#!/bin/bash
# Configuration changes to tune machine

platform_type=$1 # vps or dedicated
version=$2 # el7 or el8
set -e # require success / abort on fail

if [[ -z "$platform_type" ]]; then
    echo "please specify platform type vps/dedicated"
    exit 1
fi

if [[ -z "$version" ]]; then
    echo "please specify OS version"
    exit 1
fi

if [ "$version" == "el8" ]; then
    mariadb_repo_var="almalinux8-amd64"
elif [ "$version" == "el7" ]; then
    mariadb_repo_var="centos7-amd64"
else
    echo "unsupported OS version"
    exit 1
fi

function configure_mariadb() {
    if [[ $platform_type == "vps" ]]; then
        cat << EOF > /etc/my.cnf.d/01-inmotion-vps.cnf
[mysqld]
max_connections = 150
max_user_connections = 100
skip-external-locking
key_buffer_size = 64M
max_allowed_packet = 8M
table_open_cache = 256
sort_buffer_size = 1M
net_buffer_length = 16K
read_buffer_size = 1M
read_rnd_buffer_size = 1M
myisam_sort_buffer_size = 32M
innodb_file_per_table
tmp_table_size = 64M
max_heap_table_size = 64M
thread_cache_size = 8

# This setting allows the use of asynchronous I/O in InnoDB.
# The following files track usage of this resource:
# - /proc/sys/fs/aio-max-nr
# - /proc/sys/fs/aio-nr
# Default limit is 65536, of which a single instance of mysql uses 2661 out of the box
innodb_use_native_aio = 1
default_storage_engine = MyISAM
log_error = /var/lib/mysql/mysqld.log
innodb_log_file_size = 16M
EOF
    elif [[ $platform_type == "dedicated" ]]; then
        true # todo
    fi
}

function configure_pureftpd() {
    ftpd_conf=/etc/pure-ftpd/pure-ftpd.conf
    sed -i 's/NoAnonymous/#NoAnonymous/g' $ftpd_conf
    if ! grep -q '^NoAnonymous yes' $ftpd_conf; then
        echo 'NoAnonymous yes' >> $ftpd_conf
    fi
    sed -i '/^# PassivePortRange/s/^# //' /etc/pure-ftpd/pure-ftpd.conf
}

function configure_csf() {
    csf_conf=/etc/csf/csf.conf
    csf_ignore_list=/etc/csf/csf.fignore
    sed -i 's/^LF_CWP = .*/LF_CWP = "5"/g' $csf_conf
    sed -i 's/^LF_TRIGGER = .*/LF_TRIGGER = "10"/g' $csf_conf
    sed -i 's/^LF_MODSEC = .*/LF_MODSEC = "0"/g' $csf_conf
    sed -i 's/^LF_POP3D = .*/LF_POP3D = "5"/g' $csf_conf
    sed -i 's/^LF_IMAPD = .*/LF_IMAPD = "5"/g' $csf_conf
    sed -i 's/^PT_LIMIT = .*/PT_LIMIT = "0"/g' $csf_conf
    sed -i 's/^SYSLOG_CHECK = .*/SYSLOG_CHECK = "300"/g' $csf_conf
    sed -i 's/^EMAIL_ALERT = .*/EMAIL_ALERT = "0"/g' $csf_conf
    # Remove port 22 from TCP_IN (close ssh)
    sed -i 's@20,21,22,25,53@20,21,25,53@g' $csf_conf
    # Open FTP Passive Port Range
    sed -i '/^TCP_IN = /s/"$/,30000:50000"/' /etc/csf/csf.conf
    sed -i '/^TCP_OUT = /s/"$/,30000:50000"/' /etc/csf/csf.conf
    # add salt temp files to csf ignore list
    if [ ! -e $csf_ignore_list ]; then
        touch $csf_ignore_list
    fi
    if ! grep -q -F '/var/tmp/\.root_.*_salt' $csf_ignore_list; then
        echo '/var/tmp/\.root_.*_salt' >> $csf_ignore_list
    fi
    # Update csf and reload it
    csf -uf &>/dev/null || :
}

configure_pureftpd
configure_csf
configure_mariadb