#!/bin/bash
#
# Thanks to useful information on the Internet:
# https://wiki.debian.org/Icinga/Icinga2Installation
# https://www.linode.com/docs/uptime/monitoring/install-icinga2-monitoring-on-debian-9/
#
# Author/Copyright:	Wolfgang Schweer <wschweer@arcor.de>
# Licence:			GPL2+
# first edited:		2020-03-23
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.

set -ex

. /usr/share/debconf/confmodule

db_get debian-edu-config/first-user-name
FIRSTUSERNAME="$RET"

# Secure the MariaDB installation, see the next mysql commands.
# Also, the automatically generated initial database incinga2 will be removed
# at the end of the script.
# TODO: Set mysql root password after first reboot of a main server.
# (Add instruction to the manual's 'Getting started' chapter, i.e.
# run 'mysql_secure_installation'.)

# Delete anonymous users
mysql -e "DELETE FROM mysql.user WHERE User='';"
# Ensure the root user can not log in remotely
mysql -e "DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1');"
# Remove the test database
mysql -e "DROP DATABASE IF EXISTS test;"
mysql -e "DELETE FROM mysql.db WHERE Db='test' OR Db='test\_%';"
# Make the changes take effect
mysql -e "FLUSH PRIVILEGES"

# Enable command feature and modules
icinga2 feature enable command
icingacli module enable monitoring

# Create the Icinga 2 application database with all privileges for the first user

mysql <<< "
    CREATE DATABASE icingadb;
    GRANT SELECT, INSERT, UPDATE, DELETE, DROP, CREATE VIEW, INDEX, EXECUTE
    ON icingadb.*
    TO 'icinga2'@'localhost'
    IDENTIFIED BY 'v64nhbe27dfBjR3T';
    FLUSH PRIVILEGES;
"
#Install the MySQL schema required for the Icinga 2 database
mysql icingadb < /usr/share/icinga2-ido-mysql/schema/mysql.sql

# Adjust the Icinga 2 MySQL IDO configuration
#sed -i "/user/ s%icinga2%$FIRSTUSERNAME%" "/etc/icinga2/features-available/ido-mysql.conf"
sed -i "/password/ s%\".*\"%\"v64nhbe27dfBjR3T\"%" "/etc/icinga2/features-available/ido-mysql.conf"
sed -i '/database/ s%icinga2%icingadb%' /etc/icinga2/features-available/ido-mysql.conf

# Enable ido-mysql feature
icinga2 feature enable ido-mysql

# Add icinga2 configuration files (content gathered from manual setup procedure)
#
# authentication.ini
cat << EOF > /etc/icingaweb2/authentication.ini
[icingaweb2]
user_class = "inetOrgPerson"
filter = ""
user_name_attribute = "uid"
backend = "ldap"
base_dn = "dc=skole,dc=skolelinux,dc=no"
domain = ""
resource = "icingaweb_ldap"
EOF

# config.ini
cat << EOF > /etc/icingaweb2/config.ini
[global]
show_stacktraces = "1"
show_application_state_messages = "1"
config_backend = "ini"

[logging]
log = "file"
level = "ERROR"
file = "/var/log/icingaweb2/icingaweb2.log"
EOF

# groups.ini
cat << EOF > /etc/icingaweb2/groups.ini
[icingaweb2]
resource = "icingaweb_ldap"
user_backend = "icingaweb2"
group_class = "group"
group_filter = ""
group_name_attribute = "gid"
group_member_attribute = "member"
base_dn = ""
backend = "ldap"
EOF

# roles.ini
cat << EOF > /etc/icingaweb2/roles.ini
[Administrators]
users = "$FIRSTUSERNAME"
permissions = "*"
EOF

# resources.ini
cat << EOF > /etc/icingaweb2/resources.ini
[icingaweb_ldap]
type = "ldap"
hostname = "tjener.intern"
port = "389"
encryption = "starttls"
root_dn = "dc=skole,dc=skolelinux,dc=no"
bind_dn = ""
bind_pw = ""
timeout = "5"

[icinga_ido]
type = "db"
db = "mysql"
host = "localhost"
port = ""
dbname = "icingadb"
username = "icinga2"
password = "v64nhbe27dfBjR3T"
charset = ""
use_ssl = "0"
EOF

# Add icingaweb2 configuration files (content gathered from manual setup procedure)
#
# Just in case the directory is still missing
mkdir -p /etc/icingaweb2/modules/monitoring/

# config.ini
cat << EOF > /etc/icingaweb2/modules/monitoring/config.ini
[security]
protected_customvars = "*pw*,*pass*,community"
EOF

# commandtransports.ini
cat << EOF > /etc/icingaweb2/modules/monitoring/commandtransports.ini
[icinga2]
transport = "local"
path = "/var/run/icinga2/cmd/icinga2.cmd"
EOF

# backends.ini
cat << EOF > /etc/icingaweb2/modules/monitoring/backends.ini
[icinga]
type = "ido"
resource = "icinga_ido"
EOF

# Let the changes take effect
service icinga2 restart

# Adjusts rights to get the web interface working
chmod 660 /etc/icingaweb2/*.ini
chmod g+rwx /etc/icingaweb2/enabledModules/
chmod g+rwx /etc/icingaweb2/modules/monitoring/
chmod o+x /etc/icingaweb2/modules/monitoring/
chmod 660 /etc/icingaweb2/modules/monitoring/*.ini

# Create icingaweb2 log directory
mkdir -p /var/log/icingaweb2/
chgrp -R icingaweb2 /var/log/icingaweb2/
chmod -R 775 /var/log/icingaweb2/

# Remove now obsoleted initial database
mysql -e "DROP DATABASE IF EXISTS icinga2;"
mysql -e "DELETE FROM mysql.db WHERE Db='icinga2' OR Db='icinga2\_%';"
mysql -e "FLUSH PRIVILEGES"
