#!/bin/bash
# Mundo Telecom - Instalação FusionPBX (Debian 12)
#
# Este script instala o FusionPBX a partir do nosso repositório local
# em vez do GitHub oficial, garantindo controle de versão e disponibilidade.
#
# Uso: cd /usr/src/install-scripts/debian && ./install-fusionpbx.sh

set -euo pipefail

RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
CYAN='\033[0;36m'
NC='\033[0m'

print_status() { echo -e "${GREEN}[FUSIONPBX]${NC} $1"; }
print_warn()   { echo -e "${YELLOW}[AVISO]${NC} $1"; }
print_error()  { echo -e "${RED}[ERRO]${NC} $1"; }
print_step()   { echo -e "${CYAN}[PASSO]${NC} $1"; }

if [ "$(id -u)" -ne 0 ]; then
    print_error "Execute como root"
    exit 1
fi

# Configurações
FUSIONPBX_REPO="https://git.homelabds.com.br/diegods/fusionpbx.git"
FUSIONPBX_DIR="/usr/src/fusionpbx"
FUSIONSQL_DIR="/var/www/fusionpbx"
DB_NAME="fusionpbx"
DB_USER="fusionpbx"
DB_PASS=$(openssl rand -hex 24)

# =============================================
print_step "1/7 - Instalando FreeSWITCH"
# =============================================
print_status "Adicionando repositório FreeSWITCH..."
wget -O - https://files.freeswitch.com/repo/deb/debian-release/fs-repo.gpg | apt-key add -
echo "deb [signed-by=/usr/share/keyrings/freeswitch.gpg] https://files.freeswitch.com/repo/deb/debian-release/ bookworm main" > /etc/apt/sources.list.d/freeswitch.list

apt-get update
apt-get install -y freeswitch-meta-vanilla freeswitch-mod-commands freeswitch-mod-conference \
    freeswitch-mod-curl freeswitch-mod-db freeswitch-mod-directory \
    freeswitch-mod-distributor freeswitch-mod-dptools freeswitch-mod-dialplan-xml \
    freeswitch-mod-esl freeswitch-mod-expr freeswitch-mod-hash \
    freeswitch-mod-httapi freeswitch-mod-json-cdr freeswitch-mod-logfile \
    freeswitch-mod-loopback freeswitch-mod-memcache freeswitch-mod-native-file \
    freeswitch-mod-pgsql freeswitch-mod-pin-collect freeswitch-mod-pt \
    freeswitch-mod-posix-timer freeswitch-mod-rad-gateway freeswitch-mod-rtc \
    freeswitch-mod-say-es freeswitch-mod-say-pt freeswitch-mod-say-ru \
    freeswitch-mod-say-zh freeswitch-mod-sms freeswitch-mod-sndfile \
    freeswitch-mod-snmp freeswitch-mod-sofia freeswitch-mod-spidermonkey \
    freeswitch-mod-spy freeswitch-mod-static freeswitch-mod-syslog \
    freeswitch-mod-tone-stream freeswitch-mod-valet-parking freeswitch-mod-vlc \
    freeswitch-mod-voicemail freeswitch-mod-voicemail-ivr freeswitch-mod-xml-curl \
    freeswitch-mod-xml-rpc freeswitch-mod-xml-cdr

systemctl enable freeswitch
systemctl start freeswitch
print_status "FreeSWITCH instalado e rodando!"

# =============================================
print_step "2/7 - Instalando PostgreSQL"
# =============================================
print_status "Instalando PostgreSQL..."
apt-get install -y postgresql postgresql-client
systemctl enable postgresql
systemctl start postgresql

print_status "Criando banco de dados..."
su - postgres -c "psql -c \"CREATE DATABASE $DB_NAME;\""
su - postgres -c "psql -c \"CREATE ROLE $DB_USER WITH SUPERUSER LOGIN PASSWORD '$DB_PASS';\""
su - postgres -c "psql -c \"GRANT ALL PRIVILEGES ON DATABASE $DB_NAME TO $DB_USER;\""

# =============================================
print_step "3/7 - Instalando Nginx + PHP"
# =============================================
print_status "Instalando Nginx e PHP-FPM..."
apt-get install -y nginx php-fpm php-pgsql php-cli php-json php-curl \
    php-mbstring php-gd php-xml php-zip php-intl php-bcmath php-gmp php-imagick

systemctl enable nginx
systemctl enable php8.2-fpm 2>/dev/null || systemctl enable php8.*-fpm 2>/dev/null || true

