#!/bin/bash

###############################################################################
# New Server Preparation Script
# Server: vps2.scala4.com
# Purpose: Prepare a clean server for application migration
###############################################################################

set -e  # Exit on error

# Colors for output
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
NC='\033[0m' # No Color

# Logging function
log() {
    echo -e "${GREEN}[$(date +'%Y-%m-%d %H:%M:%S')]${NC} $1"
}

warn() {
    echo -e "${YELLOW}[WARNING]${NC} $1"
}

error() {
    echo -e "${RED}[ERROR]${NC} $1"
}

# Check if running as root
if [ "$EUID" -ne 0 ]; then 
    error "Please run as root"
    exit 1
fi

log "Starting new server preparation..."
log "Server: vps2.scala4.com"

###############################################################################
# PHASE 1: System Update
###############################################################################
log "Phase 1: Updating system packages..."
export DEBIAN_FRONTEND=noninteractive
apt-get update
apt-get upgrade -y
apt-get install -y software-properties-common apt-transport-https ca-certificates curl wget gnupg lsb-release

###############################################################################
# PHASE 2: Install Apache Web Server
###############################################################################
log "Phase 2: Installing Apache web server..."
apt-get install -y apache2
systemctl enable apache2
systemctl start apache2

# Enable required Apache modules
log "Enabling Apache modules..."
a2enmod rewrite
a2enmod ssl
a2enmod headers
a2enmod expires
a2enmod deflate
systemctl restart apache2

###############################################################################
# PHASE 3: Install MySQL/MariaDB
###############################################################################
log "Phase 3: Installing MariaDB database server..."
apt-get install -y mariadb-server mariadb-client
systemctl enable mariadb
systemctl start mariadb

# Secure MySQL installation (non-interactive)
log "Securing MySQL installation..."
mysql -e "DELETE FROM mysql.user WHERE User='';"
mysql -e "DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1');"
mysql -e "DROP DATABASE IF EXISTS test;"
mysql -e "DELETE FROM mysql.db WHERE Db='test' OR Db='test\\_%';"
mysql -e "FLUSH PRIVILEGES;"

# Configure MySQL for better performance
log "Configuring MySQL..."
cat > /etc/mysql/mariadb.conf.d/99-custom.cnf <<EOF
[mysqld]
max_allowed_packet = 256M
innodb_buffer_pool_size = 1G
innodb_log_file_size = 256M
character-set-server = utf8mb4
collation-server = utf8mb4_unicode_ci
EOF

systemctl restart mariadb

###############################################################################
# PHASE 4: Install PHP and Extensions
###############################################################################
log "Phase 4: Installing PHP and extensions..."

# Add PHP repository for multiple versions
add-apt-repository -y ppa:ondrej/php
apt-get update

# Install PHP 8.1 (primary version for most apps)
log "Installing PHP 8.1..."
apt-get install -y php8.1 \
    php8.1-cli \
    php8.1-fpm \
    php8.1-common \
    php8.1-mysql \
    php8.1-mysqli \
    php8.1-xml \
    php8.1-curl \
    php8.1-gd \
    php8.1-mbstring \
    php8.1-zip \
    php8.1-bcmath \
    php8.1-intl \
    php8.1-soap \
    php8.1-opcache \
    php8.1-readline \
    php8.1-imagick \
    libapache2-mod-php8.1

# Install PHP 7.4 (for older apps that may need it)
log "Installing PHP 7.4 (for compatibility)..."
apt-get install -y php7.4 \
    php7.4-cli \
    php7.4-fpm \
    php7.4-common \
    php7.4-mysql \
    php7.4-mysqli \
    php7.4-xml \
    php7.4-curl \
    php7.4-gd \
    php7.4-mbstring \
    php7.4-zip \
    php7.4-bcmath \
    php7.4-intl \
    php7.4-soap \
    php7.4-opcache \
    php7.4-readline \
    php7.4-imagick

# Set PHP 8.1 as default for Apache
log "Setting PHP 8.1 as default for Apache..."
a2enmod php8.1
systemctl restart apache2

