#! /bin/bash

OURNAME=08_install_haraka.sh

echo -e "\n-- Executing ${ORANGE}${OURNAME}${NC} subscript --"



####### HARAKA #######

# clear previous install
if [ -f "/etc/systemd/system/haraka.service" ]
then
    $SYSTEMCTL_PATH stop haraka || true
    # || true part means that even if stopping the service fails 
    # (returns a non-zero exit status), the script will continue executing the next
    $SYSTEMCTL_PATH disable haraka || true
    rm -rf /etc/systemd/system/haraka.service
fi
rm -rf /var/opt/haraka-plugin-wildduck.git
rm -rf /opt/haraka

# fresh install
cd /var/opt
git clone --bare https://github.com/nodemailer/haraka-plugin-wildduck.git

# -- create update file /var/opt/haraka-plugin-wildduck.git/hooks/update -------------------------------------
echo "#!/bin/bash
git --git-dir=/var/opt/haraka-plugin-wildduck.git --work-tree=/opt/haraka/plugins/wildduck checkout "\$3" -f
cd /opt/haraka/plugins/wildduck
rm -rf package-lock.json
npm install --production --no-optional --no-package-lock --no-audit --ignore-scripts --no-shrinkwrap --progress=false
sudo $SYSTEMCTL_PATH restart haraka || echo \"Failed restarting service\"" > "/var/opt/haraka-plugin-wildduck.git/hooks/update"
chmod +x "/var/opt/haraka-plugin-wildduck.git/hooks/update"

# allow deploy user to restart wildduck service
echo "deploy ALL = (root) NOPASSWD: $SYSTEMCTL_PATH restart haraka" >> /etc/sudoers.d/wildduck

# /etc/sudoers.d/wildduck is as follows
# deploy ALL = (root) NOPASSWD: /usr/bin/systemctl restart wildduck
# deploy ALL = (root) NOPASSWD: /usr/bin/systemctl restart haraka

# HARAKA_VERSION="3.0.5" defined in 01_install_commits.sh
# Why cd ???
cd
npm install --production --no-optional --no-package-lock --no-audit --no-shrinkwrap --unsafe-perm -g Haraka@$HARAKA_VERSION

# haraka -i /opt/haraka is used to initialize a new Haraka email server instance 
# in the specified directory (/opt/haraka).
haraka -i /opt/haraka

# ls -l /opt/haraka/
# total 24
# drwxr-xr-x   3 deploy   deploy   4096 Sep 27 14:42 config
# drwxr-xr-x   2 deploy   deploy      6 Sep 27 14:40 docs
# drwxr-xr-x 134 deploy   deploy   8192 Sep 27 14:40 node_modules
# -rw-r--r--   1 deploy   deploy    249 Sep 27 14:40 package.json
# drwxr-xr-x   3 deploy   deploy     22 Sep 27 14:40 plugins
# drwxr-xr-x   2 wildduck wildduck    6 Sep 27 14:41 queue
# -rw-r--r--   1 deploy   deploy    906 Sep 27 14:40 README

cd /opt/haraka
npm install --production --no-optional --no-package-lock --no-audit --no-shrinkwrap --unsafe-perm --save haraka-plugin-rspamd haraka-plugin-redis Haraka@$HARAKA_VERSION

# Haraka WildDuck plugin. Install as separate repo as it can be edited more easily later
mkdir -p plugins/wildduck
git --git-dir=/var/opt/haraka-plugin-wildduck.git --work-tree=/opt/haraka/plugins/wildduck checkout "$WILDDUCK_HARAKA_COMMIT"

cd plugins/wildduck
npm install --production --no-optional --no-package-lock --no-audit --ignore-scripts --no-shrinkwrap --unsafe-perm --progress=false

cd /opt/haraka
mv config/plugins config/plugins.bak

echo "26214400" > config/databytes
echo "$HOSTNAME" > config/me
echo "WildDuck MX" > config/smtpgreeting

# ---create new config/plugins --------------------------------------
echo "#spf
#dkim_verify

## ClamAV is disabled by default. Make sure freshclam has updated all
## virus definitions and clamav-daemon has successfully started before
## enabling it.
#clamd

rspamd
tls

# WildDuck plugin handles recipient checking and queueing
wildduck" > config/plugins
# ---end of creating new config/plugins ---------------------------------

# ---config/tls.ini ----------------------------------------------------
echo "key=/etc/wildduck/certs/privkey.pem
cert=/etc/wildduck/certs/fullchain.pem" > config/tls.ini

# --- config/rspamd.ini ---------------------------------------------
echo 'host = localhost
port = 11333
add_headers = always
[dkim]
enabled = true
[header]
bar = X-Rspamd-Bar
report = X-Rspamd-Report
score = X-Rspamd-Score
spam = X-Rspamd-Spam
[check]
authenticated=true
private_ip=true
[reject]
spam = false
[soft_reject]
enabled = true
[rmilter_headers]
enabled = true
[spambar]
positive = +
negative = -
neutral = /' > config/rspamd.ini

# ---------config/clamd.ini -----------------------------
echo 'clamd_socket = /var/run/clamav/clamd.ctl
[reject]
virus=true
error=false' > config/clamd.ini

cp plugins/wildduck/config/wildduck.yaml config/wildduck.yaml
sed -i -e "s/secret value/$SRS_SECRET/g;s/#loopSecret/loopSecret/g" config/wildduck.yaml

# change mongoDB too use replicationSet
sed -i -e 's|url: '\''mongodb://127.0.0.1:27017/wildduck'\''|url: '\''mongodb://siteRootAdmin:b23258585@redisMongo03.yushei.com.tw:27017,redisMongo04.yushei.com.tw:27017,redisMongo05.yushei.com.tw:27017/YuSheiWildduck?authSource=admin&replicaSet=ys20220318'\''|g' config/wildduck.yaml


# Ensure required files and permissions
echo "d /opt/haraka 0755 deploy deploy" > /etc/tmpfiles.d/haraka.conf
log_script "haraka"

# --- /etc/systemd/system/haraka.service -------------------
echo '[Unit]
Description=Haraka MX Server
After=mongod.service redis.service

[Service]
Environment="NODE_ENV=production"
WorkingDirectory=/opt/haraka    # ---> haraka is running from /opt/haraka
ExecStart=/usr/bin/node ./node_modules/.bin/haraka -c .
Type=simple
Restart=always
SyslogIdentifier=haraka

[Install]
WantedBy=multi-user.target' > /etc/systemd/system/haraka.service

echo 'user=wildduck
group=wildduck' >> config/smtp.ini

chown -R deploy:deploy /opt/haraka
chown -R deploy:deploy /var/opt/haraka-plugin-wildduck.git

# ensure queue folder for Haraka
mkdir -p /opt/haraka/queue
chown -R wildduck:wildduck /opt/haraka/queue

$SYSTEMCTL_PATH enable haraka.service

alexlai@mail:/opt/haraka/config$ grep mongodb *
grep: dkim: Is a directory
wildduck.yaml:    url: 'mongodb://127.0.0.1:27017/wildduck'