SET SWAP FILE
fallocate -l 1G /swapfile
chmod 600 /swapfile
mkswap /swapfile
swapon /swapfile
echo '/swapfile none swap sw 0 0' | sudo tee -a /etc/fstab
echo 'vm.swappiness=10' | sudo tee -a /etc/sysctl.conf
echo 'vm.vfs_cache_pressure=50' | sudo tee -a /etc/sysctl.conf
echo INSTALL .NET CORE
apt-get install -y aspnetcore-runtime-6.0
echo INSTALL POSTGRESQL
sh -c 'echo "deb http://apt.postgresql.org/pub/repos/apt $(lsb_release -cs)-pgdg main" > /etc/apt/sources.list.d/pgdg.list'
wget --quiet -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | sudo apt-key add -
sudo apt-get update
sudo apt-get -y install postgresql
sudo -u postgres psql -U postgres -d postgres -c "alter user postgres with password 'YOUR_PASSWORD_HERE';"
echo INSTALL REPORTING LIBS
sudo apt-get install -yq gconf-service libasound2 libatk1.0-0 libc6 libcairo2 libcups2 libdbus-1-3 \
libexpat1 libfontconfig1 libgcc1 libgconf-2-4 libgdk-pixbuf2.0-0 libglib2.0-0 libgtk-3-0 libnspr4 \
libpango-1.0-0 libpangocairo-1.0-0 libstdc++6 libx11-6 libx11-xcb1 libxcb1 libxcomposite1 \
libxcursor1 libxdamage1 libxext6 libxfixes3 libxi6 libxrandr2 libxrender1 libxss1 libxtst6 libgbm1 \
ca-certificates fonts-liberation libappindicator1 libnss3 lsb-release xdg-utils wget
echo INSTALL AYANOVA
apt install zip unzip -y
mkdir /var/ayanova
mkdir /var/ayanova/data
mkdir /var/ayanova/.local-chromium
cd /var/ayanova
curl -O https://www.ayanova.com/download/ayanova-subscription-linux-x64-server.zip && \
unzip -o ayanova-subscription-linux-x64-server.zip
chown -vR :www-data /var/ayanova
chmod -R g+rw /var/ayanova/data
chmod -R g+rwx /var/ayanova/.local-chromium
echo '[Unit]' >> /etc/systemd/system/ayanova.service
echo 'Description=AyaNova server' >> /etc/systemd/system/ayanova.service
echo '' >> /etc/systemd/system/ayanova.service
echo '[Service]' >> /etc/systemd/system/ayanova.service
echo 'WorkingDirectory=/var/ayanova' >> /etc/systemd/system/ayanova.service
echo 'ExecStart=/usr/bin/dotnet /var/ayanova/AyaNova.dll' >> /etc/systemd/system/ayanova.service
echo 'Restart=always' >> /etc/systemd/system/ayanova.service
echo 'RestartSec=10' >> /etc/systemd/system/ayanova.service
echo 'KillSignal=SIGINT' >> /etc/systemd/system/ayanova.service
echo 'SyslogIdentifier=ayanova-server' >> /etc/systemd/system/ayanova.service
echo 'User=www-data' >> /etc/systemd/system/ayanova.service
echo 'Environment=ASPNETCORE_ENVIRONMENT=Production' >> /etc/systemd/system/ayanova.service
echo 'Environment=DOTNET_PRINT_TELEMETRY_MESSAGE=false' >> /etc/systemd/system/ayanova.service
echo '' >> /etc/systemd/system/ayanova.service
echo '[Install]' >> /etc/systemd/system/ayanova.service
echo 'WantedBy=multi-user.target' >> /etc/systemd/system/ayanova.service
systemctl enable ayanova.service
echo START AYANOVA SERVICE
systemctl start ayanova.service
echo INSTALL NGINX
apt install nginx -y
echo 'server {' > /etc/nginx/sites-available/default
echo '    listen        80;' >> /etc/nginx/sites-available/default
echo "    server_name   $DOMAINNAME;" >> /etc/nginx/sites-available/default
echo '    location / {' >> /etc/nginx/sites-available/default
echo '        add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;' >> /etc/nginx/sites-available/default
echo '        add_header X-XSS-Protection "1; mode=block" always;' >> /etc/nginx/sites-available/default
echo '        add_header X-Content-Type-Options "nosniff" always;' >> /etc/nginx/sites-available/default
echo '        add_header X-Frame-Options "SAMEORIGIN" always;' >> /etc/nginx/sites-available/default
echo '        add_header Referrer-Policy "strict-origin" always;' >> /etc/nginx/sites-available/default
echo '        gzip on;' >> /etc/nginx/sites-available/default
echo '        gzip_vary on;' >> /etc/nginx/sites-available/default
echo '        gzip_min_length 10240;' >> /etc/nginx/sites-available/default
echo '        gzip_proxied expired no-cache no-store private auth;' >> /etc/nginx/sites-available/default
echo '        gzip_http_version 1.1;' >> /etc/nginx/sites-available/default
echo '        gzip_types  application/javascript text/css application/json text/plain;' >> /etc/nginx/sites-available/default
echo '' >> /etc/nginx/sites-available/default
echo '        proxy_pass         http://127.0.0.1:7575;' >> /etc/nginx/sites-available/default
echo '        proxy_http_version 1.1;' >> /etc/nginx/sites-available/default
echo '        proxy_set_header   Upgrade $http_upgrade;' >> /etc/nginx/sites-available/default
echo '        proxy_set_header   Connection keep-alive;' >> /etc/nginx/sites-available/default
echo '        proxy_set_header   Host $host;' >> /etc/nginx/sites-available/default
echo '        proxy_cache_bypass $http_upgrade;' >> /etc/nginx/sites-available/default
echo '        proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;' >> /etc/nginx/sites-available/default
echo '        proxy_set_header   X-Forwarded-Proto $scheme;' >> /etc/nginx/sites-available/default
echo '        proxy_connect_timeout       3600;' >> /etc/nginx/sites-available/default
echo '        proxy_send_timeout          3600;' >> /etc/nginx/sites-available/default
echo '        proxy_read_timeout          3600;' >> /etc/nginx/sites-available/default
echo '        send_timeout                3600; ' >> /etc/nginx/sites-available/default
echo '        client_max_body_size 25M;' >> /etc/nginx/sites-available/default
echo '    }' >> /etc/nginx/sites-available/default
echo '}' >> /etc/nginx/sites-available/default
systemctl restart nginx
echo INSTALL CERTBOT 
apt install certbot python3-certbot-nginx -y
echo GET CERTIFICATE
certbot --nginx --noninteractive --agree-tos --email ops@onayanova.com --no-eff-email -d $DOMAINNAME
echo ...COMPLETED