#!/bin/sh
set -e

# create user which peach-web runs as
adduser --quiet --system peach-web
usermod -g peach peach-web

# create secret passwords folder if it doesn't already exist
mkdir -p /var/lib/peachcloud/passwords
chown -R peach-web:peach /var/lib/peachcloud/passwords
chmod -R u+rwX,go+rX,go-w /var/lib/peachcloud/passwords

# create nginx config
cat <<EOF > /etc/nginx/sites-enabled/default
server {
	listen 80 default_server;
	server_name peach.local www.peach.local;

    # nginx authentication
    auth_basic           "If you have forgotten your password visit: http://peach.local/send_password_reset/";
    auth_basic_user_file /var/lib/peachcloud/passwords/htpasswd;

    # remove trailing slash if found
    rewrite ^/(.*)/$ /$1 permanent;

    location / {
		proxy_pass http://127.0.0.1:3000;
	}

   # public routes
   location /send_password_reset {
        auth_basic off;
        proxy_pass http://127.0.0.1:3000;
   }
   location /reset_password {
        auth_basic off;
        proxy_pass http://127.0.0.1:3000;
   }
   location /public/ {
        auth_basic off;
        proxy_pass http://127.0.0.1:3000;
   }
   location /js/ {
	    auth_basic off;
        proxy_pass http://127.0.0.1:3000;
   }
   location /css/ {
	    auth_basic off;
        proxy_pass http://127.0.0.1:3000;
   }
   location /icons/ {
	    auth_basic off;
        proxy_pass http://127.0.0.1:3000;
   }

}
EOF

cat <<EOF > /etc/sudoers.d/peach-web
# allow peach-web to run commands as peach-go-sbot without a password
peach-web ALL=(peach-go-sbot) NOPASSWD:ALL

EOF

# cargo deb automatically replaces this token below, see https://github.com/mmstick/cargo-deb/blob/master/systemd.md
#DEBHELPER#