# Configure PHP settings
log "Configuring PHP settings..."
cat > /etc/php/8.1/apache2/conf.d/99-custom.ini <<EOF
upload_max_filesize = 256M
post_max_size = 256M
memory_limit = 512M
max_execution_time = 300
max_input_time = 300
date.timezone = Europe/Madrid
EOF

cat > /etc/php/8.1/cli/conf.d/99-custom.ini <<EOF
memory_limit = 512M
max_execution_time = 300
date.timezone = Europe/Madrid
EOF

# Copy same config for PHP 7.4 (only if Apache module exists)
if [ -d "/etc/php/7.4/apache2/conf.d" ]; then
    cat > /etc/php/7.4/apache2/conf.d/99-custom.ini <<EOF
upload_max_filesize = 256M
post_max_size = 256M
memory_limit = 512M
max_execution_time = 300
max_input_time = 300
date.timezone = Europe/Madrid
EOF
fi

cat > /etc/php/7.4/cli/conf.d/99-custom.ini <<EOF
memory_limit = 512M
max_execution_time = 300
date.timezone = Europe/Madrid
EOF

systemctl restart apache2

###############################################################################
# PHASE 5: Install ionCube Loader (Required for WHMCS)
###############################################################################
log "Phase 5: Installing ionCube Loader for WHMCS..."

# Detect PHP version and architecture
PHP_VERSION=$(php8.1 -v | head -n 1 | cut -d " " -f 2 | cut -c 1-3)
ARCH=$(uname -m)

if [ "$ARCH" = "x86_64" ]; then
    ARCH="x86-64"
fi

# Download and install ionCube Loader
cd /tmp
wget https://downloads.ioncube.com/loader_downloads/ioncube_loaders_lin_${ARCH}.tar.gz
tar xzf ioncube_loaders_lin_${ARCH}.tar.gz

# Copy loader for PHP 8.1
PHP_EXT_DIR=$(php8.1 -i | grep extension_dir | awk '{print $3}' | tr -d '"')
cp ioncube/ioncube_loader_lin_8.1.so "$PHP_EXT_DIR/"

# Copy loader for PHP 7.4
PHP_EXT_DIR_74=$(php7.4 -i | grep extension_dir | awk '{print $3}' | tr -d '"')
cp ioncube/ioncube_loader_lin_7.4.so "$PHP_EXT_DIR_74/"

# Configure ionCube for PHP 8.1
cat >> /etc/php/8.1/apache2/conf.d/00-ioncube.ini <<EOF
zend_extension=ioncube_loader_lin_8.1.so
EOF

cat >> /etc/php/8.1/cli/conf.d/00-ioncube.ini <<EOF
zend_extension=ioncube_loader_lin_8.1.so
EOF

# Configure ionCube for PHP 7.4 (only if Apache module exists)
if [ -d "/etc/php/7.4/apache2/conf.d" ]; then
    cat >> /etc/php/7.4/apache2/conf.d/00-ioncube.ini <<EOF
zend_extension=ioncube_loader_lin_7.4.so
EOF
fi

cat >> /etc/php/7.4/cli/conf.d/00-ioncube.ini <<EOF
zend_extension=ioncube_loader_lin_7.4.so
EOF

# Cleanup
rm -rf /tmp/ioncube*
rm -f /tmp/ioncube_loaders_lin_*.tar.gz

systemctl restart apache2

###############################################################################
# PHASE 6: Install Certbot for SSL Certificates
###############################################################################
log "Phase 6: Installing Certbot for SSL certificates..."
apt-get install -y certbot python3-certbot-apache

###############################################################################
# PHASE 7: Install Git and Other Tools
###############################################################################
log "Phase 7: Installing Git and other tools..."
apt-get install -y git rsync unzip zip htop nano vim

###############################################################################
# PHASE 8: Configure Firewall
###############################################################################
log "Phase 8: Configuring firewall..."
if command -v ufw &> /dev/null; then
    ufw --force enable
    ufw allow 22/tcp
    ufw allow 80/tcp
    ufw allow 443/tcp
    ufw reload
    log "Firewall configured"
else
    warn "UFW not found, skipping firewall configuration"
fi

###############################################################################
# PHASE 9: Install Fail2Ban (Security)
###############################################################################
log "Phase 9: Installing Fail2Ban..."
apt-get install -y fail2ban
systemctl enable fail2ban
systemctl start fail2ban

