#!/bin/bash

####################################################################################################
#### author: SlickStack ############################################################################
#### link: https://slickstack.io ###################################################################
#### mirror: https://mirrors.slickstack.io/bash/ss-worker.txt ######################################
#### path: /var/www/ss-worker ######################################################################
#### destination: n/a (not a boilerplate) ##########################################################
#### purpose: Performs SlickStack maintenance tasks and retrieves the latest ss-check file #########
#### module version: Ubuntu 20.04 LTS ##############################################################
#### sourced by: ss core cron jobs, ss-install, ss-update, ss update ###############################
#### bash aliases: ss worker #######################################################################
####################################################################################################

## source ss-config ##
source /var/www/ss-config

## source ss-functions ##
source /var/www/ss-functions

## BELOW THIS RELIES ON SS-CONFIG AND SS-FUNCTIONS

####################################################################################################
#### TABLE OF CONTENTS #############################################################################
####################################################################################################

## A. Message (Begin)
## B. Cleanup Temporary Files
## C. Backup Current SS-Config File
## D. Retrieve Latest SS-Check Script
## E. Reset SlickStack Core Permissions

####################################################################################################
#### A. SS-Worker: Message (Begin Script) ##########################################################
####################################################################################################

## this is a simple message that announces to the shell the purpose of this bash script ##
## it will only be noticed by sudo users who manually call ss core bash scripts ##

## echo message ##
echo -e "${PURPLE}Running ss-worker: Performs SlickStack maintenance tasks and retrieves the latest ss-check file... ${NOCOLOR}"
sleep "$SLEEP_MESSAGE_BEGIN"

####################################################################################################
#### B. SS-Worker: Cleanup Temporary Files #########################################################
####################################################################################################

## we briefly cleanup any leftover temporarily files that are relevant to this script ##
## this is performed before and after associated code runs to avoid conflicts ##

## delete tmp files ##
rm /tmp/ss*
rm /tmp/*cron*
rm /tmp/blacklist*
rm /tmp/maintenance.html*

####################################################################################################
#### C. SS-Worker: Backup Current SS-Config File ###################################################
####################################################################################################

## SNIPPET: ss-worker, ss-update

## this snippet will duplicate your live ss-config file to the /var/www/meta/ folder ##
## the timestamped .bak files will be cleaned up periodically by ss-clean ##

## backup ss-config ##
current_time=$(date "+%Y.%b.%d-%H:%M:%S")
cp /var/www/ss-config /var/www/backups/config/ss-config.bak.$current_time

####################################################################################################
#### D. SS-Worker: Retrieve Latest SS-Check File (SS Core Bash Script) #############################
####################################################################################################

## here we retrieve the latest ss-check core bash script to improve overall redundancy ##
## thus ss-check avoids installing itself and no single point of failure (SPOF) ##

## retrieve latest ss-check (ss core bash script) ##
wget -O /tmp/ss-check https://raw.githubusercontent.com/littlebizzy/slickstack/master/bash/ss-check.txt
# wget -O "$TMP_SS_CHECK" "$MIRROR_SS_CHECK"

## move (install) ss-check ##
cp /tmp/ss-check /var/www/ss-check
# cp "$TMP_SS_CHECK" "$PATH_SS_CHECK"

####################################################################################################
#### SS-Worker: Ensure WP-Config.php Intact ########################################################
####################################################################################################

## this snippet will check to ensure wp-config.php exists and contains SS_EOF string ##
## if not found then it will call script to reinstall the wp-config.php file ##

## ensure wp-config.php intact (production) ##
# if [[ -z "$VALIDATE_WP_CONFIG_PHP" ]]; then
#    source /var/www/ss-install-wordpress-config
# fi

####################################################################################################
#### SS-Worker: Retrieve Latest Custom Cron Job Boilerplates (If Not Exist) ########################
####################################################################################################

## this will retrieve and install boilerplates for custom cron jobs if none are found ##
## you can then edit these files as needed and they will not be overwritten ##

if [[ ! -f "/var/www/crons/custom/01-cron-often-custom" ]]; then
    wget -O /tmp/01-cron-often-custom "$MIRROR_01_CRON_OFTEN_CUSTOM"
    cp -n /tmp/01-cron-often-custom /var/www/crons/custom/01-cron-often-custom
fi

if [[ ! -f "/var/www/crons/custom/02-cron-regular-custom" ]]; then
    wget -O /tmp/02-cron-regular-custom "$MIRROR_02_CRON_REGULAR_CUSTOM"
    cp -n /tmp/02-cron-regular-custom /var/www/crons/custom/02-cron-regular-custom
fi

if [[ ! -f "/var/www/crons/custom/03-cron-quarter-hourly-custom" ]]; then
    wget -O /tmp/03-cron-quarter-hourly-custom "$MIRROR_03_CRON_QUARTER_HOURLY_CUSTOM"
    cp -n /tmp/03-cron-quarter-hourly-custom /var/www/crons/custom/03-cron-quarter-hourly-custom
fi

if [[ ! -f "/var/www/crons/custom/04-cron-half-hourly-custom" ]]; then
    wget -O /tmp/04-cron-half-hourly-custom "$MIRROR_04_CRON_HALF_HOURLY_CUSTOM"
    cp -n /tmp/04-cron-half-hourly-custom /var/www/crons/custom/04-cron-half-hourly-custom
fi

if [[ ! -f "/var/www/crons/custom/05-cron-hourly-custom" ]]; then
    wget -O /tmp/05-cron-hourly-custom "$MIRROR_05_CRON_HOURLY_CUSTOM"
    cp -n /tmp/05-cron-hourly-custom /var/www/crons/custom/05-cron-hourly-custom
fi

