hestia-install.sh

export PATH=$PATH:/sbin
RHOST='apt.hestiacp.com'
GPG='gpg.hestiacp.com'
HESTIA='/usr/local/hestia'
LOG="/root/hst_install_backups/hst_install-$(date +%d%m%Y%H%M).log"
memory=$(grep 'MemTotal' /proc/meminfo |tr ' ' '\n' |grep [0-9])
hst_backups="/root/hst_install_backups/$(date +%d%m%Y%H%M)"
arch=$(uname -i)
spinner="/-\|"
codename="$(cat /etc/os-release |grep VERSION= |cut -f 2 -d \(|cut -f 1 -d \))"
pma_v='5.0.1'
fpm_v="7.4"
HESTIA_INSTALL_DIR="$HESTIA/install/deb"

nginx='yes'
phpfpm='yes'
multiphp='no'
vsftpd='yes'
proftpd='no'
named='yes'
mysql='yes'
postgresql='no'
exim='yes'
dovecot='yes'
clamd='yes'
spamd='yes'
iptables='yes'
fail2ban='yes'
quota='no'
interactive='yes'
api='yes'
email='tomislav@cybershark.rs'
lang='en'
port=8083

# Defining password-gen function
gen_pass() {
    MATRIX='0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz'
    LENGTH=10
    while [ ${n:=1} -le $LENGTH ]; do
        PASS="$PASS${MATRIX:$(($RANDOM%${#MATRIX})):1}"
        let n+=1
    done
    echo "$PASS"
}

software="awstats bc bind bind-libs bind-utils clamav clamav-update
    curl dovecot e2fsprogs exim expect fail2ban flex freetype ftp GeoIP httpd
    ImageMagick iptables-services lsof mailx mc
    net-tools nginx openssh-clients pcre libidn git php
    php-bcmath php-cli php-common php-fpm php-gd php-imap php-mbstring
    php-mcrypt phpMyAdmin php-mysql php-pdo php-pgsql php-soap
    php-tidy php-xml php-xmlrpc php-opcache php-pspell php-readline
    php-imagick php-intl php-json php-bz2 php-zip php-ldap php-apcu php-curl
    roundcubemail rrdtool rsyslog screen
    spamassassin sqlite sudo tar telnet unzip quota
    sudo vim-common vsftpd which zip sysstat"

# Asking for confirmation to proceed
if [ "$interactive" = 'yes' ]; then
    read -p 'Would you like to continue with the installation? [Y/N]: ' answer
    if [ "$answer" != 'y' ] && [ "$answer" != 'Y'  ]; then
        echo 'Goodbye'
        exit 1
    fi

    # Asking for contact email
    if [ -z "$email" ]; then
        read -p 'Please enter admin email address: ' email
    fi

    # Asking to set FQDN hostname
    if [ -z "$servername" ]; then
        read -p "Please enter FQDN hostname [$(hostname -f)]: " servername
    fi
fi

# Set hostname if it wasn't set
if [ -z "$servername" ]; then
    servername=$(hostname -f)
fi

# Set FQDN if it wasn't set
mask1='(([[:alnum:]](-?[[:alnum:]])*)\.)'
mask2='*[[:alnum:]](-?[[:alnum:]])+\.[[:alnum:]]{2,}'
if ! [[ "$servername" =~ ^${mask1}${mask2}$ ]]; then
    if [ ! -z "$servername" ]; then
        servername="$servername.example.com"
    else
        servername="example.com"
    fi
    echo "127.0.0.1 $servername" >> /etc/hosts
fi

# Set email if it wasn't set
if [ -z "$email" ]; then
    email="admin@$servername"
fi

# Creating backup directory tree
mkdir -p $hst_backups
cd $hst_backups
mkdir nginx apache2 php vsftpd proftpd bind exim4 dovecot clamd
mkdir spamassassin mysql postgresql hestia

# Backup nginx configuration
systemctl stop nginx > /dev/null 2>&1
cp -r /etc/nginx/* $hst_backups/nginx > /dev/null 2>&1

# Backup Apache configuration
systemctl stop apache2 > /dev/null 2>&1
cp -r /etc/apache2/* $hst_backups/apache2 > /dev/null 2>&1
rm -f /etc/apache2/conf.d/* > /dev/null 2>&1

# Backup PHP-FPM configuration
systemctl stop php*-fpm > /dev/null 2>&1
cp -r /etc/php/* $hst_backups/php/ > /dev/null 2>&1

# Backup Bind configuration
systemctl stop named > /dev/null 2>&1
cp -r /etc/named* $hst_backups/named > /dev/null 2>&1

# Backup Vsftpd configuration
systemctl stop vsftpd > /dev/null 2>&1
cp /etc/vsftpd.conf $hst_backups/vsftpd > /dev/null 2>&1

# Backup ProFTPD configuration
systemctl stop proftpd > /dev/null 2>&1
cp /etc/proftpd.conf $hst_backups/proftpd > /dev/null 2>&1

