#!/bin/bash
# This shell script documents how to install Kolab + Horde using native Debian packages.
# WARNING : this is an experimental script is incomplete, and could destroy
# configuration and/or data.  It's best to read it, cut and paste small sections and
# observe the output.
#
# The Kolab+Horde installation process in summary :
# 1) Kolab, Horde and supporting software packages are installed
# 2) The Kolab bootstrap script is run to produce a Kolab configuration
# 3) Some final options need to be configured through the Kolab web interface.
#    This completes the Kolab portion of the configuration.
# 4) Enable Horde in Apache by placing config files in /etc/apache2/...
# 5) Change /etc/horde/... file permissions so configuring Horde via web
#    is possible.
# 6) Create Horde backend database.  This script uses PostgreSQL.
# 7) Edit /etc/horde/horde3/conf.php to open access to the web interface
# 8) Configure the Horde via web interface
#
# Kolab + Horde installation process in detail :
#
# The following command adds a couple of lines to /etc/apt/sources.list .
# This adds horde and kolab experimental package repositories to Debians
# package manager.
cat >> /etc/apt/sources.list <<-EOF
	deb http://pkg-kolab.alioth.debian.org/packages/snapshots/kolab unstable main
	deb http://pkg-kolab.alioth.debian.org/packages/snapshots/horde unstable main
EOF

# The list of available packages is updated to include the packages in the new repository.
apt-get update

# Kolab is installed, along with the kolab webadmin tool.  Because we're using a PostgreSQL
# backend, PostgreSQL and the php5 pgsql plugin are installed.
apt-get install kolabd kolab-webadmin php5-pgsql postgresql-8.3

# Stop all Kolab related daemons so we can modify configuration.
/etc/init.d/apache2 stop
/etc/init.d/kolabd stop
/etc/init.d/kolab-cyrus stop
/etc/init.d/postfix stop
/etc/init.d/saslauthd stop
/etc/init.d/slapd stop

# Run the Kolab bootstrap/configuration script
kolab_bootstrap -b

# Three values in the kolab webadmin config need to be edited.  We use some script
# magic to read values from /etc/kolab/kolab.conf (created by kolab_bootstrap above) and use these
# values to edit the kolab webadmin config file - /etc/kolab-webadmin/session_vars.php .

sed -i -e "s@kolabserver.example.com@`grep '^fqdnhostname : ' /etc/kolab/kolab.conf | gawk '{ print $3 }'`@" /etc/kolab-webadmin/session_vars.php
sed -i -e "s@dc=example,dc=com@`grep '^base_dn : ' /etc/kolab/kolab.conf | gawk '{ print $3 }'`@" /etc/kolab-webadmin/session_vars.php
sed  -i -e "s@PASSWORD@`grep '^php_pw : ' /etc/kolab/kolab.conf | gawk '{ print $3 }'`@" /etc/kolab-webadmin/session_vars.php

# Start all Kolab related daemons
/etc/init.d/slapd start
/etc/init.d/saslauthd start
/etc/init.d/postfix start
/etc/init.d/kolab-cyrus start
/etc/init.d/kolabd start
/etc/init.d/apache2 start

echo "Go to https://localhost/admin/ and follow the instructions given
echo "on this page to set up your Kolab instance."
echo "Username = manager...  password is the one chosen during setup."
echo "When done hit any key to continue..."
read

# We must modify Apaches config to display the horde web pages.  This is done as follows :
#
# Apache2 looks for configuration files in the /etc/apache2/sites-enabled directory.
# Standard practice is to create a configuration file in /etc/apache2/sites-available, and
# then create a link to this file in the sites-enabled directory.
#
# NOTE : the "allow from" line should be modified if necessary to suit your network.  It
# controls which machines can connect to horde.  There can be multiple "allow from" lines
# eg :
#        allow from 10.0.0.0/24
#        allow from 192.168.1.0/8
#        allow from 187.221.13.14
cat > /etc/apache2/sites-available/horde3 <<-EOF
	Alias /horde3 /usr/share/horde3
	<Directory /usr/share/horde3>
	    Options FollowSymLinks
	    AllowOverride Limit
	    deny from all
	    allow from 192.168.0.0/16
	</Directory>
EOF
ln -s /etc/apache2/sites-available/horde3 /etc/apache2/sites-enabled/horde3

