#!/bin/bash

echo "Press any key to continue or CTRL+C to panic and abort..."
read -n1 REPO

#if [ "$REPO" == "y" ]
#then
#	echo "---> Patching aptitude sources list and updating <---"
#	mv /etc/apt/sources.list /etc/apt/sources.list.original
#	echo "deb http://glonek.co.uk/repo64/ hardy main" > /etc/apt/sources.list
#fi

aptitude update
aptitude upgrade

echo "---> Installing required packages <---"
aptitude install openssh-server openssh-client wget vim lynx mysql-server mysql-client apache2 php5 php5-cli php5-curl php5-gd php5-imap php5-mcrypt php5-mhash php5-mysql bind9 libmysqlclient-dev proftpd proftpd-mod-mysql postfix postfix-mysql libsasl2-modules-sql libgsasl7 libauthen-sasl-cyrus-perl courier-base courier-authdaemon courier-authlib-mysql courier-imap courier-imap-ssl courier-ssl clamav-base libclamav6 clamav-daemon clamav-freshclam squirrelmail squirrelmail-locales php-pear phpmyadmin dspam dspam-doc dspam-webfrontend lftp ncftp postfix-policyd-spf-perl monit munin libdspam7-drv-mysql libapache2-mod-auth-mysql proftpd-doc proftpd-mod-ldap proftpd-mod-odbc proftpd-mod-pgsql proftpd-mod-sqlite
 # sadly maildrop doesn't come with courier auth libs any more,
 # so we can't install from repo, we will later on download local
 # version that last worked with authlib and install via dpkg
# aptitude install courier-maildrop

#if [ "$REPO" == "y" ]
#then
#	echo "---> Restoring sources list <---"
#	mv /etc/apt/sources.list.original /etc/apt/sources.list
#fi

echo "---> Configuring SSH Server <---"
sed 's/PermitRootLogin/# PermitRootLogin/g' /etc/ssh/sshd_config > /etc/ssh/sshd_config.tmp
echo "PermitRootLogin no" >> /etc/ssh/sshd_config.tmp
mv /etc/ssh/sshd_config.tmp /etc/ssh/sshd_config

echo "---> Configuring MySQL Server and databases <---"
cd /tmp
wget http://www.glonek.co.uk/auto-install/databases.sql.gz
gunzip databases.sql.gz
read -s -p "Please enter your MySQL root password:" MYSQLPASS
echo ""
read -s -p "Please enter password you wish to use with root@localhost email address:" EADDRPASS
echo ""
read -s -p "Please enter password you wish to use with users database:" UDBPASS
echo ""
echo "drop database libdspam7drvmysql;" |mysql -u root -p${MYSQLPASS}
echo "drop database users;" |mysql -u root -p${MYSQLPASS}
mysql -u root -p${MYSQLPASS} < databases.sql
echo "grant all on users.* to mail identified by '$UDBPASS';" |mysql -u root -p${MYSQLPASS}
echo "grant all on users.* to mail@localhost identified by '$UDBPASS';" |mysql -u root -p${MYSQLPASS}
echo "grant all on libdspam7drvmysql.* to mail;" |mysql -u root -p${MYSQLPASS}
echo "grant all on libdspam7drvmysql.* to mail@localhost;" |mysql -u root -p${MYSQLPASS}
echo "insert into users (id,name,uid,gid,home,maildir,enabled,change_password,clear,crypt,send_limit,receive_limit,current_size) values ('root@localhost','root',5000,5000,'/var/spool/mail/virtual','root@localhost/',1,0,'$EADDRPASS',ENCRYPT('$EADDRPASS'),0,0,0);" |mysql -u root -p${MYSQLPASS} users

echo "---> Configuring PHP5 <---"
cat > /etc/apache2/mods-available/php5.conf <<EOF
<IfModule mod_php5.c>
  AddType application/x-httpd-php .php
  AddType application/x-httpd-php-source .phps
</IfModule>
EOF

echo "---> Preconfiguring BIND9 (named) <---"
read -p "Please enter server domain name to be configured:" DOMAIN
read -p "Please enter server IP address for the domain (e.g. 123.123.123.123):" IPADDR
IP=(${IPADDR//./ })
cat >> /etc/bind/named.conf.local <<EOF

zone "${DOMAIN}" {
        type master;
        file "/etc/bind/zones/${DOMAIN}.db";
};

zone "${IP[2]}.${IP[1]}.${IP[0]}.in-addr.arpa" {
        type master;
        file "/etc/bind/zones/rev.${IP[2]}.${IP[1]}.${IP[0]}.in-addr.arpa";
};

