#! /bin/sh
# postinst script for gitlab
# copied from postinst script for hplip
# $Id: hplip.postinst,v 1.1 2005/10/15 21:39:04 hmh Exp $
#
# see: dh_installdeb(1)

set -e

# summary of how this script can be called:
#        * <postinst> `configure' <most-recently-configured-version>
#        * <old-postinst> `abort-upgrade' <new version>
#        * <conflictor's-postinst> `abort-remove' `in-favour' <package>
#          <new-version>
#        * <deconfigured's-postinst> `abort-deconfigure' `in-favour'
#          <failed-install-package> <version> `removing'
#          <conflicting-package> <version>
# for details, see http://www.debian.org/doc/debian-policy/ or
# the debian-policy package
#
# quoting from the policy:
#     Any necessary prompting should almost always be confined to the
#     post-installation script, and should be protected with a conditional
#     so that unnecessary prompting doesn't happen if a package's
#     installation fails and the `postinst' is called with `abort-upgrade',
#     `abort-remove' or `abort-deconfigure'.


case "$1" in
  configure)
    # Show debconf questions
    . /usr/share/debconf/confmodule

    # Read and export debian specific configuration
    # Only exported variables will be passed on to gitlab app
    gitlab_debian_conf_private=/var/lib/gitlab/gitlab-debian.conf
    export $(cat ${gitlab_debian_conf_private})

    # If /etc/gitlab/gitlab-debian.conf is already present, use it
    test -f ${gitlab_debian_conf} && export $(cat ${gitlab_debian_conf})

    # Create gitlab user
    . /usr/lib/gitlab/scripts/adduser.sh

    gitlab_builds_log=${gitlab_log_dir}/builds
    gitlab_repo_path=${gitlab_data_dir}/repositories
    gitlab_cache_path=${gitlab_data_dir}/cache
    gitlab_uploads_path=${gitlab_data_dir}/public/uploads

    # Create directories and change ownership
    echo "Creating runtime directories for gitlab..."
    for i in ${gitlab_repo_path} ${gitlab_cache_path} ${gitlab_uploads_path}\
    ${gitlab_pid_path} ${gitlab_log_dir} ${gitlab_shell_log} ${gitlab_builds_log}; do
      mkdir -p $i
      chown -R ${gitlab_user}: $i
    done


    # nginx/httpd should be able to connect to gitlab-workhorse.socket and serve public
    chown ${gitlab_user}:${nginx_user} -R ${gitlab_uploads_path}/.. ${gitlab_pid_path}
    
    # Customize permissions
    echo "Updating file permissions..."
    chmod -R ug+rwX,o-rwx ${gitlab_repo_path}/
    chmod -R ug-s ${gitlab_repo_path}/
    find ${gitlab_repo_path}/ -type d -print0 | xargs -0 chmod g+s
    for i in ${gitlab_data_dir} ${gitlab_shell_root}; do
      chown -R ${gitlab_user}: $i
    done

    su ${gitlab_user} -s /bin/sh -c "chmod 700 ${gitlab_uploads_path}"
    su ${gitlab_user} -s /bin/sh -c 'git config --global core.autocrlf "input"'

    # Commands below needs to be run from gitlab_app_root
    cd ${gitlab_app_root}

    # Obtain hostname from debconf db
    db_get gitlab/fqdn
    if [ "${RET}" != "" ]; then
      if ! grep GITLAB_HOST ${gitlab_debian_conf_private}; then
        echo "Configuring hostname and email..."
        export GITLAB_HOST=${RET} # We need this to configure nginx below
	cat <<EOF >> ${gitlab_debian_conf_private}
GITLAB_HOST=${RET} 
GITLAB_EMAIL_FROM="no-reply@${RET}"
GITLAB_EMAIL_DISPLAY_NAME="Gitlab"
GITLAB_EMAIL_REPLY_TO="no-reply@${RET}"
EOF
      fi

      # Check if ssl option is selected
      db_get gitlab/ssl
      gl_proto="http"
      if [ "${RET}" = "true" ]; then
        echo "Configuring nginx with HTTPS..."
        if ! grep GITLAB_HTTPS ${gitlab_debian_conf_private}; then
	  echo GITLAB_HTTPS=${RET} >> ${gitlab_debian_conf_private}
	  # Workaround for #813770
	  gl_proto="https"
	  echo "Configuring gitlab with HTTPS..."
 	  sed -i "s/#port: 80/port: 443/" ${gitlab_yml_private}
	  sed -i "s/https: false/https: true/" ${gitlab_yml_private}
          echo "Updating gitlab_url in gitlab-shell configuration..."
          sed -i \
	  "s/gitlab_url: http*:\/\/.*/gitlab_url: ${gl_proto}:\/\/${GITLAB_HOST}/"\
	  ${gitlab_shell_config_private}