###############################################################################
# PHASE 10: Create Directory Structure
###############################################################################
log "Phase 10: Creating directory structure..."
mkdir -p /var/www/html
mkdir -p /backup
mkdir -p /backup/applications
mkdir -p /backup/databases
mkdir -p /backup/configs
mkdir -p /var/log/applications
mkdir -p /opt/migration/{scripts,docs,logs,templates}
chown -R www-data:www-data /var/www/html
chmod 755 /var/www/html
chown -R root:root /opt/migration
chmod -R 755 /opt/migration
log "✓ Created /opt/migration/ structure for migration tools"

###############################################################################
# PHASE 11: Configure Timezone
###############################################################################
log "Phase 11: Configuring timezone..."
timedatectl set-timezone Europe/Madrid

###############################################################################
# PHASE 12: Create MySQL Admin User (for migrations)
###############################################################################
log "Phase 12: Creating MySQL admin user for migrations..."
read -sp "Enter password for MySQL 'admin' user (or press Enter to skip): " MYSQL_ADMIN_PASS
echo ""

if [ -n "$MYSQL_ADMIN_PASS" ]; then
    mysql -e "CREATE USER IF NOT EXISTS 'admin'@'localhost' IDENTIFIED BY '$MYSQL_ADMIN_PASS';"
    mysql -e "GRANT ALL PRIVILEGES ON *.* TO 'admin'@'localhost' WITH GRANT OPTION;"
    mysql -e "FLUSH PRIVILEGES;"
    log "MySQL admin user created"
else
    warn "Skipping MySQL admin user creation"
fi

###############################################################################
# PHASE 13: Install Node.js (if needed for any apps)
###############################################################################
log "Phase 13: Installing Node.js (optional, for Node.js apps)..."
curl -fsSL https://deb.nodesource.com/setup_18.x | bash -
apt-get install -y nodejs

###############################################################################
# PHASE 14: Create Test PHP Info Page
###############################################################################
log "Phase 14: Creating test PHP info page..."
cat > /var/www/html/info.php <<EOF
<?php
phpinfo();
?>
EOF
chown www-data:www-data /var/www/html/info.php
log "Test page created at: http://$(hostname -I | awk '{print $1}')/info.php"
warn "REMOVE /var/www/html/info.php after testing for security!"

###############################################################################
# PHASE 15: Verification
###############################################################################
log "Phase 15: Verifying installations..."

# Check Apache
if systemctl is-active --quiet apache2; then
    log "✓ Apache is running"
else
    error "✗ Apache is not running"
fi

# Check MySQL
if systemctl is-active --quiet mariadb; then
    log "✓ MariaDB is running"
else
    error "✗ MariaDB is not running"
fi

# Check PHP versions
log "Installed PHP versions:"
php8.1 -v | head -n 1
php7.4 -v | head -n 1

# Check ionCube
if php8.1 -m | grep -q ioncube; then
    log "✓ ionCube Loader is installed for PHP 8.1"
else
    error "✗ ionCube Loader not found for PHP 8.1"
fi

if php7.4 -m | grep -q ioncube; then
    log "✓ ionCube Loader is installed for PHP 7.4"
else
    error "✗ ionCube Loader not found for PHP 7.4"
fi

# Check Git
if command -v git &> /dev/null; then
    log "✓ Git is installed: $(git --version)"
else
    error "✗ Git is not installed"
fi

# Check Node.js
if command -v node &> /dev/null; then
    log "✓ Node.js is installed: $(node --version)"
else
    error "✗ Node.js is not installed"
fi

###############################################################################
# SUMMARY
###############################################################################
log "=========================================="
log "Server preparation complete!"
log "=========================================="
log ""
log "Next steps:"
log "1. Test PHP info page: http://$(hostname -I | awk '{print $1}')/info.php"
log "2. Remove info.php after testing: rm /var/www/html/info.php"
log "3. Copy migration scripts from old server to: /opt/migration/"
log "   Example: rsync -avz /opt/migration/ root@OLD_SERVER:/opt/migration/"
log "4. Run inventory scripts on old server first"
log "5. Start migrating applications one by one"
log ""
log "Server IP: $(hostname -I | awk '{print $1}')"
log "Server hostname: $(hostname)"
log ""
warn "IMPORTANT: Change root password and configure SSH keys for security!"
warn "IMPORTANT: Remove /var/www/html/info.php after testing!"

log "Preparation script completed successfully!"