# Backup Exim configuration
systemctl stop exim > /dev/null 2>&1
cp -r /etc/exim/* $hst_backups/exim > /dev/null 2>&1

# Backup ClamAV configuration
systemctl stop clamav-daemon > /dev/null 2>&1
cp -r /etc/clam* $hst_backups/clamav > /dev/null 2>&1

# Backup SpamAssassin configuration
systemctl stop spamassassin > /dev/null 2>&1
cp -r /etc/spamassassin/* $hst_backups/spamassassin > /dev/null 2>&1

# Backup Dovecot configuration
systemctl stop dovecot > /dev/null 2>&1
cp /etc/dovecot.conf $hst_backups/dovecot > /dev/null 2>&1
cp -r /etc/dovecot/* $hst_backups/dovecot > /dev/null 2>&1

# Backup MySQL/MariaDB configuration and data
systemctl stop mysql > /dev/null 2>&1
killall -9 mysqld > /dev/null 2>&1
mv /var/lib/mysql $hst_backups/mysql/mysql_datadir > /dev/null 2>&1
cp -r /etc/percona-server.conf.d* $hst_backups/mysql > /dev/null 2>&1
mv -f /root/.my.cnf $hst_backups/mysql > /dev/null 2>&1

# Backup Hestia
systemctl stop hestia > /dev/null 2>&1
cp -r $HESTIA/* $hst_backups/hestia > /dev/null 2>&1
rm -rf $HESTIA > /dev/null 2>&1

# Restarting rsyslog
service rsyslog restart > /dev/null 2>&1

# Checking ipv6 on loopback interface
check_lo_ipv6=$(/sbin/ip addr | grep 'inet6')
check_rc_ipv6=$(grep 'scope global dev lo' /etc/rc.local)
if [ ! -z "$check_lo_ipv6)" ] && [ -z "$check_rc_ipv6" ]; then
    ip addr add ::2/128 scope global dev lo
    echo "# Vesta: Workraround for openssl validation func" >> /etc/rc.local
    echo "ip addr add ::2/128 scope global dev lo" >> /etc/rc.local
    chmod a+x /etc/rc.local
fi

# Disabling SELinux
if [ -e '/etc/sysconfig/selinux' ]; then
    sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/sysconfig/selinux
    sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
    setenforce 0 2>/dev/null
fi

# Disabling iptables
service iptables stop
service firewalld stop >/dev/null 2>&1

# Adding backup user
adduser backup 2>/dev/null
ln -sf /home/backup /backup
chmod a+x /backup

# Set directory color
echo 'LS_COLORS="$LS_COLORS:di=00;33"' >> /etc/profile

# Register /sbin/nologin and /usr/sbin/nologin
echo "/sbin/nologin" >> /etc/shells
echo "/usr/sbin/nologin" >> /etc/shells

# Changing default systemd interval
echo "DefaultStartLimitInterval=1s" >> /etc/systemd/system.conf
echo "DefaultStartLimitBurst=60" >> /etc/systemd/system.conf
systemctl daemon-reexec

echo "(*) Configuring system settings..."
# Enable SSH password authentication
sed -i "s/rdAuthentication no/rdAuthentication yes/g" /etc/ssh/sshd_config


# Reduce SSH login grace time
sed -i "s/LoginGraceTime 2m/LoginGraceTime 1m/g" /etc/ssh/sshd_config
sed -i "s/#LoginGraceTime 2m/LoginGraceTime 1m/g" /etc/ssh/sshd_config

# Set directory color
if [ -z "$(grep 'LS_COLORS="$LS_COLORS:di=00;33"' /etc/profile)" ]; then
    echo 'LS_COLORS="$LS_COLORS:di=00;33"' >> /etc/profile
fi

# Registering /usr/sbin/nologin
if [ -z "$(grep nologin /etc/shells)" ]; then
    echo "/usr/sbin/nologin" >> /etc/shells
fi

echo "(*) Configuring Hestia Control Panel..."
# Installing sudo configuration
mkdir -p /etc/sudoers.d
cp -fn $HESTIA_INSTALL_DIR/sudo/admin /etc/sudoers.d/
chmod 440 /etc/sudoers.d/admin

# Configuring system env
echo "export HESTIA='$HESTIA'" > /etc/profile.d/hestia.sh
echo 'PATH=$PATH:'$HESTIA'/bin' >> /etc/profile.d/hestia.sh
echo 'export PATH' >> /etc/profile.d/hestia.sh
chmod 755 /etc/profile.d/hestia.sh
source /etc/profile.d/hestia.sh