          # Manage gitlab-shell's config.yml via ucf
          mkdir -p /etc/gitlab-shell
	  echo "Registering ${gitlab_shell_config} via ucf"
	  ucf --debconf-ok --three-way ${gitlab_shell_config_private} ${gitlab_shell_config}
	  ucfr gitlab ${gitlab_shell_config}
	fi
        mkdir -p /etc/gitlab/ssl
        if [ -f "${nginx_ssl_conf_example_gz}" ]; then
          # undo dh_installdocs auto compress
	  export nginx_conf_example_tmp=$(mktemp)
	  zcat ${nginx_ssl_conf_example_gz} > ${nginx_conf_example_tmp}
	  export nginx_conf_example=${nginx_conf_example_tmp}
	fi

        # Check if letsencrypt option is selected
        db_get gitlab/letsencrypt
        if [ "${RET}" = "true" ]; then
	  echo "Configuring letsencrypt..."
          ln -sf /etc/letsencrypt/live/${GITLAB_HOST}/fullchain.pem \
          /etc/gitlab/ssl/gitlab.crt
          ln -sf /etc/letsencrypt/live/${GITLAB_HOST}/privkey.pem \
          /etc/gitlab/ssl/gitlab.key
	    
	  # Check if certificate is already present
	  if [ -e /etc/letsencrypt/live/${GITLAB_HOST}/fullchain.pem ]; then
	    echo "Let's encrypt certificate already present."
	  else
	    # Port 80 and 443 should be available for letsencrypt
	    if command -v nginx > /dev/null; then
	      echo "Stopping nginx for letsencrypt..."
	      invoke-rc.d nginx stop
	    fi

	    letsencrypt -d ${GITLAB_HOST} certonly || {
	    echo "letsencrypt auto configuration failed..."
	    echo "Stop your webserver and try running letsencrypt manually..."
	    echo "letsencrypt -d ${GITLAB_HOST} certonly" 
	    }
	  fi
        fi
      fi

      # Manage gitlab.yml via ucf
      echo "Registering ${gitlab_yml} via ucf"
      ucf --debconf-ok --three-way ${gitlab_yml_private} ${gitlab_yml}
      ucfr gitlab ${gitlab_yml}

      # Manage gitlab-debian.conf via ucf
      echo "Registering ${gitlab_debian_conf} via ucf"
      ucf --debconf-ok --three-way ${gitlab_debian_conf_private} ${gitlab_debian_conf}
      ucfr gitlab ${gitlab_debian_conf}

      # configure nginx site
      if test -d /etc/nginx/sites-available/; then
        if test -f ${nginx_conf_example}; then
          nginx_site="/etc/nginx/sites-available/${GITLAB_HOST}"
          sed -e "s/YOUR_SERVER_FQDN/${GITLAB_HOST}/"\
          ${nginx_conf_example} >${nginx_site_private}
          ucf --debconf-ok --three-way ${nginx_site_private} ${nginx_site}
          ucfr gitlab ${nginx_site}
          ln -fs ${nginx_site} /etc/nginx/sites-enabled/
          rm -f ${nginx_conf_example_tmp}
        else
          echo "nginx example configuration file not found"
          exit 1
        fi
      fi
      # Reload nginx
      if command -v nginx > /dev/null; then
        echo "Reloading nginx configuration..."
        invoke-rc.d nginx reload
      fi
    else
      echo "Failed to retrieve fully qualified domain name"
      exit 1
    fi
    db_stop

    echo "Create database if not present"
    if ! su postgres -s /bin/sh -c "psql  gitlab_production -c ''"; then
      su postgres -c 'createdb -E unicode -T template0 gitlab_production'
    fi

    # Adjust database privileges
    . /usr/lib/gitlab/scripts/grantpriv.sh

    # Remove Gemfile.lock if present
    rm -f ${gitlab_data_dir}/Gemfile.lock

    # Create Gemfile.lock and .secret in /var/lib/gitlab
    su ${gitlab_user} -s /bin/sh -c "touch ${gitlab_data_dir}/Gemfile.lock"
    ln -sf ${gitlab_data_dir}/Gemfile.lock ${gitlab_app_root}/Gemfile.lock
    
    if ! [ -e ${gitlab_app_root}/.secret ] ; then
      ln -sf ${gitlab_data_dir}/.secret ${gitlab_app_root}/.secret
    fi

    echo "Verifying we have all required libraries..."
    su ${gitlab_user} -s /bin/sh -c 'bundle install --local'
        
    echo "Running final rake tasks and tweaks..."
    . /usr/lib/gitlab/scripts/rake-tasks.sh

           
    ;;

  abort-upgrade|abort-remove|abort-deconfigure)
    ;;

  *)
    echo "postinst called with unknown argument \`$1'" >&2
    exit 1
    ;;
esac

#DEBHELPER#

exit 0