#!/bin/bash
set -euo pipefail

### VARIABLEN ###
user=www-data
php_version=8.2
php="/usr/bin/php${php_version}"
path=/var/www/nextcloud
lxc_timezone="Europe/Berlin"

echo "===== Starting Nextcloud update script ====="

### 1. Pakete sicherstellen ###
export DEBIAN_FRONTEND=noninteractive
export DEBIAN_PRIORITY=critical
apt update -qq
apt install -y -qq --no-install-recommends \
  tree locate screen zip ffmpeg ghostscript libfile-fcntllock-perl libfuse2 socat fail2ban ldap-utils cifs-utils redis-server imagemagick libmagickcore-6.q16-6-extra \
  postgresql-15 nginx php${php_version}-{fpm,gd,mysql,pgsql,curl,xml,zip,intl,mbstring,bz2,ldap,apcu,bcmath,gmp,imagick,igbinary,redis,dev,smbclient,cli,common,opcache,readline}

### 2. Backups ###
for file in \
  /etc/php/${php_version}/fpm/pool.d/www.conf \
  /etc/php/${php_version}/cli/php.ini \
  /etc/php/${php_version}/fpm/php.ini \
  /etc/php/${php_version}/fpm/php-fpm.conf \
  /etc/php/${php_version}/mods-available/apcu.ini \
  /etc/ImageMagick-6/policy.xml
do
  [ -f "$file" ] && cp "$file" "${file}.bak"
done

### 3. PHP-Optionen setzen ###
set_php_option() {
  local key="$1"
  local value="$2"
  local file="$3"
  if grep -Eq "^[;#]*\s*${key}\s*=" "$file"; then
    sed -i -E "s|^[;#]*\s*(${key})\s*=.*|\1 = ${value}|" "$file"
  else
    echo "${key} = ${value}" >> "$file"
  fi
}

echo "Updating PHP configuration..."
for ini in "/etc/php/${php_version}/cli/php.ini" "/etc/php/${php_version}/fpm/php.ini"; do
  set_php_option memory_limit 1024M "$ini"
  set_php_option upload_max_filesize 10240M "$ini"
  set_php_option post_max_size 10240M "$ini"
  set_php_option max_execution_time 3600 "$ini"
  set_php_option max_input_time 3600 "$ini"
  set_php_option date.timezone "$lxc_timezone" "$ini"
  set_php_option output_buffering Off "$ini"
done

# OPCache speziell
for ini in "/etc/php/${php_version}/fpm/php.ini"; do
  set_php_option opcache.enable 1 "$ini"
  set_php_option opcache.enable_cli 1 "$ini"
  set_php_option opcache.memory_consumption 128 "$ini"
  set_php_option opcache.interned_strings_buffer 16 "$ini"
  set_php_option opcache.max_accelerated_files 10000 "$ini"
  set_php_option opcache.revalidate_freq 1 "$ini"
  set_php_option opcache.save_comments 1 "$ini"
done

# APCu
if ! grep -q "apc.enable_cli" /etc/php/${php_version}/mods-available/apcu.ini; then
  echo "apc.enable_cli=1" >> /etc/php/${php_version}/mods-available/apcu.ini
fi

# FPM Pool Einstellungen
fpm_pool="/etc/php/${php_version}/fpm/pool.d/www.conf"
sed -i -E "s|^;?env\[PATH\]|env[PATH]|" "$fpm_pool"
sed -i -E "s|^pm.max_children\s*=.*|pm.max_children = 120|" "$fpm_pool"
sed -i -E "s|^pm.start_servers\s*=.*|pm.start_servers = 12|" "$fpm_pool"
sed -i -E "s|^pm.min_spare_servers\s*=.*|pm.min_spare_servers = 6|" "$fpm_pool"
sed -i -E "s|^pm.max_spare_servers\s*=.*|pm.max_spare_servers = 18|" "$fpm_pool"
sed -i -E "s|^;?pm.max_requests\s*=.*|pm.max_requests = 1000|" "$fpm_pool"

### 4. ImageMagick Policies ###
sed -i "s/rights=\"none\" pattern=\"\(PS\|EPS\|PDF\|XPS\)\"/rights=\"read|write\" pattern=\"\1\"/" /etc/ImageMagick-6/policy.xml

### 5. PHP-FPM & nginx reload ###
systemctl restart php${php_version}-fpm
systemctl reload nginx

### 6. Nextcloud status vor Update ###
sudo -u "$user" "$php" "$path/occ" status

### 7. Updater ###
echo "Running updater.phar..."
sudo -u "$user" "$php" "$path/updater/updater.phar" --no-backup --no-interaction

### 8. OCC Aufgaben ###
declare -a occ_commands=(
  "db:add-missing-primary-keys"
  "db:add-missing-indices"
  "db:add-missing-columns"
  "db:convert-filecache-bigint -n"
  "maintenance:repair --include-expensive"
  "files:scan-app-data"
  "files:scan --all"
  "app:update --all"
  "upgrade"
)

for cmd in "${occ_commands[@]}"; do
  echo " Running: occ $cmd"
  sudo -u "$user" "$php" "$path/occ" $cmd
done

### 9. Wartungsfenster setzen ###
sudo -u "$user" "$php" "$path/occ" config:system:set maintenance_window_start --value="3" --type=integer

### 10. MIME-Type für .mjs setzen ###
if ! grep -q "mjs" /etc/nginx/mime.types; then
  echo "    application/javascript mjs;" >> /etc/nginx/mime.types
  systemctl reload nginx
fi

### 11. Header setzen, falls noch nicht vorhanden ###
if ! grep -q "X-Robots-Tag" /etc/nginx/conf.d/*; then
  sed -i '/server {/a \\tadd_header X-Robots-Tag "noindex, nofollow" always;' /etc/nginx/conf.d/nextcloud.conf
  systemctl reload nginx
fi

### 12. Status nach Update ###
sudo -u "$user" "$php" "$path/occ" status
echo " Nextcloud update complete."

reboot
