install-scripts/debian/install-fusionpbx.sh

#!/bin/bash
# Mundo Telecom - Instalação FusionPBX (Debian 12)
# 
# ATUALIZADO: FreeSWITCH agora via SignalWire (token necessário)
# 
# Uso: 
#   1. Crie um token em https://signalwire.com → Personal Access Tokens
#   2. Exporte o token:
#      export SIGNALWIRE_TOKEN=seu_token_aqui
#   3. Execute:
#      cd /usr/src/install-scripts/debian && ./install-fusionpbx.sh

set -euo pipefail

RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
CYAN='\033[0;36m'
NC='\033[0m'

print_status() { echo -e "${GREEN}[FUSIONPBX]${NC} $1"; }
print_warn()   { echo -e "${YELLOW}[AVISO]${NC} $1"; }
print_error()  { echo -e "${RED}[ERRO]${NC} $1"; }
print_step()   { echo -e "${CYAN}[PASSO]${NC} $1"; }

if [ "$(id -u)" -ne 0 ]; then
    print_error "Execute como root"
    exit 1
fi

# Verificar token SignalWire
if [ -z "${SIGNALWIRE_TOKEN:-}" ]; then
    print_warn "Token SignalWire não definido!"
    print_warn "FreeSWITCH será instalado do source (mais lento)"
    print_warn "Para usar pacotes oficiais, defina:"
    print_warn "  export SIGNALWIRE_TOKEN=seu_token"
    INSTALL_MODE="source"
else
    INSTALL_MODE="package"
    print_status "Token SignalWire encontrado!"
fi

# Configurações
FUSIONPBX_REPO="https://git.homelabds.com.br/diegods/fusionpbx.git"
FUSIONPBX_DIR="/usr/src/fusionpbx"
FUSIONSQL_DIR="/var/www/fusionpbx"
DB_NAME="fusionpbx"
DB_USER="fusionpbx"
DB_PASS=$(openssl rand -hex 24)

# =============================================
print_step "1/7 - Instalando FreeSWITCH"
# =============================================

if [ "$INSTALL_MODE" = "package" ]; then
    print_status "Instalando FreeSWITCH via SignalWire (pacotes)..."
    apt-get update && apt-get install -y curl
    curl -sSL https://freeswitch.org/fsget | bash -s "$SIGNALWIRE_TOKEN" release install
else
    print_status "Instalando FreeSWITCH do source..."
    print_warn "Isso pode levar 30+ minutos..."

    # Dependências de build
    apt-get update
    apt-get install -y \
        build-essential automake autoconf libtool \
        libncurses5-dev libssl-dev libpcre3-dev \
        libcurl4-openssl-dev libsqlite3-dev libldns-dev \
        libedit-dev yasm cmake libspeexdsp-dev \
        libopus-dev libsndfile1-dev flac \
        uuid-dev libavformat-dev libswscale-dev \
        liblua5.2-dev libtiff5-dev libjpeg-dev \
        python3-dev

    # Clonar e compilar FreeSWITCH
    cd /usr/src
    git clone https://github.com/signalwire/freeswitch.git -b v1.10.12
    cd freeswitch
    ./bootstrap.sh -j
    ./configure
    make -j$(nproc)
    make install
    make cd-sounds-install
    make cd-moh-install

    # Criar links e configurar
    ldconfig
    ln -sf /usr/local/freeswitch/bin/fs_cli /usr/local/bin/
    ln -sf /usr/local/freeswitch/bin/freeswitch /usr/local/bin/
fi

systemctl enable freeswitch 2>/dev/null || true
systemctl start freeswitch 2>/dev/null || true
print_status "FreeSWITCH instalado!"

# =============================================
print_step "2/7 - Instalando PostgreSQL"
# =============================================
print_status "Instalando PostgreSQL..."
apt-get install -y postgresql postgresql-client
systemctl enable postgresql
systemctl start postgresql

print_status "Criando banco de dados..."
su - postgres -c "psql -c \"CREATE DATABASE $DB_NAME;\""
su - postgres -c "psql -c \"CREATE ROLE $DB_USER WITH SUPERUSER LOGIN PASSWORD '$DB_PASS';\""
su - postgres -c "psql -c \"GRANT ALL PRIVILEGES ON DATABASE $DB_NAME TO $DB_USER;\""