EOF
mkdir /etc/bind/zones
cat > /etc/bind/zones/${DOMAIN}.db <<EOF
\$TTL 1h
${DOMAIN}.  IN      SOA     ns.${DOMAIN}.        webadmin@${DOMAIN}. (
                                                        2009010910 ;serial
                                                        3600 ;refresh
                                                        3600 ;retry
                                                        3600 ;expire
                                                        3600 ;minimum TTL
)

${DOMAIN}. IN  NS      ns.${DOMAIN}.
${DOMAIN}. IN  MX      10      mail.${DOMAIN}.
${DOMAIN}. IN  MX      20      mail.${DOMAIN}.

@       IN      A       ${IPADDR}
www     IN      A       ${IPADDR}
mail    IN      A       ${IPADDR}
ns 	IN 	A 	${IPADDR}

${DOMAIN}.     IN      TXT     "v=spf1 a mx ip4:${IPADDR} -all"
${DOMAIN}.     IN      SPF     "v=spf1 a mx ip4:${IPADDR} -all"
EOF
cat > /etc/bind/zones/rev.${IP[2]}.${IP[1]}.${IP[0]}.in-addr.arpa <<EOF
\$TTL 1h
@ IN SOA ns.${DOMAIN}. webadmin@${DOMAIN}. (
                                                        2008112111 ;serial
                                                        3600 ;refresh
                                                        3600 ;retry
                                                        3600 ;expire
                                                        3600 ;minimum TTL
)

                IN      NS      ns.${DOMAIN}.
${IP[3]}              IN      PTR     ${DOMAIN}
EOF
sed 's/allow-recursion/#allow-recursion/g' /etc/bind/named.conf.options > /etc/bind/named.conf.options.new
sed "s/options {/options {\n        allow-recursion { 127.0.0.1; $IPADDR; };/g" /etc/bind/named.conf.options.new > /etc/bind/named.conf.options

echo "---> Preconfiguring ProFTPd <---"
cd /tmp
wget http://www.glonek.co.uk/auto-install/proftpd.tgz
tar -zxvf proftpd.tgz
cd /tmp/proftpd
mv * /etc/proftpd
cd /etc/proftpd
sed -i "s/PROFTPDMAILPASS/$UDBPASS/g" proftpd.conf

echo "---> Configuring Postfix <---"
cd /tmp
wget http://www.glonek.co.uk/auto-install/welcome.mail
mv /tmp/welcome.mail /etc/welcome.mail
sed -i "s/DOMAINNAME/$DOMAIN/g" /etc/welcome.mail
cd /tmp
wget http://www.glonek.co.uk/auto-install/postfix.tgz
tar -zxvf postfix.tgz
cd /tmp/postfix
mv * /etc/postfix
cd /etc/postfix
sed -i "s/PASS/$UDBPASS/g" *
cd /etc/postfix/sasl
sed -i "s/PASS/$UDBPASS/g" *
cd /etc/postfix
sed -i "s/MAILFQDN/$DOMAIN/g" main.cf
cp /etc/aliases /etc/postfix/aliases
postalias /etc/postfix/aliases
mkdir /var/spool/mail/virtual 
groupadd virtual -g 5000 
useradd virtual -u 5000 -g 5000 
chown -R virtual:virtual /var/spool/mail/virtual
ln -s /usr/sbin/postfix-policyd-spf-perl /usr/bin/postfix-policyd-spf-perl
echo -e "\nvirtual ALL=NOPASSWD: /usr/bin/maildrop" >> /etc/sudoers