# =============================================
print_step "4/7 - Clonando FusionPBX do repositório local"
# =============================================
print_status "Clonando de $FUSIONPBX_REPO..."
if [ -d "$FUSIONPBX_DIR" ]; then
    cd "$FUSIONPBX_DIR" && git pull
else
    git clone "$FUSIONPBX_REPO" "$FUSIONPBX_DIR"
fi

# Copiar para o diretório web
print_status "Copiando para $FUSIONSQL_DIR..."
cp -R "$FUSIONPBX_DIR"/* "$FUSIONSQL_DIR"/
chown -R www-data:www-data "$FUSIONSQL_DIR"
find "$FUSIONSQL_DIR" -type d -exec chmod 755 {} \;
find "$FUSIONSQL_DIR" -type f -exec chmod 644 {} \;

# =============================================
print_step "5/7 - Configurando FusionPBX"
# =============================================
cd "$FUSIONSQL_DIR"

print_status "Configurando recursos do FusionPBX..."
php "$FUSIONSQL_DIR"/secure.php 2>/dev/null || true

# Configurar banco de dados
cat > /etc/fusionpbx/config.php << EOF
<?php
// Configuração FusionPBX - Mundo Telecom
// Instalado em $(date)

\$db_host = '127.0.0.1';
\$db_port = '5432';
\$db_name = '$DB_NAME';
\$db_username = '$DB_USER';
\$db_password = '$DB_PASS';
\$db_type = 'pgsql';
EOF

mkdir -p /etc/fusionpbx
mv /etc/fusionpbx/config.php /etc/fusionpbx/ 2>/dev/null || true
chown -R www-data:www-data /etc/fusionpbx

# Importar schema do banco
print_status "Importando schema do banco..."
sudo -u postgres psql -d "$DB_NAME" < "$FUSIONSQL_DIR"/app/ databases.sql 2>/dev/null || \
php "$FUSIONSQL_DIR"/core/upgrade/upgrade.php 2>/dev/null || true

# =============================================
print_step "6/7 - Configurando Nginx"
# =============================================
cat > /etc/nginx/sites-available/fusionpbx << 'NGINX'
server {
    listen 80;
    server_name _;

    root /var/www/fusionpbx;
    index index.php index.html index.htm;

    access_log /var/log/nginx/fusionpbx-access.log;
    error_log /var/log/nginx/fusionpbx-error.log;

    location / {
        try_files $uri $uri/ /index.php?$args;
    }

    location ~ \.php$ {
        include snippets/fastcgi-php.conf;
        fastcgi_pass unix:/var/run/php/php8.2-fpm.sock;
    }

    location ~ /\.ht {
        deny all;
    }

    # Segurança
    add_header X-Frame-Options "SAMEORIGIN";
    add_header X-Content-Type-Options "nosniff";
    add_header X-XSS-Protection "1; mode=block";
}
NGINX

ln -sf /etc/nginx/sites-available/fusionpbx /etc/nginx/sites-enabled/
rm -f /etc/nginx/sites-enabled/default
nginx -t && systemctl reload nginx

# =============================================
print_step "7/7 - Configurando Firewall e Finalização"
# =============================================
print_status "Configurando Fail2ban..."
apt-get install -y fail2ban
cat > /etc/fail2ban/jail.local << 'FAIL2BAN'
[freeswitch-ip]
enabled  = true
logpath  = /var/log/freeswitch/freeswitch.log
maxretry = 5

[freeswitch-auth]
enabled  = true
logpath  = /var/log/freeswitch/freeswitch.log
maxretry = 5

[fusionpbx-auth]
enabled  = true
logpath  = /var/log/nginx/fusionpbx-error.log
maxretry = 5
FAIL2BAN

systemctl enable fail2ban
systemctl restart fail2ban

# IP do servidor
IP=$(hostname -I | awk '{print $1}')

# =============================================
print_status ""
print_status "============================================"
print_status " ✅ INSTALAÇÃO CONCLUÍDA!"
print_status "============================================"
print_status ""
print_status " Acesse no navegador:"
print_status "   https://$IP"
print_status ""
print_status " Usuário: admin"
print_status " Senha:   (criada no primeiro acesso)"
print_status ""
print_status " Banco de dados PostgreSQL:"
print_status "   Database: $DB_NAME"
print_status "   Usuário:  $DB_USER"
print_status "   Senha:    $DB_PASS"
print_status "   Arquivo:  /etc/fusionpbx/config.php"
print_status ""
print_status " Repositório local:"
print_status "   $FUSIONPBX_REPO"
print_status ""
print_status " Para configurar SSL, use o Nginx Proxy Manager"
print_status "   https://npm.homelabds.com.br"
print_status ""
print_status "============================================"