#

bundle agent nginx
{
vars:
	"pkgs" slist => {
		"nginx",
	};
centos::
	"www_dir" string => "/usr/share/nginx",unless => isvariable( $(this.promiser) ) ;
	"www_user" string => "nginx";
	"www_group" string => "nginx";
	"cfg_dir" string => "/etc/nginx";
	"vhost_cfg_dir" string => "$(cfg_dir)/conf.d";
	"service_name" string => "nginx";
	"restart_cmd" string => "/usr/bin/systemctl restart $(service_name)";
debian::
	"www_dir" string => "/var/www",unless => isvariable( $(this.promiser) ) ;
	"www_user" string => "www-data";
	"www_group" string => "www-data";
	"cfg_dir" string => "/etc/nginx";
	"vhost_cfg_dir" string => "$(cfg_dir)/conf.d";
	"service_name" string => "nginx";
	"restart_cmd" string => "/usr/bin/systemctl restart $(service_name)";
freebsd::
	"restart_cmd" string => "/usr/sbin/service $(service_name) restart";
any::
	"service_deps" slist => {
		"nginx_pkgs_installed",
		"nginx_www_dir_created",
	};

any::
	"default_html_dir" string => "$(www_dir)/html";

}

bundle agent install_nginx
{
	methods:
		"any" usebundle => wmde_install_packages(@(nginx.pkgs),"nginx");

	files:
		"$(nginx.www_dir)/."
			create=>"true",
			perms => m("755"),
			depends_on => { "nginx_pkgs_installed" },
			handle => "nginx_www_dir_created";

		"$(nginx.default_html_dir)/."
			create=>"true",
			perms => mog("755","$(nginx.www_user)","$(nginx.www_group)"),
			depends_on => {"nginx_www_dir_created"},
			handle=>"nginx_default_html_dir_created";


	files:
		"$(sys.workdir)/data/agent/nginx/."
			create => "true",
			handle => "nginx_work_dir_created";

	methods:
		"any" usebundle => wmde_enable_service("nginx");
		"any" usebundle => wmde_service("$(nginx.service_name)","nginx_kept","nginx_repaired"),
			depends_on => @(nginx.service_deps) ;

	commands:
		"/bin/sh"
			args => "$(sys.workdir)/inputs/$(def.wmde_libdir)/scripts/del-files-not-in-list.sh $(nginx.vhost_cfg_dir) $(sys.workdir)/data/agent/nginx/domains.txt && echo dummy.conf > $(sys.workdir)/data/agent/nginx/domains.txt",
			inform => "false",
			handle => "nginx_vhost_dir_cleaned",
#			depends_on => {"nginx_dummy_conf_created"},
			contain => wmde_cmd_useshell;
}

bundle agent nginx_vhosts( sites )
{
vars:
	"idx" slist => getindices(@(sites));
methods:
	"$(idx)" usebundle => nginx_vhost(@(sites[$(idx)]));

reports:
}

bundle agent nginx_vhost( site_param )
# @brief Configure a single vhost / server block in nginx conf.d subdir
# @param site_param data See below for full description
# 
# The site_param data object consists of a JSON description of the site to
# be configured.
# {
#	"domain":"sub.example.org",
#	"aliases":[ "sub.example.net", "sub.example.de" ],
#	"doc_root":"$(nginx.www_dir)/$(site_param[domain])",
#	"doc_root_options":"Indexes FollowSymLinks",
#	"logging80":true|false,
#	"logging443":true|false,
#	"logrotate":true|false,
#	"listen":"*:80",
#	"use_ssl": true|false,
#	"sslraw":"",
#	"raw":"",
#	"ssl":true|false,
#	"dnsapi":$(dnsapi),
#	"ssl_cert":"lego|certbot",
#	"email":"noc@example.org",
#	"lego_raw":"",
#	"lego_renew_raw":"",
#	"lego_renew_raw2":" && /usr/local/bin/reload_nginx.sh",
#	"disable":true|false,
#	"delete": true|false,
#	"do_logrotate": true|false
# }
# domain	The main `server_name` to configure the server block. This
#			value is used to identify this config.
# aliases	A list of alternative `server_name`s for this server block. 
# doc_root	Path in the filesystem to use for the `root`.
# doc_root_options	Options for the server block. Currently unused.
# logging80	Boolean if to log non-ssl traffic. Currently unused.
# logging443	Boolean if to log ssl traffic. Currently unused.
# listen	String value to use for the `listen` directive.
# sslraw	Multi-line string value for additional ssl config options to
#			add raw.
# email	Email string for Let's Encrypt certificate account.
# ssl	Boolean if to enable a secondary server block with ssl config.
# dnsapi	JSON object for dns01 challenge, used for lego
# ssl_cert	"lego" or "certbot", which client to use. "lego" allows use
#			of dns01 challenges and supports many DNS hosting APIs.
# lego_raw	?
# lego_renew_raw	?
# lego_renew_raw2	?
# raw	Multi-line string value for additional config options to
#		add raw.
# disable Boolean if to disable the server block.
# delete Boolean if to delete the server block.
# do_logrotate Boolean if to configure logrotation for this server block.

