#!/bin/bash

#=================================================
# GENERIC START
#=================================================
# IMPORT GENERIC HELPERS
#=================================================

source _common.sh
source /usr/share/yunohost/helpers

#=================================================
# MANAGE SCRIPT FAILURE
#=================================================

ynh_clean_setup () {
	### Remove this function if there's nothing to clean before calling the remove script.
	true
}
# Exit if an error occurs during the execution of the script
ynh_abort_if_errors

#=================================================
# RETRIEVE ARGUMENTS FROM THE MANIFEST
#=================================================

# Retrieve arguments
domain=$YNH_APP_ARG_DOMAIN
path_url=$YNH_APP_ARG_PATH
is_public=$YNH_APP_ARG_IS_PUBLIC
password=$YNH_APP_ARG_PASSWORD
admin=$YNH_APP_ARG_ADMIN

### If it's a multi-instance app, meaning it can be installed several times independently
### The id of the app as stated in the manifest is available as $YNH_APP_ID
### The instance number is available as $YNH_APP_INSTANCE_NUMBER (equals "1", "2", ...)
### The app instance name is available as $YNH_APP_INSTANCE_NAME
###    - the first time the app is installed, YNH_APP_INSTANCE_NAME = ynhexample
###    - the second time the app is installed, YNH_APP_INSTANCE_NAME = ynhexample__2
###    - ynhexample__{N} for the subsequent installations, with N=3,4, ...
### The app instance name is probably what interests you most, since this is
### guaranteed to be unique. This is a good unique identifier to define installation path,
### db names, ...
app=$YNH_APP_INSTANCE_NAME

#=================================================
# CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS
#=================================================

### If the app uses nginx as web server (written in HTML/PHP in most cases), the final path should be "/var/www/$app".
### If the app provides an internal web server (or uses another application server such as uwsgi), the final path should be "/opt/yunohost/$app"
final_path=/opt/yunohost/$app
test ! -e "$final_path" || ynh_die "This path already contains a folder"

# Normalize the url path syntax
path_url=$(ynh_normalize_url_path "$path_url")

# Check web path availability
ynh_webpath_available "$domain" "$path_url"
# Register (book) web path
ynh_webpath_register "$app" "$domain" "$path_url"

#=================================================
# STORE SETTINGS FROM MANIFEST
#=================================================

ynh_app_setting_set "$app" domain "$domain"
ynh_app_setting_set "$app" path "$path_url"
ynh_app_setting_set "$app" is_public "$is_public"
ynh_app_setting_set "$app" admin "$admin"

#=================================================
# INSTALL DEPENDENCIES
#=================================================

ynh_print_info "Installing dependencies..."

### `ynh_install_app_dependencies` allows you to add any "apt" dependencies to the package.
### Those deb packages will be installed as dependencies of this package.
### If you're not using this helper:
###		- Remove the section "REMOVE DEPENDENCIES" in the remove script
###		- As well as the section "REINSTALL DEPENDENCIES" in the restore script
###		- And the section "UPGRADE DEPENDENCIES" in the upgrade script

ynh_install_app_dependencies at libass5 libbluray1 libdrm2 libmp3lame0 libopus0 libtheora0 libva-drm1 libva-x11-1 libva1 libvdpau1 libvorbis0a libvorbisenc2 libx264-148 libx265-95 libzvbi0

#=================================================
# FIND AND OPEN A PORT
#=================================================

### Use these lines if you have to open a port for the application
### `ynh_find_port` will find the first available port starting from the given port.
### If you're not using these lines:
###		- Remove the section "CLOSE A PORT" in the remove script

# Find a free port
port=$(ynh_find_port 8096)
# Open this port
yunohost firewall allow --no-upnp TCP "$port" 2>&1
ynh_app_setting_set "$app" port "$port"

#=================================================
# DOWNLOAD, CHECK AND UNPACK SOURCE
#=================================================

ynh_app_setting_set "$app" final_path "$final_path"

# Download, check integrity, uncompress and patch the source from jellyfin-ffmpeg-[arch].src
case $(uname -m) in
    x86_64) ynh_setup_source "$final_path" "jellyfin-ffmpeg-amd64" ;;
    aarch64) ynh_setup_source "$final_path" "jellyfin-ffmpeg-arm64" ;;
    armv7l) ynh_setup_source "$final_path" "jellyfin-ffmpeg-armhf" ;;
    *) ynh_die "Unknown arch" ;;
esac

