#!/bin/bash

set -e

readonly YNH_DEFAULT_PHP_VERSION=7.4

do_pre_regen() {
    pending_dir=$1

    mkdir --parents "${pending_dir}/etc/apt/preferences.d"

    # Add sury
    mkdir -p ${pending_dir}/etc/apt/sources.list.d/
    echo "deb [signed-by=/etc/apt/trusted.gpg.d/extra_php_version.gpg] https://packages.sury.org/php/ $(lsb_release --codename --short) main" > "${pending_dir}/etc/apt/sources.list.d/extra_php_version.list"

    # Ban some packages from sury
    echo "
Package: php-common
Pin: origin \"packages.sury.org\"
Pin-Priority: 500" >>"${pending_dir}/etc/apt/preferences.d/extra_php_version"

    packages_to_refuse_from_sury="php php-* openssl libssl1.1 libssl-dev"
    for package in $packages_to_refuse_from_sury; do
        echo "
Package: $package
Pin: origin \"packages.sury.org\"
Pin-Priority: -1" >>"${pending_dir}/etc/apt/preferences.d/extra_php_version"
    done

    # Add yarn
    echo "deb [signed-by=/etc/apt/trusted.gpg.d/yarn.gpg] https://dl.yarnpkg.com/debian/ stable main" > "${pending_dir}/etc/apt/sources.list.d/yarn.list"

    # Ban everything from Yarn except Yarn
    echo "
Package: *
Pin: origin \"dl.yarnpkg.com\"
Pin-Priority: -1

Package: yarn
Pin: origin \"dl.yarnpkg.com\"
Pin-Priority: 500" >>"${pending_dir}/etc/apt/preferences.d/yarn"

    # Ban apache2, bind9
    echo "

# PLEASE READ THIS WARNING AND DON'T EDIT THIS FILE

# You are probably reading this file because you tried to install apache2 or
# bind9. These 2 packages conflict with YunoHost.

# Installing apache2 will break nginx and break the entire YunoHost ecosystem
# on your server, therefore don't remove those lines!

# You have been warned.

Package: apache2
Pin: release *
Pin-Priority: -1

Package: apache2-bin
Pin: release *
Pin-Priority: -1

# Also bind9 will conflict with dnsmasq.
# Same story as for apache2.
# Don't install it, don't remove those lines.

Package: bind9
Pin: release *
Pin-Priority: -1
" >>"${pending_dir}/etc/apt/preferences.d/ban_packages"


}

do_post_regen() {
    regen_conf_files=$1

    # Purge expired keys (such as sury 95BD4743)
    EXPIRED_KEYS="$(LC_ALL='en_US.UTF-8' apt-key list 2>/dev/null | grep -A1 'expired:' | grep -v 'expired\|^-' | sed 's/\s//g')"
    for KEY in $EXPIRED_KEYS; do apt-key del $KEY 2>/dev/null; done

    # Add sury key
    # We do this only at the post regen and if the key doesn't already exists, because we don't want the regenconf to fuck everything up if the regenconf runs while the network is down
    if [[ ! -s /etc/apt/trusted.gpg.d/extra_php_version.gpg ]]
    then
        wget --timeout 900 --quiet "https://packages.sury.org/php/apt.gpg" --output-document=- | gpg --dearmor >"/etc/apt/trusted.gpg.d/extra_php_version.gpg"
    fi

    # Similar to Sury
    if [[ ! -s /etc/apt/trusted.gpg.d/yarn.gpg ]]
    then
        wget --timeout 900 --quiet "https://dl.yarnpkg.com/debian/pubkey.gpg" --output-document=- | gpg --dearmor >"/etc/apt/trusted.gpg.d/yarn.gpg"
    fi

    # Make sure php7.4 is the default version when using php in cli
    if test -e /usr/bin/php$YNH_DEFAULT_PHP_VERSION
    then
        update-alternatives --set php /usr/bin/php$YNH_DEFAULT_PHP_VERSION
    fi
}

do_$1_regen ${@:2}