# Configuring logrotate for Hestia logs
cp -fn $HESTIA_INSTALL_DIR/logrotate/hestia /etc/logrotate.d/hestia

# Building directory tree and creating some blank files for Hestia
mkdir -p $HESTIA/conf $HESTIA/log $HESTIA/ssl $HESTIA/data/ips \
    $HESTIA/data/queue $HESTIA/data/users $HESTIA/data/firewall \
    $HESTIA/data/sessions
touch $HESTIA/data/queue/backup.pipe $HESTIA/data/queue/disk.pipe \
    $HESTIA/data/queue/webstats.pipe $HESTIA/data/queue/restart.pipe \
    $HESTIA/data/queue/traffic.pipe $HESTIA/log/system.log \
    $HESTIA/log/nginx-error.log $HESTIA/log/auth.log
chmod 750 $HESTIA/conf $HESTIA/data/users $HESTIA/data/ips $HESTIA/log
chmod -R 750 $HESTIA/data/queue
chmod 660 $HESTIA/log/*
rm -f /var/log/hestia
ln -s $HESTIA/log /var/log/hestia
chmod 770 $HESTIA/data/sessions

# Generating Hestia configuration
rm -f $HESTIA/conf/hestia.conf > /dev/null 2>&1
touch $HESTIA/conf/hestia.conf
chmod 660 $HESTIA/conf/hestia.conf

echo "WEB_SYSTEM='nginx'" >> $HESTIA/conf/hestia.conf
echo "WEB_PORT='80'" >> $HESTIA/conf/hestia.conf
echo "WEB_SSL_PORT='443'" >> $HESTIA/conf/hestia.conf
echo "WEB_SSL='openssl'"  >> $HESTIA/conf/hestia.conf
#echo "STATS_SYSTEM='awstats'" >> $HESTIA/conf/hestia.conf
echo "WEB_BACKEND='php-fpm'" >> $HESTIA/conf/hestia.conf

installed_db_types='mysql'

db=$(echo "$installed_db_types" |\
    sed "s/,/\n/g"|\
    sort -r -u |\
    sed "/^$/d"|\
    sed ':a;N;$!ba;s/\n/,/g')
echo "DB_SYSTEM='$db'" >> $HESTIA/conf/hestia.conf

echo "FTP_SYSTEM='vsftpd'" >> $HESTIA/conf/hestia.conf
echo "DNS_SYSTEM='named'" >> $HESTIA/conf/hestia.conf

# Mail stack
if [ "$exim" = 'yes' ]; then
    echo "MAIL_SYSTEM='exim'" >> $HESTIA/conf/hestia.conf
    if [ "$clamd" = 'yes'  ]; then
        echo "ANTIVIRUS_SYSTEM='clamav-daemon'" >> $HESTIA/conf/hestia.conf
    fi
    if [ "$spamd" = 'yes' ]; then
        echo "ANTISPAM_SYSTEM='spamassassin'" >> $HESTIA/conf/hestia.conf
    fi
    if [ "$dovecot" = 'yes' ]; then
        echo "IMAP_SYSTEM='dovecot'" >> $HESTIA/conf/hestia.conf
    fi
fi

# Cron daemon
echo "CRON_SYSTEM='crond'" >> $HESTIA/conf/hestia.conf

# Firewall stack
if [ "$iptables" = 'yes' ]; then
    echo "FIREWALL_SYSTEM='iptables'" >> $HESTIA/conf/hestia.conf
fi
if [ "$iptables" = 'yes' ] && [ "$fail2ban" = 'yes' ]; then
    echo "FIREWALL_EXTENSION='fail2ban'" >> $HESTIA/conf/hestia.conf
fi

# Disk quota
if [ "$quota" = 'yes' ]; then
    echo "DISK_QUOTA='yes'" >> $HESTIA/conf/hestia.conf
fi

# Backups
echo "BACKUP_SYSTEM='local'" >> $HESTIA/conf/hestia.conf

# Language
echo "LANGUAGE='$lang'" >> $HESTIA/conf/hestia.conf

# Version & Release Branch
echo "VERSION='1.1.1'" >> $HESTIA/conf/hestia.conf
echo "RELEASE_BRANCH='release'" >> $HESTIA/conf/hestia.conf

# Installing hosting packages
cp -rf $HESTIA_INSTALL_DIR/packages $HESTIA/data/

# Update nameservers in hosting package
IFS='.' read -r -a domain_elements <<< "$servername"
if [ ! -z "${domain_elements[-2]}" ] && [ ! -z "${domain_elements[-1]}" ]; then
    serverdomain="${domain_elements[-2]}.${domain_elements[-1]}"
    sed -i s/"domain.tld"/"$serverdomain"/g $HESTIA/data/packages/*.pkg
fi

# Installing templates
cp -rf $HESTIA_INSTALL_DIR/templates $HESTIA/data/

mkdir -p /var/www/html
mkdir -p /var/www/document_errors

# Install default success page
cp -rf $HESTIA_INSTALL_DIR/templates/web/unassigned/index.html /var/www/html/
cp -rf $HESTIA_INSTALL_DIR/templates/web/skel/document_errors/* /var/www/document_errors/