echo "---> Configuring Courier <---"
IS64=`uname -a |grep x86_64 |wc -l`
cd /tmp
if [ "$IS64" == "0" ]
then
	wget http://www.glonek.co.uk/auto-install/courier-maildrop_i386.deb
	dpkg -i /tmp/courier-maildrop_i386.deb
else
	wget http://www.glonek.co.uk/auto-install/courier-maildrop_x64.deb
	dpkg -i /tmp/courier-maildrop_x64.deb
fi
cd /tmp
wget http://www.glonek.co.uk/auto-install/courier.tgz
tar -zxvf courier.tgz
cd /tmp/courier
mv * /etc/courier
cd /etc/courier
sed -i "s/THEPASS/$UDBPASS/g" authmysqlrc
cd /etc/courier
openssl req -x509 -newkey rsa:1024 -keyout imapd.pem -out imapd.pem -nodes -days 999
sed -i 's/daemonscript start/daemonscript start\nchmod -R 777 \/var\/run\/courier\/authdaemon/g' /etc/init.d/courier-authdaemon

echo "---> Configuring ClamAV <---"
dpkg-reconfigure clamav-freshclam

echo "---> Configuring Squirrelmail <---"
cd /tmp
wget http://www.glonek.co.uk/auto-install/squirrelmail.tgz
tar -zxvf squirrelmail.tgz
cd /tmp/squirrelmail
mv * /etc/squirrelmail
cd /tmp
wget http://www.glonek.co.uk/auto-install/squirrelmail.conf
mv /tmp/squirrelmail.conf /etc/apache2/conf.d/squirrelmail.conf

echo "---> Configuring DSpam <---"
cd /tmp
wget http://www.glonek.co.uk/auto-install/dspam.tgz
tar -zxvf dspam.tgz
cd /tmp/dspam
mv * /etc/dspam
sed -i 's/START=.*/START=yes/g' /etc/default/dspam
sed -i "s/DSPAMPASS/$UDBPASS/g" /etc/dspam/dspam.d/mysql.conf
cat > /var/www/dspam/.htaccess <<EOF
AuthType Basic
AuthName "DSPAM Authentication Requred"

AuthBasicAuthoritative Off
Auth_MySQL_Authoritative On
Auth_MYSQL on
Auth_MYSQL_host localhost
Auth_MYSQL_username mail
Auth_MYSQL_password $UDBPASS
Auth_MYSQL_db users
Auth_MYSQL_password_table users
Auth_MYSQL_username_field id
Auth_MYSQL_password_field clear
Auth_MYSQL_Encrypted_Passwords off
AuthUserFile /dev/null
require valid-user
EOF

echo "---> Installing internal scripts <---"
cat >> /etc/crontab <<EOF
# update quotas
*/20 *  * * *   root    /usr/local/bin/quota-check.sh
# dspam frontend has got personality issues with permissions, let's fix that regularly
# once an hour is already excessive, should be fine then :)
00 */1  * * * 	root 	chown -R root:dspam /var/spool/dspam/data/
10 */1  * * *   root    for i in `find /var/spool/dspam/data/ -type d`; do chmod 775 $i; done
20 */1  * * *   root    for i in `find /var/spool/dspam/data/ -type f`; do chmod 664 $i; done
EOF

cd /tmp
wget http://www.glonek.co.uk/auto-install/scripts.tgz
tar -zxvf scripts.tgz
cd /tmp/scripts
mv * /usr/local/bin
/usr/local/bin/mail-create.sh 'root@localhost'
cd /tmp
wget http://www.glonek.co.uk/auto-install/mailfilter
mv mailfilter /var/spool/mail/virtual/root\@localhost/.mailfilter
chown virtual:virtual /var/spool/mail/virtual/root\@localhost/.mailfilter
chmod 600 /var/spool/mail/virtual/root\@localhost/.mailfilter

echo "---> Configuring Monit <---"
cd /tmp
wget http://www.glonek.co.uk/auto-install/monit.tgz
tar -zxvf monit.tgz
cd /tmp/monit
mv * /etc/monit
cd /etc/monit
read -p "Please provide GUI login user for Monit:" MONUSER
read -s -p "Please provide GUI login password for Monit:" MONPASS
echo ""
read -p "Provide email address to receive monitoring alerts:" ALERTMAIL
sed -i "s/MONUSER/$MONUSER/g" /etc/monit/monitrc
sed -i "s/MONPASS/$MONPASS/g" /etc/monit/monitrc
PIDFILE=`egrep "PIDFILE=.*" /etc/init.d/bind9 |cut -d "=" -f 2`
if [ "$PIDFILE" == "" ]; then PIDFILE='\/var\/run\/bind\/run\/named.pid'; fi
sed -i "s/NAMEDPID/$PIDFILE/g" /etc/monit/monitrc
sed 's/startup=0/startup=1/g' /etc/default/monit > /etc/default/monit.new
mv /etc/default/monit.new /etc/default/monit
sed -i "s/ALERTMAIL/$ALERTMAIL/g" /etc/monit/monitrc