{
	classes:
		"delete" expression => $(site[disable]);
		"use_ssl" expression => $(site[ssl]);
		"use_certbot" expression => strcmp("certbot","$(site[ssl_cert])");
		"use_lego" expression => strcmp("lego","$(site[ssl_cert])");
		"do_logrotate" expression => $(site[logrotate]);

	vars:
		"site_defaults" data => '{
			"aliases":[],
			"ssl_cert":"certbot",
			"doc_root":"$(nginx.www_dir)/$(site_param[domain])",
			"doc_root_options":"Indexes FollowSymLinks",
			"logging80":true,
			"logging443":true,
			"logrotate":false,
			"listen":"*:80",
			"sslraw":""
		}';
		"site" data => mergedata(site_defaults,site_param);
		"cert_file" string => "$(certbot.certbot_dir)/live/$(site[domain])";

		"template_file" string => "$(sys.workdir)/inputs/$(def.wmde_libdir)/templates/nginx-vhost.conf.mustache";

		"domain_file" string => "$(nginx.vhost_cfg_dir)/$(site[domain]).conf";
		"domain_dir" string => "$(nginx.www_dir)/$(site[domain])";

		"ssl_cert" string => ifelse( use_certbot,
			"$(certbot.certbot_dir)/live/$(site[domain])/fullchain.pem",
			"$(site[ssl_cert])");
		"ssl_key" string => ifelse( use_certbot,
			"$(certbot.certbot_dir)/live/$(site[domain])/privkey.pem",
			"$(site[ssl_key])");

		use_lego::
			"ssl_cert" string => "$(lego.data_dir)/certificates/$(site[domain]).crt";
			"ssl_key" string => "$(lego.data_dir)/certificates/$(site[domain]).key";

		use_ssl&(use_certbot|use_lego)::
			"vhostdeps" slist => {
				"nginx_ssl_created$(site[domain])",
				"nginx_vhost_dir_cleaned"
			};


		(!use_ssl)|(!use_certbot)|(!use_lego)::
			"vhostdeps" slist => {
				"nginx_vhost_dir_cleaned"
			};
	files:
		delete::
			"$(domain_file)"
				delete => tidy,
				classes => if_repaired(nginx_restart);
		!delete::
			"$(domain_file)"
				perms => mog("644","$(nginx.www_user)","$(nginx.www_group)"),
				create => "true",
				edit_template => "$(template_file)",
				template_method => "mustache",
				handle => "vhost_cfg_done$(site[domain])",
				depends_on => @(vhostdeps),
				classes => results("bundle","domain_config");

			"$(domain_dir)/."
				create => "true",
				perms => mog("750","$(nginx.www_user)","$(nginx.www_group)");

methods:
	use_ssl&use_certbot::
		"any"
			usebundle => certbot_cert(@(site),"$(nginx.default_html_dir)"), #,"$(site[domain])"),
			handle => "nginx_ssl_created$(site[domain])";

		"any"
			usebundle => nginx_restart_service("$(nginx.service_name)","$(site[domain])"),
			if => "domain_config_repaired",
			depends_on => {
				"vhost_cfg_done$(site[domain])",
				"nginx_ssl_created$(site[domain])" 
			};

	use_ssl&use_lego::
		"any"
			usebundle => lego_dns_cert(@(site)), #,"$(site[domain])"),
			handle => "nginx_ssl_created$(site[domain])";

		"any"
			usebundle => nginx_restart_service("$(nginx.service_name)","$(site[domain])"),
			if => "domain_config_repaired",
			depends_on => {
				"vhost_cfg_done$(site[domain])",
				"nginx_ssl_created$(site[domain])" 
			};



	((!use_ssl)|(!use_certbot))::
		"any"
			usebundle => nginx_restart_service("$(nginx.service_name)","$(site[domain])"),
			if => "domain_config_repaired",
			depends_on => {"vhost_cfg_done$(site[domain])" };

files:
#	do_logrotate::
#	"$(logrot.dir)/$(site[domain])"
#	create => "true",
#	edit_defaults => backup("false"),
#	edit_template => "$(sys.workdir)/inputs/$(def.wmde_libdir)/templates/httpd-weblogrot.mustache",
#	template_method => "mustache";

commands:
	"echo"
		args => "$(site[domain]).conf >> $(sys.workdir)/data/agent/nginx/domains.txt",
		inform => "false",
		depends_on => {"vhost_cfg_done$(site[domain])"},
		contain => wmde_cmd_useshell;



reports:

#	"SITE: $(site[domain]): $(site[logrotate])";
#	"SF: @(site)";
#	"DF $(domain_file)";

#	delete::
#		"DELETE TRUE";
#	!delete::
#		"DELETE FALSE";

#	!do_logrotate::
#		"LOGOROOTATE FOR $(site[domain]): FALSE";
#	do_logrotate::
#		"LOGOROOTATE FOR $(site[domain]): TRUE";
}



bundle agent nginx_restart_service(service_name,domain)
{
classes:
	"nginx_must_restart" scope=> "namespace";
commands:
	"/usr/sbin/nginx -t" handle => "nginx_syntax_ok_$(domain)";

methods:
	!nginx_do_not_restart::
		"any"
			usebundle => wmde_restart_service($(service_name),$(domain)),
			depends_on => {"nginx_syntax_ok_$(domain)"};

reports:
#	"RESTART NGINX" depends_on => {"nginx_syntax_ok_$(domain)"};
#	nginx_do_not_restart::
#		"RESTART IS DISABLED";

}



bundle agent nginx_matomo
(site)
{
vars: 
	"pid" string => "/var/run/matomo-logger-$(site[domain]).pid";
	"log" string => "$(nginx.log_dir)/$(site[domain])-access.log";
	"siteid" string => "$(site[matomoid])";
	"logger_script" string => "/tmp/matomo-logger-$(site[domain]).sh";
freebsd::
	"analyt_cmd" string => "/usr/local/bin/python3.9 $(matomo.log_importer)";
debian::
	"analyt_cmd" string => "/usr/bin/python3 $(matomo.log_importer)";
centos::
	"analyt_cmd" string => "/usr/bin/python3 $(matomo.log_importer)";
	
matomo::
	"cmd" string => "/usr/bin/pkill -P `cat $(pid)` ; exec /bin/sh -c 'echo $$ > $(pid); echo \"hello\" | /usr/bin/tail -n+1 -f $(log) | $(analyt_cmd) --token-auth=$(site[matomotoken]) --disable-bulk-tracking --idsite=$(siteid) --url=$(site[matomosite]) --exclude-path=/wp-login.php --exclude-path=/wp-json/\\* --recorders=1 --recorder-max-payload-size=1 --log-format-name=ncsa_extended --exclude-path=\\*.php --exclude-path=/wp-admin/\\* - > /dev/null'
";
!matomo::
	"cmd" string => "";
any::
	"cmd_esc" string => escape ($(cmd));
	#	"cmd": "$(cmd_esc)",

	"site_str" string => storejson(@(site));
#	"site_json" string => '{
#		"site" : "$(site_str)"
#	}';
	
	"site_json" string => '{
		"cmd": "$(cmd)",
		"service": "$(apache.service_name)",	
		"site": $(site_str)
	}';

	"template_file" 
	string => "$(sys.workdir)/inputs/$(def.wmde_libdir)/templates/httpd-weblogrot-matomo.mustache";

methods:
	"any" usebundle => install_logrot;

files:
	"$(logrot.dir)/$(site[domain])"
	create => "true",
	edit_defaults => backup("false"),
	edit_template => "$(template_file)",
	template_method => "mustache";
#	template_data => parsejson("$(site_json)");

	matomo::
	"$(pid)"
	create => "true";


	"$(logger_script)"
	create => "true",
	perms => m("755"),
	content => '#!/bin/sh
if [ "$1" != "child" ]; then
	"$(logger_script)" child &
else
	setsid >/dev/null 2>&1
	exec 0<&- 1>/dev/null 2>&1
	$(cmd)
fi
',
	handle => "loggerscript_$(site[domain])_created";	


classes:
	"matomo" expression => isvariable("site[matomoid]");


commands:
	matomo::
	"/bin/sh -c "
	args => "'kill -0 `cat $(pid)` &&  echo -start_matomo || echo +start_matomo'",
	inform => "false",
	module => "true";

	start_matomo::
		"$(logger_script)"
		args => "$(logger_script)",
		contain => wmde_cmd_useshell,
		depends_on => {"loggerscript_$(site[domain])_created"}; 


#		"/bin/sh"
#		args => "$(logger_script) &",
#		contain => wmde_cmd_useshell,
#		depends_on => {"loggerscript_$(site[domain])_created"}; 

methods:
#	start_matomo::
#		"call" usebundle => daemonize( "/bin/sh $(logger_script)" ),
#			depends_on => {"loggerscript_$(site[domain])_created"};

reports:
	#start_matomo::
	#	"MUST START - WHY";

	#"ESC ESC $(site_json)";

matomo::

}