# Installing firewall rules
cp -rf $HESTIA_INSTALL_DIR/firewall $HESTIA/data/

# Configuring server hostname
$HESTIA/bin/v-change-sys-hostname $servername > /dev/null 2>&1

# Generating SSL certificate
echo "(*) Generating default self-signed SSL certificate..."
$HESTIA/bin/v-generate-ssl-cert $(hostname) $email 'US' 'California' \
     'San Francisco' 'Hestia Control Panel' 'IT' > /tmp/hst.pem

# Parsing certificate file
crt_end=$(grep -n "END CERTIFICATE-" /tmp/hst.pem |cut -f 1 -d:)
key_start=$(grep -n "BEGIN RSA" /tmp/hst.pem |cut -f 1 -d:)
key_end=$(grep -n  "END RSA" /tmp/hst.pem |cut -f 1 -d:)

# Adding SSL certificate
echo "(*) Adding SSL certificate to Hestia Control Panel..."
cd $HESTIA/ssl
sed -n "1,${crt_end}p" /tmp/hst.pem > certificate.crt
sed -n "$key_start,${key_end}p" /tmp/hst.pem > certificate.key
chown root:mail $HESTIA/ssl/*
chmod 660 $HESTIA/ssl/*
rm /tmp/hst.pem

# Adding nologin as a valid system shell
if [ -z "$(grep nologin /etc/shells)" ]; then
    echo "/usr/sbin/nologin" >> /etc/shells
fi

# Install dhparam.pem
#cp -fn $HESTIA_INSTALL_DIR/ssl/dhparam.pem /etc/ssl
openssl dhparam -dsaparam -out /etc/ssl/dhparam.pem 4096

if [ "$nginx" = 'yes' ]; then
    echo "(*) Configuring NGINX..."
    rm -f /etc/nginx/conf.d/*.conf
    cp -fn $HESTIA_INSTALL_DIR/nginx/nginx.conf /etc/nginx/
    cp -fn $HESTIA_INSTALL_DIR/nginx/status.conf /etc/nginx/conf.d/
    cp -fn $HESTIA_INSTALL_DIR/nginx/phpmyadmin.inc /etc/nginx/conf.d/
    cp -fn $HESTIA_INSTALL_DIR/nginx/phppgadmin.inc /etc/nginx/conf.d/
    cp -fn $HESTIA_INSTALL_DIR/logrotate/nginx /etc/logrotate.d/
    mkdir -p /etc/nginx/conf.d/domains
    mkdir -p /var/log/nginx/domains

    # Update dns servers in nginx.conf
    dns_resolver=$(cat /etc/resolv.conf | grep -i '^nameserver' | cut -d ' ' -f2 | tr '\r\n' ' ' | xargs)
    for ip in $dns_resolver; do
        if [[ $ip =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
            resolver="$ip $resolver"
        fi
    done
    if [ ! -z "$resolver" ]; then
        sed -i "s/1.0.0.1 1.1.1.1/$resolver/g" /etc/nginx/nginx.conf
        sed -i "s/1.0.0.1 1.1.1.1/$resolver/g" /usr/local/hestia/nginx/conf/nginx.conf
    fi

    systemctl enable nginx > /dev/null 2>&1
    systemctl start nginx >> $LOG
fi

#----------------------------------------------------------#
#                     Configure PHP-FPM                    #
#----------------------------------------------------------#

if [ "$phpfpm" = 'yes' ]; then
    echo "(*) Configuring PHP-FPM..."
    $HESTIA/bin/v-add-web-php "$fpm_v" > /dev/null 2>&1
    cp -fn $HESTIA_INSTALL_DIR/php-fpm/www.conf /etc/php-fpm.d/www.conf
    systemctl enable php-fpm > /dev/null 2>&1
    systemctl start php-fpm >> $LOG
    update-alternatives --set php /usr/bin/php$fpm_v > /dev/null 2>&1
fi

#----------------------------------------------------------#
#                     Configure PHP                        #
#----------------------------------------------------------#

ZONE=$(timedatectl 2>/dev/null|grep 'Time zone'|awk '{print $3}')
if [ -e '/etc/sysconfig/clock' ]; then
    source /etc/sysconfig/clock
fi
if [ -z "$ZONE" ]; then
    ZONE='UTC'
fi
for pconf in $(find /etc/php* -name php.ini); do
    sed -i "s|;date.timezone =|date.timezone = $ZONE|g" $pconf
    sed -i 's%_open_tag = Off%_open_tag = On%g' $pconf
done

# Cleanup php session files not changed in the last 7 days (60*24*7 minutes)
echo '#!/bin/sh' > /etc/cron.daily/php-session-cleanup
echo "find -O3 /home/*/tmp/ -ignore_readdir_race -depth -mindepth 1 -name 'sess_*' -type f -cmin '+10080' -delete > /dev/null 2>&1" >> /etc/cron.daily/php-session-cleanup
echo "find -O3 $HESTIA/data/sessions/ -ignore_readdir_race -depth -mindepth 1 -name 'sess_*' -type f -cmin '+10080' -delete > /dev/null 2>&1" >> /etc/cron.daily/php-session-cleanup
chmod 755 /etc/cron.daily/php-session-cleanup