# Download, check integrity, uncompress and patch the source from jellyfin-[arch].src
case $(uname -m) in
    x86_64) ynh_setup_source "$final_path" "jellyfin-amd64" ;;
    aarch64) ynh_setup_source "$final_path" "jellyfin-arm64" ;;
    armv7l) ynh_setup_source "$final_path" "jellyfin-armhf" ;;
    *) ynh_die "Unknown arch" ;;
esac

# Download, check integrity, uncompress and patch the source from jellyfin-plugin-ldapauth.src
ynh_setup_source "$final_path" "jellyfin-plugin-ldapauth"

#==============================================
# INSTALL JELLYFIN
#==============================================

dpkg --install "$final_path"/jellyfin-ffmpeg.deb
dpkg --install "$final_path"/jellyfin.deb
rm "$final_path"/*.deb

#==============================================
# INSTALL LDAP PLUGIN
#==============================================

plugins_path=/var/lib/jellyfin/plugins
ldap_plugin_path="$plugins_path/LDAP Authentication"

mkdir -p "$ldap_plugin_path"
unzip "$final_path"/jellyfin-plugin-ldapauth.zip -d "$ldap_plugin_path"
rm "$final_path"/*.zip

#=================================================
# NGINX CONFIGURATION
#=================================================

# Create a dedicated nginx config
ynh_add_nginx_config

#=================================================
# CREATE DEDICATED USER
#=================================================

# Create a system user
ynh_system_user_create "$app"

#=================================================
# MODIFY A CONFIG FILE
#=================================================

# LDAP config
plugins_conf_path=$plugins_path/configurations
plugins_conf_file=$plugins_conf_path/LDAP-Auth.xml

mkdir -p "$plugins_conf_path"
cp ../conf/LDAP-Auth.xml "$plugins_conf_file"
ynh_replace_string --match_string="__BINDPASSWORD__" --replace_string="$password" --target_file="$plugins_conf_file"
chown -R jellyfin:jellyfin "$plugins_path"

# Load services once to generate system.xml
systemctl enable jellyfin
systemctl start jellyfin
sleep 5
systemctl stop jellyfin

# Port config
ynh_replace_string --match_string="<HttpServerPortNumber>8096</HttpServerPortNumber>" --replace_string="<HttpServerPortNumber>$port</HttpServerPortNumber>" --target_file="/etc/jellyfin/system.xml"

# BaseUrl
ynh_replace_string --match_string="<BaseUrl />" --replace_string="<BaseUrl>$path_url</BaseUrl>" --target_file="/etc/jellyfin/system.xml"

# Port config
ynh_replace_string --match_string="<HttpServerPortNumber>8096</HttpServerPortNumber>" --replace_string="<HttpServerPortNumber>$port</HttpServerPortNumber>" --target_file="/etc/jellyfin/system.xml"

# Setting up the admin user
userdir="/etc/jellyfin/users/$admin"
mkdir -p "$userdir"
cp ../conf/policy.xml "$userdir/"

#=================================================
# STORE THE CONFIG FILE CHECKSUM
#=================================================

### `ynh_store_file_checksum` is used to store the checksum of a file.
### That way, during the upgrade script, by using `ynh_backup_if_checksum_is_different`,
### you can make a backup of this file before modifying it again if the admin had modified it.

# Calculate and store the config file checksum into the app settings
ynh_store_file_checksum "$plugins_conf_file"

#=================================================
# GENERIC FINALIZATION
#=================================================
# SECURE FILES AND DIRECTORIES
#=================================================

### For security reason, any app should set the permissions to root: before anything else.
### Then, if write authorization is needed, any access should be given only to directories
### that really need such authorization.

# Set permissions to app files
#chown -R root: /etc/loolwsd

#=================================================
# SETUP SSOWAT
#=================================================

# If app is public, add url to SSOWat conf as skipped_uris
if [ "$is_public" -eq 1 ]; then
  # unprotected_uris allows SSO credentials to be passed anyway.
  ynh_app_setting_set "$app" unprotected_uris "/"
fi

# Reload services
systemctl start jellyfin
systemctl reload nginx