#!/bin/bash
#Variables
AWS_REGION=""		# Enter your AWS region, ex. eu-west-1
EIP_ALLOCATION_ID=""	# Enter your EllasticIP Allocation ID, ex. eipalloc-a7d287sda5sds7ajk
MY_TIMEZONE=""		# Enter your timezone, ex. Europe/Berlin
NFS_ADDRESS_EXPORT=""	# Enter your NFS server and export, ex: 10.1.1.1:/mail-storage/
MY_MX_FQDN=""		# Enter your mailcow FQDN, ex. mail.example.com

# Create SWAP and setup EIP
touch /swapfile
dd if=/dev/zero of=/swapfile bs=1M count=6000
chmod 600 /swapfile
mkswap /swapfile
swapon /swapfile
echo '/swapfile none swap defaults 0 0' >> /etc/fstab
aws ec2 associate-address --region $AWS_REGION --instance-id `curl http://169.254.169.254/latest/meta-data/instance-id` --allocation-id $EIP_ALLOCATION_ID

# Install packages, start docker and configure time
yum update -y
yum install -y vim git curl nfs-utils docker
timedatectl set-timezone $MY_TIMEZONE
systemctl start docker
systemctl enable docker

# Install docker compose
mkdir /root/.docker/cli-plugins -p
curl -SL https://github.com/docker/compose/releases/download/v2.16.0/docker-compose-linux-x86_64 -o /root/.docker/cli-plugins/docker-compose
chmod +x /root/.docker/cli-plugins/docker-compose

# Configure NFS for backup storage
echo "$NFS_ADDRESS_EXPORT /mnt nfs nfsvers=4.1,rsize=1048576,wsize=1048576,hard,timeo=600,retrans=2,noresvport 0 0" >> /etc/fstab
mount /mnt

# Stop postfix and download mailcow
sed -i 's/^smtp      inet/#smtp      inet/g' /etc/postfix/master.cf
systemctl reload postfix
umask 0022
cd /opt/
git clone https://github.com/mailcow/mailcow-dockerized
cd mailcow-dockerized/

# Disable ipv6
sed -i 's/enable_ipv6: true/enable_ipv6: false/g' docker-compose.yml

cat >> docker-compose.override.yml << eof
version: '2.1'
services:
  ipv6nat-mailcow:
    image: bash:latest
    restart: "no"
    entrypoint: ["echo", "ipv6nat disabled in compose.override.yml"]
eof

sed -i 's/do-ip6: yes/do-ip6: no/g' data/conf/unbound/unbound.conf
echo -e 'smtp_address_preference = ipv4\ninet_protocols = ipv4' > data/conf/postfix/extra.cf
sed -i '/::/d' data/conf/nginx/listen_*
sed -i '/::/d' data/conf/nginx/templates/listen*
sed -i '/::/d' data/conf/nginx/dynmaps.conf
sed -i 's/,\[::\]//g' data/conf/dovecot/dovecot.conf
sed -i 's/\[::\]://g' data/conf/phpfpm/php-fpm.d/pools.conf

# Run the script, start the stack and restore backup
echo -e "$MY_MX_FQDN\nY\n1\n" | ./generate_config.sh
sed -i 's/SKIP_SOGO=n/SKIP_SOGO=y/g' mailcow.conf
docker compose pull
docker compose up -d
sleep 90
echo -e '1\n0\n\n\n' | MAILCOW_BACKUP_LOCATION=/mnt/backup/ ./helper-scripts/backup_and_restore.sh restore

# Configure daily backup for mailcow (all besides vmail)
cat >> /root/mailcow-backup << eof
#!/bin/bash
rm -rf /mnt/backup_old/*
mv /mnt/backup/* /mnt/backup_old/
sync
cd /opt/mailcow-dockerized
MAILCOW_BACKUP_LOCATION=/mnt/backup /opt/mailcow-dockerized/helper-scripts/backup_and_restore.sh backup all
exit 0
eof

chmod 700 /root/mailcow-backup
mv /root/mailcow-backup /etc/cron.daily

# Verify if SSL is working and restart the acme client if not

cat >> /root/ssl-check.sh << eof
#!/bin/bash
if curl -Iv https://$MY_MX_FQDN 2>&1 | grep expire > /dev/null
then
    echo SSL\ is\ valid
elif curl -Iv https://$MY_MX_FQDN 2>&1 | grep -i fail > /dev/null
then
    cd /opt/mailcow-dockerized
    docker compose restart acme-mailcow
fi
sleep 90

if curl -Iv https://$MY_MX_FQDN 2>&1 | grep expire > /dev/null
then
    echo SSL\ is\ valid
elif curl -Iv https://$MY_MX_FQDN 2>&1 | grep -i fail > /dev/null
then
    source mailcow.conf
    docker compose down
    rm -rf data/assets/ssl
    mkdir data/assets/ssl
    openssl req -x509 -newkey rsa:4096 -keyout data/assets/ssl-example/key.pem -out data/assets/ssl-example/cert.pem -days 365 -subj "/CN=$MY_MX_FQDN" -sha256 -nodes
    cp -n -d data/assets/ssl-example/*.pem data/assets/ssl/
    docker compose up -d
fi
sleep 90

if curl -Iv https://$MY_MX_FQDN 2>&1 | grep expire > /dev/null
then
    echo SSL\ is\ valid
elif curl -Iv https://$MY_MX_FQDN 2>&1 | grep -i fail > /dev/null
then
    cd /opt/mailcow-dockerized
    docker compose restart acme-mailcow
fi

exit 0
eof

chmod 700 /root/ssl-check.sh
bash /root/ssl-check.sh


# Make mailcow start on system boot
cat >> /etc/systemd/system/mailcow.service << eof
[Unit]
Description=Docker Compose Application Service
Requires=docker.service
After=docker.service

[Service]
Type=oneshot
RemainAfterExit=yes
WorkingDirectory=/opt/mailcow-dockerized
ExecStart=/bin/docker compose up -d
ExecStop=/bin/docker compose down
TimeoutStartSec=0

[Install]
WantedBy=multi-user.target
eof

systemctl enable mailcow.service