#----------------------------------------------------------#
#                    Configure Vsftpd                      #
#----------------------------------------------------------#

if [ "$vsftpd" = 'yes' ]; then
    echo "(*) Configuring Vsftpd server..."
    cp -fn $HESTIA_INSTALL_DIR/vsftpd/vsftpd.conf /etc/
    touch /var/log/vsftpd.log
    chown root:adm /var/log/vsftpd.log
    chmod 640 /var/log/vsftpd.log
    touch /var/log/xferlog
    chown root:adm /var/log/xferlog
    chmod 640 /var/log/xferlog
    systemctl enable vsftpd
    systemctl start vsftpd >> $LOG
fi

#----------------------------------------------------------#
#                  Configure MySQL                       #
#----------------------------------------------------------#

if [ "$mysql" = 'yes' ]; then
    echo "(*) Configuring MySQL database server..."
    mycnf="my-small.cnf"
    if [ $memory -gt 1200000 ]; then
        mycnf="my-medium.cnf"
    fi
    if [ $memory -gt 3900000 ]; then
        mycnf="my-large.cnf"
    fi

    # Configuring MySQL
    #cp -fn $HESTIA_INSTALL_DIR/mysql/$mycnf /etc/percona-server.conf.d/mysqld.cnf
    #mysql_install_db >> $LOG

    systemctl enable mysql
    systemctl start mysql >> $LOG

    # Securing MySQL installation
    #mpass=$(date +%s | sha256sum | base64 | head -c 16 ; echo)
    mpass=`grep 'temporary password' /var/log/mysqld.log | tail -n 1 | cut -d"@" -f 2 | cut -d" " -f 2`
    echo -e "[client]\npassword='$mpass'\n" > /root/.my.cnf
    mysqladmin -u root password $mpass >> $LOG
    chmod 600 /root/.my.cnf

    # Clear MySQL Test Users and Databases
    mysql -e "DELETE FROM mysql.user WHERE User=''"
    mysql -e "DROP DATABASE test" > /dev/null 2>&1
    mysql -e "DELETE FROM mysql.db WHERE Db='test' OR Db='test\\_%'"
    mysql -e "DELETE FROM mysql.user WHERE user='';"
    mysql -e "DELETE FROM mysql.user WHERE authentication_string='';"


    # Configuring phpMyAdmin
    mysql < /usr/share/phpMyAdmin/sql/create_tables.sql
    p=$(date +%s | sha256sum | base64 | head -c 16 ; echo)
    fish=$(date +%s | sha256sum | base64 | head -c 16 ; echo)
    mysql -e "GRANT ALL ON phpmyadmin.*
        TO phpmyadmin@localhost IDENTIFIED BY '$p'"
    cp -fn $HESTIA/pma/config.inc.conf /etc/phpMyAdmin/config.inc.php
    sed -i "s/%blowfish_secret%/$fish/g" /etc/phpMyAdmin/config.inc.php
    sed -i "s/%phpmyadmin_pass%/$p/g" /etc/phpMyAdmin/config.inc.php
    chmod 777 /var/lib/phpMyAdmin/temp
    chmod 777 /var/lib/phpMyAdmin/save


    # Configuring phpMyAdmin
    #cp -fn $HESTIA_INSTALL_DIR/pma/config.inc.php /etc/phpMyAdmin/
    #chmod 777 /var/lib/phpMyAdmin/temp/
fi


#----------------------------------------------------------#
#                      Configure Bind                      #
#----------------------------------------------------------#

if [ "$named" = 'yes' ]; then
    echo "(*) Configuring Bind DNS server..."
    cp -fn $HESTIA_INSTALL_DIR/bind/named.conf /etc/
    cp -fn $HESTIA_INSTALL_DIR/bind/named.conf.options /etc/named/
    chown root:named /etc/named.conf
    chown root:named /etc/bind/named.conf.options
    chown named:named /var/cache/bind
    chmod 640 /etc/named.conf
    chmod 640 /etc/named/named.conf.options
    #aa-complain /usr/sbin/named > /dev/null 2>&1
    #echo "/home/** rwm," >> /etc/apparmor.d/local/usr.sbin.named 2> /dev/null
    #if ! grep --quiet lxc /proc/1/environ; then
    #    systemctl status apparmor > /dev/null 2>&1
    #    if [ $? -ne 0 ]; then
    #        systemctl restart apparmor >> $LOG
    #    fi
    #fi
    systemctl enable bind9
    systemctl start bind9

    # Workaround for OpenVZ/Virtuozzo
    #if [ -e "/proc/vz/veinfo" ] && [ -e "/etc/rc.local" ]; then
    #    sed -i "s/^exit 0/service bind9 restart\nexit 0/" /etc/rc.local
    #fi
fi