# =============================================
print_step "3/7 - Instalando Nginx + PHP"
# =============================================
print_status "Instalando Nginx e PHP-FPM..."
apt-get install -y nginx php-fpm php-pgsql php-cli php-json php-curl \
    php-mbstring php-gd php-xml php-zip php-intl php-bcmath php-gmp php-imagick

systemctl enable nginx
systemctl enable php8.2-fpm 2>/dev/null || systemctl enable php8.*-fpm 2>/dev/null || true

# =============================================
print_step "4/7 - Clonando FusionPBX do repositório local"
# =============================================
print_status "Clonando de $FUSIONPBX_REPO..."
if [ -d "$FUSIONPBX_DIR" ]; then
    cd "$FUSIONPBX_DIR" && git pull
else
    git clone "$FUSIONPBX_REPO" "$FUSIONPBX_DIR"
fi

mkdir -p "$FUSIONSQL_DIR"
cp -R "$FUSIONPBX_DIR"/* "$FUSIONSQL_DIR"/
chown -R www-data:www-data "$FUSIONSQL_DIR"
find "$FUSIONSQL_DIR" -type d -exec chmod 755 {} \;
find "$FUSIONSQL_DIR" -type f -exec chmod 644 {} \;

# =============================================
print_step "5/7 - Configurando FusionPBX"
# =============================================
cd "$FUSIONSQL_DIR"

mkdir -p /etc/fusionpbx
cat > /etc/fusionpbx/config.php << EOF
<?php
// Configuração FusionPBX - Mundo Telecom
// Instalado em $(date)

\$db_host = '127.0.0.1';
\$db_port = '5432';
\$db_name = '$DB_NAME';
\$db_username = '$DB_USER';
\$db_password = '$DB_PASS';
\$db_type = 'pgsql';
EOF

chown -R www-data:www-data /etc/fusionpbx

print_status "Importando schema do banco..."
php "$FUSIONSQL_DIR"/core/upgrade/upgrade.php 2>/dev/null || true

# =============================================
print_step "6/7 - Configurando Nginx"
# =============================================
cat > /etc/nginx/sites-available/fusionpbx << 'NGINX'
server {
    listen 80;
    server_name _;

    root /var/www/fusionpbx;
    index index.php index.html index.htm;

    access_log /var/log/nginx/fusionpbx-access.log;
    error_log /var/log/nginx/fusionpbx-error.log;

    location / {
        try_files $uri $uri/ /index.php?$args;
    }

    location ~ \.php$ {
        include snippets/fastcgi-php.conf;
        fastcgi_pass unix:/var/run/php/php8.2-fpm.sock;
    }

    location ~ /\.ht {
        deny all;
    }

    add_header X-Frame-Options "SAMEORIGIN";
    add_header X-Content-Type-Options "nosniff";
    add_header X-XSS-Protection "1; mode=block";
}
NGINX

ln -sf /etc/nginx/sites-available/fusionpbx /etc/nginx/sites-enabled/
rm -f /etc/nginx/sites-enabled/default
nginx -t && systemctl reload nginx

# =============================================
print_step "7/7 - Configurando Firewall e Finalização"
# =============================================
print_status "Configurando Fail2ban..."
apt-get install -y fail2ban
cat > /etc/fail2ban/jail.local << 'FAIL2BAN'
[freeswitch-ip]
enabled  = true
logpath  = /var/log/freeswitch/freeswitch.log
maxretry = 5

[freeswitch-auth]
enabled  = true
logpath  = /var/log/freeswitch/freeswitch.log
maxretry = 5

[fusionpbx-auth]
enabled  = true
logpath  = /var/log/nginx/fusionpbx-error.log
maxretry = 5
FAIL2BAN

systemctl enable fail2ban
systemctl restart fail2ban

IP=$(hostname -I | awk '{print $1}')

# =============================================
print_status ""
print_status "============================================"
print_status " ✅ INSTALAÇÃO CONCLUÍDA!"
print_status "============================================"
print_status ""
print_status " Acesse no navegador:"
print_status "   http://$IP"
print_status ""
print_status " Usuário: admin"
print_status " (senha criada no primeiro acesso)"
print_status ""
print_status " Banco de dados PostgreSQL:"
print_status "   Database: $DB_NAME"
print_status "   Usuário:  $DB_USER"
print_status "   Senha:    $DB_PASS"
print_status ""
print_status " Repositório local:"
print_status "   $FUSIONPBX_REPO"
print_status ""
print_status " Para configurar SSL, use o Nginx Proxy Manager"
print_status "   https://npm.homelabds.com.br"
print_status ""
print_status "============================================"