# Restart apache so it loads the above changes.
/etc/init.d/apache2 restart

# Horde is able to be configured through its own web interface, but by default this won't
# work because of strict file permission settings.  This is done for security, but during
# configuration we'll temporarily allow changes.

chmod 770 /etc/horde/horde3/conf.php

# NOTE : This should be changed back as soon as possible!!!  Use the following command :
# chmod 700 /etc/horde/horde3/config.php

# Horde also makes backups of your configuration to /etc/horde/horde3/conf.bak.php
# Create this file if it doesn't yet exist, give it the permissions required for it to
# be writable.
touch /etc/horde/horde3/conf.bak.php
chgrp www-data /etc/horde/horde3/conf.bak.php
chmod 770 /etc/horde/horde3/conf.bak.php

# Hordes log file needs similar treatment.  We hange its group ownership to www-data, and
# modify privs as above
touch /var/log/horde/horde3.log
chgrp www-data /var/log/horde/horde3.log
chmod 770 /var/log/horde/horde3.log

# Modify /etc/postgresql/8.3/main/pg_hba.conf to allow local access.
sed -i "s@Unix\ domain\ socket\ connections\ only@\
Unix\ domain\ socket\ connections\ only\n\
local\ \ horde\ \ horde\ \ md5\
@" /etc/postgresql/8.3/main/pg_hba.conf

# Restart the postgresql daemon so the changes come into effect
/etc/init.d/postgresql-8.3 restart

# The following command unzips the horde database-creation script,
# edits this script to add a password to the horde user, then runs this
# script in the postgresql client so the horde database is created.
gunzip < /usr/share/doc/horde3/examples/scripts/sql/create.pgsql.sql.gz | \
sed "s@--\ ALTER\ USER\ horde\ WITH\ PASSWORD\ 'pass';@\
ALTER\ USER\ horde\ WITH\ PASSWORD\ 'newpassword';@" | \
sudo -u postgres psql -f -


echo "edit /etc/horde/horde3/conf.php and comment out or delete lines 2 through 5.  A php"
echo "comment is bracketed by using /* to start a comment, and */ to end a comment."
echo ""
echo "After restarting Apache you can access horde through http://localhost/horde3"
echo "You MUST hit the 'generate configuration' button, and then configure these tabs in
echo "the following order : kolab server, database, datatree, preference system,"
echo "authentication, shares.  After each step hit 'generate configuration'.  If at any stage"
echo "the configuration web interface fails you can copy /etc/horde/horde3/conf.bak.php back"
echo "over your config to go back to the previous step."
echo "When configuring Horde Kolab options you can look in /etc/kolab/kolab.conf for details."
echo "If you fail to add users, you WILL NOT be able to log in."
echo "After !!!CAREFULLY!!! reading and completing the above hit any key to continue..."
read
echo "Horde applications can now be added...  eg:"
echo "apt-get install imp4 kronolith2"
echo "These applications have their own configuration files, and these will need to be"
echo "modified in the same way as for the original horde application. eg:"
echo "chmod 770 /etc/horde/imp4/conf.php"
echo "touch /etc/horde/imp4/conf.bak.php"
echo "chgrp www-data /etc/horde/imp4/conf.bak.php"
echo "chmod 770 /etc/horde/imp4/conf.bak.php"
echo ""
echo "After completing configuration - tighten permissions on all configs eg:"
echo "chmod 640 /etc/horde/horde3/conf.php"
echo "chmod 600 /etc/horde/horde3/conf.bak.php"
echo "There are known issues with authentication in IMP/DIMP, and also potential"
echo "problems with Turba.  See this page : "
echo "http://wiki.kolab.org/index.php/Debian_-_Administrators_-_Known_issues"