#----------------------------------------------------------#
#                      Configure Exim                      #
#----------------------------------------------------------#

if [ "$exim" = 'yes' ]; then
    echo "(*) Configuring Exim mail server..."
    gpasswd -a exim mail > /dev/null 2>&1
    cp -fn $HESTIA_INSTALL_DIR/exim/exim4.conf.template /etc/exim/exim.conf.template
    cp -fn $HESTIA_INSTALL_DIR/exim/dnsbl.conf /etc/exim/
    cp -fn $HESTIA_INSTALL_DIR/exim/spam-blocks.conf /etc/exim/
    touch /etc/exim/white-blocks.conf

    if [ "$spamd" = 'yes' ]; then
        sed -i "s/#SPAM/SPAM/g" /etc/exim/exim.conf.template
    fi
    if [ "$clamd" = 'yes' ]; then
        sed -i "s/#CLAMD/CLAMD/g" /etc/exim/exim.conf.template
    fi

    chmod 640 /etc/exim/exim.conf.template
    rm -rf /etc/exim/domains
    mkdir -p /etc/exim/domains

    rm -fn /etc/alternatives/mta
    ln -s /usr/sbin/exim /etc/alternatives/mta
    systemctl disable sendmail > /dev/null 2>&1
    systemctl stop sendmail > /dev/null 2>&1
    systemctl disable postfix > /dev/null 2>&1
    systemctl stop postfix > /dev/null 2>&1

    systemctl enable exim
    systemctl start exim4 >> $LOG
fi


#----------------------------------------------------------#
#                     Configure Dovecot                    #
#----------------------------------------------------------#

if [ "$dovecot" = 'yes' ]; then
    echo "(*) Configuring Dovecot POP/IMAP mail server..."
    gpasswd -a dovecot mail > /dev/null 2>&1
    cp -rf $HESTIA_INSTALL_DIR/dovecot /etc/
    cp -fn $HESTIA_INSTALL_DIR/logrotate/dovecot /etc/logrotate.d/
    if [ "$release" = '18.04' ]; then
        rm -fn /etc/dovecot/conf.d/15-mailboxes.conf
    fi
    chown -R root:root /etc/dovecot*
    systemctl enable dovecot
    systemctl start dovecot >> $LOG
fi

#----------------------------------------------------------#
#                     Configure ClamAV                     #
#----------------------------------------------------------#

if [ "$clamd" = 'yes' ]; then
    gpasswd -a clamav mail > /dev/null 2>&1
    gpasswd -a clamav exim > /dev/null 2>&1
    cp -fn $HESTIA_INSTALL_DIR/clamav/clamd.conf /etc/
    systemctl enable clamd
    echo -ne "(*) Installing ClamAV anti-virus definitions... "
    /usr/bin/freshclam >> $LOG &
    BACK_PID=$!
    spin_i=1
    while kill -0 $BACK_PID > /dev/null 2>&1 ; do
        printf "\b${spinner:spin_i++%${#spinner}:1}"
        sleep 0.5
    done
    echo
    systemctl start clamav-daemon >> $LOG
fi


#----------------------------------------------------------#
#                  Configure SpamAssassin                  #
#----------------------------------------------------------#

if [ "$spamd" = 'yes' ]; then
    echo "(*) Configuring SpamAssassin..."
    systemctl enable spamassassin > /dev/null 2>&1
    #sed -i "s/ENABLED=0/ENABLED=1/" /etc/default/spamassassin
    systemctl start spamassassin >> $LOG
    unit_files="$(systemctl list-unit-files |grep spamassassin)"
    if [[ "$unit_files" =~ "disabled" ]]; then
        systemctl enable spamassassin > /dev/null 2>&1
    fi
fi

#----------------------------------------------------------#
#                   Configure Roundcube                    #
#----------------------------------------------------------#

if [ "$dovecot" = 'yes' ] && [ "$exim" = 'yes' ] && [ "$mysql" = 'yes' ]; then
    echo "(*) Configuring Roundcube webmail client..."
    cp -fn $HESTIA_INSTALL_DIR/roundcube/main.inc.php /etc/roundcubemail/config.inc.php
    cp -fn $HESTIA_INSTALL_DIR/roundcube/config.inc.php /etc/roundcubemail/plugins/password/
    cp -fn $HESTIA_INSTALL_DIR/roundcube/hestia.php /usr/share/roundcubemail/plugins/password/drivers/
    touch /var/log/roundcubemail/errors
    chmod 640 /etc/roundcubemail/config.inc.php
    chown root:nginx /etc/roundcubemail/config.inc.php
    chmod 640 /var/log/roundcubemail/errors
    chown nginx:adm /var/log/roundcubemail/errors

    r="$(date +%s | sha256sum | base64 | head -c 32 ; echo)"
    rcDesKey="$(openssl rand -base64 30 | tr -d "/" | cut -c1-24)"
    mysql -e "CREATE DATABASE roundcube"
    mysql -e "GRANT ALL ON roundcube.*
        TO roundcube@localhost IDENTIFIED BY '$r'"
    sed -i "s/%password%/$r/g" /etc/roundcubemail/debian-db-roundcube.php
    sed -i "s/%des_key%/$rcDesKey/g" /etc/roundcubemail/config.inc.php
    sed -i "s/localhost/$servername/g" /etc/roundcubemail/plugins/password/config.inc.php
    mysql roundcube < /usr/share/roundcubemail/SQL/mysql.initial.sql