echo "---> Configuring Munin <---"
read -p "Munin login user": MUNINU
echo ""
read -s -p "Munin login password:" MUNINP
echo ""
cd /tmp
wget http://www.glonek.co.uk/auto-install/munin.tgz
tar -zxvf munin.tgz
cd /tmp/munin
mv * /etc/munin
cd /var/www/munin
htpasswd -b -c .htpasswd $MUNINU $MUNINP
cat > /var/www/munin/.htaccess <<EOF
AuthUserFile /var/www/munin/.htpasswd
AuthGroupFile /dev/null
AuthName MuninPassword
AuthType Basic
require valid-user
EOF

echo "---> Configuring Apache2 <---"
a2enmod alias
a2enmod auth_basic
a2enmod auth_mysql
a2enmod authn_file
a2enmod authz_default
a2enmod authz_groupfile
a2enmod authz_host
a2enmod authz_user
a2enmod autoindex
a2enmod cgi
a2enmod dir
a2enmod env
a2enmod mime
a2enmod negotiation
a2enmod php5
a2enmod proxy
a2enmod proxy_http
a2enmod rewrite
a2enmod setenvif
a2enmod status
a2enmod suexec
cat > /etc/apache2/sites-available/default <<EOF
NameVirtualHost *:80
<VirtualHost *:80>
        ServerAdmin webmaster@localhost
        ServerName $DOMAIN
        DocumentRoot /var/www/$DOMAIN
        ErrorLog /var/log/apache2/$DOMAIN-error.log
        LogLevel warn
        # can change to debug, info, notice, warn, error, crit, alert, emerg
        CustomLog /var/log/apache2/$DOMAIN-access.log combined
        Alias /dspam /var/www/dspam
        SuexecUserGroup dspam dspam
        <Directory /var/www/dspam>
                Addhandler cgi-script .cgi
                Options +ExecCGI -Indexes
                DirectoryIndex dspam.cgi
        </Directory>
</VirtualHost>
EOF
mkdir /var/www/$DOMAIN
ln -s /var/www/munin /var/www/$DOMAIN/munin

echo "---> Configuring firewall <---"
TCPPORTS="2812 53 993 465 587 143 25 60000:65000 21 443 80 22"
UDPPORTS="53"
for i in $TCPPORTS
do
	iptables -A INPUT -p tcp -m tcp --dport $i -j ACCEPT
done
for i in $UDPPORTS
do
	iptables -A INPUT -p udp -m udp --dport $i -j ACCEPT
done
iptables -I INPUT -i lo -j ACCEPT
iptables -I INPUT -m state --state established,related -j ACCEPT
iptables -A INPUT -j DROP
iptables-save > /etc/iptables.rules
cp /etc/init.d/networking /etc/init.d/networking.backup
cat /etc/init.d/networking.backup |sed 's/start)/start)\n   iptables-restore \< \/etc\/iptables\.rules/g' > /etc/init.d/networking
echo "nameserver 127.0.0.1" > /etc/resolv.conf

echo "---> INSTALLATION COMPLETED! <---"
echo "Please reboot the server with: shutdown -r now"
echo "After reboot, you should check logs in /var/log folder for any errors"
echo "The following sites have been configured:"
echo "spam filtering agent for users: http://127.0.0.1/dspam/"
echo "graphing tool for server monitoring: http://127.0.0.1/munin/"
echo "Server monitoring system: http://127.0.0.1:2812/"
echo "webmail client: http://127.0.0.1/squirrelmail/"
echo "MySQL DB administration tool: http://127.0.0.1/phpmyadmin/"
echo "Instal of 127.0.0.1 for localhost, from external machines, use: $IPADDR"