#!/bin/sh
# Install the packages we need to set up our gliders website + backend.
# This file doubles up as notes/instructions.

# Installed on a VirtualBox VM with 512mb RAM, 1 CPU, 8gb storage
# Add a second 'Host Only' network adapter to allow SSH/web connections
# from host machine.

# Based on a clean CentOS 7 minimal x64 installation
# (CentOS-7-x86_64-Minimal-1503-01)
# All configuration during CentOS install process was left as defaults
# Base installation chosen.
# One user added: gliders, pw: gliders9876

# As root:
yum check-update
yum update

# Install needed tools
yum install git rsync wget vim ansible tmux htop iotop dstat lsof

# And inotify tools
yum install inotify-tools incron

# And development tools (needed to compile python libs from pip)
yum groupinstall "Development Tools"

# Install python libraries
yum install python-inotify numpy python-matplotlib python-virtualenv
python -m easy_install pip
pip install pandas
pip install css-html-js-minify

# Install (& configure) sendmail
yum install sendmail sendmail-cf m4
systemctl enable sendmail

# Install & config MariaDB (MySQL)
yum install mariadb mariadb-server mariadb-devel
mysql_secure_installation
# ^ mariadb root pw was set to gliders9876, anon users + test db removed,
# remote root login disabled
systemctl enable mariadb

# Install a relevant python ORM library
# TODO: Pick one we like the most!
# Big ones like SQLAlchemy?
# owanes quite likes the look of https://storm.canonical.com/ :)
pip install mysql-python
pip install storm

# Install PHP
yum install php php-fpm php-apc php-pdo php-mcrypt php-mbstring
cp php-fpm-www.conf /etc/php-fpm.d/www.conf
systemctl enable php-fpm

# As for the webserver -- either apache or nginx...
# nginx is nice and fast, apache gets better support from
# CentOS etc.

# FOR NGINX
# Based on https://www.digitalocean.com/community/tutorials/how-to-install-nginx-on-centos-7
yum install epel-release  # enables another software repo
yum check-update
yum install nginx
useradd -m gliders
gpasswd -a nginx gliders
gpasswd -a apache gliders
mkdir -p /home/gliders/www
chmod -R g+x /home/gliders
cp nginx.conf /etc/nginx/
cp gliders.nginx.conf /etc/nginx/conf.d/
systemctl enable nginx

# Install fail2ban
yum install fail2ban
systemctl enable fail2ban

# Allow web through the firewall
firewall-cmd --permanent --zone=public --add-service=http 
firewall-cmd --permanent --zone=public --add-service=https
firewall-cmd --permanent --zone=public --add-service=8080/tcp
firewall-cmd --reload

# Pull glider website and glider scripts from git repos
mkdir -p /home/gliders/code
mkdir -p /home/gliders/pythonenv
virtualenv /home/gliders/pythonenv
cd /home/gliders/code
ssh-keygen
# Add contents of /home/gliders/.ssh/id_rsa.pub to GitLab, then:
git clone git@gitlab.noc.soton.ac.uk:allore/Website-Scripts.git
git clone git@gitlab.noc.soton.ac.uk:owanes/gliders-testwebsite.git

# Restart (needed to get firewall to open ports for web, kernel might be
# updated etc.)
reboot