    # Configure webmail alias
    echo "WEBMAIL_ALIAS='webmail'" >> $HESTIA/conf/hestia.conf

    # Add robots.txt
    echo "User-agent: *" > /var/lib/roundcubemail/robots.txt
    echo "Disallow: /" >> /var/lib/roundcubemail/robots.txt

    if [ "$nginx" = 'yes' ]; then
        systemctl restart nginx >> $LOG
    fi
fi

#----------------------------------------------------------#
#                    Configure Fail2Ban                    #
#----------------------------------------------------------#

if [ "$fail2ban" = 'yes' ]; then
    echo "(*) Configuring fail2ban access monitor..."
    cp -rf $HESTIA_INSTALL_DIR/fail2ban /etc/
    if [ "$dovecot" = 'no' ]; then
        fline=$(cat /etc/fail2ban/jail.local |grep -n dovecot-iptables -A 2)
        fline=$(echo "$fline" |grep enabled |tail -n1 |cut -f 1 -d -)
        sed -i "${fline}s/true/false/" /etc/fail2ban/jail.local
    fi
    if [ "$exim" = 'no' ]; then
        fline=$(cat /etc/fail2ban/jail.local |grep -n exim-iptables -A 2)
        fline=$(echo "$fline" |grep enabled |tail -n1 |cut -f 1 -d -)
        sed -i "${fline}s/true/false/" /etc/fail2ban/jail.local
    fi
    if [ "$vsftpd" = 'yes' ]; then
        #Create vsftpd Log File
        if [ ! -f "/var/log/vsftpd.log" ]; then
            touch /var/log/vsftpd.log
        fi
        fline=$(cat /etc/fail2ban/jail.local |grep -n vsftpd-iptables -A 2)
        fline=$(echo "$fline" |grep enabled |tail -n1 |cut -f 1 -d -)
        sed -i "${fline}s/false/true/" /etc/fail2ban/jail.local
    fi

    systemctl enable fail2ban
    systemctl start fail2ban >> $LOG
fi


#----------------------------------------------------------#
#                       Configure API                      #
#----------------------------------------------------------#

if [ "$api" = 'yes' ]; then
    echo "API='yes'" >> $HESTIA/conf/hestia.conf
else
    rm -r $HESTIA/web/api
    echo "API='no'" >> $HESTIA/conf/hestia.conf
fi


#----------------------------------------------------------#
#                   Configure Admin User                   #
#----------------------------------------------------------#

# Deleting old admin user
if [ ! -z "$(grep ^admin: /etc/passwd)" ] && [ "$force" = 'yes' ]; then
    chattr -i /home/admin/conf > /dev/null 2>&1
    userdel -f admin > /dev/null 2>&1
    chattr -i /home/admin/conf > /dev/null 2>&1
    mv -f /home/admin  $hst_backups/home/ > /dev/null 2>&1
    rm -f /tmp/sess_* > /dev/null 2>&1
fi
if [ ! -z "$(grep ^admin: /etc/group)" ] && [ "$force" = 'yes' ]; then
    groupdel admin > /dev/null 2>&1
fi

# Enable sftp jail
$HESTIA/bin/v-add-sys-sftp-jail > /dev/null 2>&1

# Adding Hestia admin account
$HESTIA/bin/v-add-user admin $vpass $email default System Administrator
$HESTIA/bin/v-change-user-shell admin nologin
$HESTIA/bin/v-change-user-language admin $lang

# Configuring system IPs
$HESTIA/bin/v-update-sys-ip > /dev/null 2>&1

# Get main IP
ip=$(ip addr|grep 'inet '|grep global|head -n1|awk '{print $2}'|cut -f1 -d/)

# Configuring firewall
if [ "$iptables" = 'yes' ]; then
    $HESTIA/bin/v-update-firewall
fi

# Get public IP
pub_ip=$(curl --ipv4 -s https://ip.hestiacp.com/)
if [ ! -z "$pub_ip" ] && [ "$pub_ip" != "$ip" ]; then
    if [ -e /etc/rc.local ]; then
        sed -i '/exit 0/d' /etc/rc.local
    fi

