#!/bin/bash

APP=bordro-esleme

apt update && apt upgrade
apt -y install mc rsync curl nginx
dpkg-reconfigure tzdata

useradd --system --shell=/usr/sbin/nologin ${APP}

mkdir -p /opt/${APP}/sqls
mkdir -p /opt/${APP}/migrate
mkdir -p /opt/${APP}/ui
mkdir -p /opt/${APP}/files

echo "Creating application service"
read -d '' sservice << EOF
[Unit]
Description=${APP}
After=syslog.target
After=network.target
#Requires=postgresql.service
#Requires=memcached.service
#Requires=redis.service

[Service]
# Modify these two values and uncomment them if you have
# repos with lots of files and get an HTTP error 500 because
# of that
###
LimitMEMLOCK=infinity
LimitNOFILE=1048576

RestartSec=2s
Type=simple
User=${APP}
Group=${APP}
WorkingDirectory=/opt/${APP}/
ExecStart=/opt/${APP}/${APP}
Restart=always

Environment=AUTHSERVER=http://127.0.0.1:40200 SQLSDIR=./sqls DBHOST=10.0.0.2 DBNAME=bordroesleme DBPASS=tesnos.+ed

# enable to bind to a port below 1024 uncomment
###
#CapabilityBoundingSet=CAP_NET_BIND_SERVICE
#AmbientCapabilities=CAP_NET_BIND_SERVICE

# Prevent writes to /usr, /boot, and /etc
ProtectSystem=full

# Prevent accessing /home, /root and /run/user
ProtectHome=true

# Execute pre and post scripts as root, otherwise it does it as User=
PermissionsStartOnly=true

[Install]
WantedBy=multi-user.target
EOF
echo "$sservice" > /etc/systemd/system/${APP}.service

systemctl daemon-reload
systemctl enable ${APP}