    #check_rclocal=$(cat /etc/rc.local | grep "#!")
    #if [ -z "$check_rclocal" ]; then
    #    echo "#!/bin/sh" >> /etc/rc.local
    #fi

    echo "$HESTIA/bin/v-update-sys-ip" >> /etc/rc.local
    echo "exit 0" >> /etc/rc.local
    chmod +x /etc/rc.local
    systemctl enable rc-local
    $HESTIA/bin/v-change-sys-ip-nat $ip $pub_ip > /dev/null 2>&1
    ip=$pub_ip
fi

# Configuring MySQL host
if [ "$mysql" = 'yes' ]; then
    $HESTIA/bin/v-add-database-host mysql localhost root $mpass mysql
fi

# Adding default domain
$HESTIA/bin/v-add-web-domain admin $servername

# Adding cron jobs
export SCHEDULED_RESTART="yes"
command="sudo $HESTIA/bin/v-update-sys-queue restart"
$HESTIA/bin/v-add-cron-job 'admin' '*/2' '*' '*' '*' '*' "$command"
systemctl restart cron

command="sudo $HESTIA/bin/v-update-sys-queue disk"
$HESTIA/bin/v-add-cron-job 'admin' '15' '02' '*' '*' '*' "$command"
command="sudo $HESTIA/bin/v-update-sys-queue traffic"
$HESTIA/bin/v-add-cron-job 'admin' '10' '00' '*' '*' '*' "$command"
command="sudo $HESTIA/bin/v-update-sys-queue webstats"
$HESTIA/bin/v-add-cron-job 'admin' '30' '03' '*' '*' '*' "$command"
command="sudo $HESTIA/bin/v-update-sys-queue backup"
$HESTIA/bin/v-add-cron-job 'admin' '*/5' '*' '*' '*' '*' "$command"
command="sudo $HESTIA/bin/v-backup-users"
$HESTIA/bin/v-add-cron-job 'admin' '10' '05' '*' '*' '*' "$command"
command="sudo $HESTIA/bin/v-update-user-stats"
$HESTIA/bin/v-add-cron-job 'admin' '20' '00' '*' '*' '*' "$command"
command="sudo $HESTIA/bin/v-update-sys-rrd"
$HESTIA/bin/v-add-cron-job 'admin' '*/5' '*' '*' '*' '*' "$command"

# Enable automatic updates
$HESTIA/bin/v-add-cron-hestia-autoupdate

# Building initital rrd images
$HESTIA/bin/v-update-sys-rrd

# Enabling file system quota
if [ "$quota" = 'yes' ]; then
    $HESTIA/bin/v-add-sys-quota
fi

# Set backend port
$HESTIA/bin/v-change-sys-port $port

# Set default theme
$HESTIA/bin/v-change-sys-theme 'default'

# Starting Hestia service
systemctl enable hestia
systemctl start hestia
chown admin:admin $HESTIA/data/sessions

#----------------------------------------------------------#
#                   Hestia Access Info                     #
#----------------------------------------------------------#

# Comparing hostname and IP
host_ip=$(host $servername| head -n 1 |awk '{print $NF}')
if [ "$host_ip" = "$ip" ]; then
    ip="$servername"
fi

echo -e "\n"
echo "===================================================================="
echo -e "\n"

# Sending notification to admin email
echo -e "Congratulations!

You have successfully installed Hestia Control Panel on your server.

Ready to get started? Log in using the following credentials:

    Admin URL:  https://$ip:$port
    Username:   admin
    Password:   $vpass

Thank you for choosing Hestia Control Panel to power your full stack web server,
we hope that you enjoy using it as much as we do!

Please feel free to contact us at any time if you have any questions,
or if you encounter any bugs or problems:

E-mail:  info@hestiacp.com
Web:     https://www.hestiacp.com/
Forum:   https://forum.hestiacp.com/
GitHub:  https://www.github.com/hestiacp/hestiacp

Note: Automatic updates are enabled by default. If you would like to disable them,
please log in and navigate to Server > Updates to turn them off.

Help support the Hestia Contol Panel project by donating via PayPal:
https://www.hestiacp.com/donate
--
Sincerely yours,
The Hestia Control Panel development team

Made with love & pride by the open-source community around the world.
" > $tmpfile

send_mail="$HESTIA/web/inc/mail-wrapper.php"
cat $tmpfile | $send_mail -s "Hestia Control Panel" $email

# Congrats
echo
cat $tmpfile
rm -f $tmpfile

# Add welcome message to notification panel
$HESTIA/bin/v-add-user-notification admin 'Welcome!' 'For more information on how to use Hestia Control Panel, click on the Help icon in the top right corner of the toolbar.<br><br>Please report any bugs or issues on GitHub at<br>https://github.com/hestiacp/hestiacp/issues<br><br>Have a great day!'

echo "(!) IMPORTANT: You must logout or restart the server before continuing."
echo ""
if [ "$interactive" = 'yes' ]; then
    echo -n " Do you want to reboot now? [Y/N] "
    read reboot

    if [ "$reboot" = "Y" ] || [ "$reboot" = "y" ]; then
        reboot
    fi
fi

# EOF