if [[ ! -f "/var/www/crons/custom/06-cron-quarter-daily-custom" ]]; then
    wget -O /tmp/06-cron-quarter-daily-custom "$MIRROR_06_CRON_QUARTER_DAILY_CUSTOM"
    cp -n /tmp/06-cron-quarter-daily-custom /var/www/crons/custom/06-cron-quarter-daily-custom
fi

if [[ ! -f "/var/www/crons/custom/07-cron-half-daily-custom" ]]; then
    wget -O /tmp/07-cron-half-daily-custom "$MIRROR_07_CRON_HALF_DAILY_CUSTOM"
    cp -n /tmp/07-cron-half-daily-custom /var/www/crons/custom/07-cron-half-daily-custom
fi

if [[ ! -f "/var/www/crons/custom/08-cron-daily-custom" ]]; then
    wget -O /tmp/08-cron-daily-custom "$MIRROR_08_CRON_DAILY_CUSTOM"
    cp -n /tmp/08-cron-daily-custom /var/www/crons/custom/08-cron-daily-custom
fi

if [[ ! -f "/var/www/crons/custom/09-cron-half-weekly-custom" ]]; then
    wget -O /tmp/09-cron-half-weekly-custom "$MIRROR_09_CRON_HALF_WEEKLY_CUSTOM"
    cp -n /tmp/09-cron-half-weekly-custom /var/www/crons/custom/09-cron-half-weekly-custom
fi

if [[ ! -f "/var/www/crons/custom/10-cron-weekly-custom" ]]; then
    wget -O /tmp/10-cron-weekly-custom "$MIRROR_10_CRON_WEEKLY_CUSTOM"
    cp -n /tmp/10-cron-weekly-custom /var/www/crons/custom/10-cron-weekly-custom
fi

if [[ ! -f "/var/www/crons/custom/11-cron-half-monthly-custom" ]]; then
    wget -O /tmp/11-cron-half-monthly-custom "$MIRROR_11_CRON_HALF_MONTHLY_CUSTOM"
    cp -n /tmp/11-cron-half-monthly-custom /var/www/crons/custom/11-cron-half-monthly-custom
fi

if [[ ! -f "/var/www/crons/custom/12-cron-monthly-custom" ]]; then
    wget -O /tmp/12-cron-monthly-custom "$MIRROR_12_CRON_MONTHLY_CUSTOM"
    cp -n /tmp/12-cron-monthly-custom /var/www/crons/custom/12-cron-monthly-custom
fi

if [[ ! -f "/var/www/crons/custom/13-cron-sometimes-custom" ]]; then
    wget -O /tmp/13-cron-sometimes-custom "$MIRROR_13_CRON_SOMETIMES_CUSTOM"
    cp -n /tmp/13-cron-sometimes-custom /var/www/crons/custom/13-cron-sometimes-custom
fi

####################################################################################################
#### SS-Worker: Install Latest SS-Constants.php Boilerplate ########################################
####################################################################################################

## SNIPPET: ss-worker, ss-install-wordpress-config

## retrieve latest ss-constants.php boilerplate ##
wget -O "$TMP_SS_CONSTANTS_PHP" "$MIRROR_SS_CONSTANTS_PHP"

    ## set SlickStack dashboard ##
    if [[ -z "$SS_DASHBOARD" ]]; then 
        sed -i "s/@SS_DASHBOARD/true/g" "$TMP_SS_CONSTANTS_PHP"
    else 
        sed -i "s/@SS_DASHBOARD/${SS_DASHBOARD}/g" "$TMP_SS_CONSTANTS_PHP"
    fi
    
SYSTEM_SERVER_SOFTWARE=$(nginx -v |& sed 's#nginx version: nginx/##')
SYSTEM_MYSQL_SIZE=$(du -sh /var/lib/mysql |& sed 's#/var/lib/mysql##')
SYSTEM_MYSQL_VERSION=$(mysql --version |& awk '{print $3}')

LAST_TIMESTAMP_00_CRONTAB=$(stat -c %x "$TIMESTAMP_SS_INSTALL_UBUNTU_CRONTAB")
LAST_TIMESTAMP_01_CRON_OFTEN=$(stat -c %x "$TIMESTAMP_01_CRON_OFTEN")
LAST_TIMESTAMP_02_CRON_REGULAR=$(stat -c %x "$TIMESTAMP_02_CRON_REGULAR")
LAST_TIMESTAMP_03_CRON_QUARTER_HOURLY=$(stat -c %x "$TIMESTAMP_03_CRON_QUARTER_HOURLY")
LAST_TIMESTAMP_04_CRON_HALF_HOURLY=$(stat -c %x "$TIMESTAMP_04_CRON_HALF_HOURLY")
LAST_TIMESTAMP_05_CRON_HOURLY=$(stat -c %x "$TIMESTAMP_05_CRON_HOURLY")
LAST_TIMESTAMP_06_CRON_QUARTER_DAILY=$(stat -c %x "$TIMESTAMP_06_CRON_QUARTER_DAILY")
LAST_TIMESTAMP_07_CRON_HALF_DAILY=$(stat -c %x "$TIMESTAMP_07_CRON_HALF_DAILY")
LAST_TIMESTAMP_08_CRON_DAILY=$(stat -c %x "$TIMESTAMP_08_CRON_DAILY")
LAST_TIMESTAMP_09_CRON_HALF_WEEKLY=$(stat -c %x "$TIMESTAMP_09_CRON_HALF_WEEKLY")
LAST_TIMESTAMP_10_CRON_WEEKLY=$(stat -c %x "$TIMESTAMP_10_CRON_WEEKLY")
LAST_TIMESTAMP_11_CRON_HALF_MONTHLY=$(stat -c %x "$TIMESTAMP_11_CRON_HALF_MONTHLY")
LAST_TIMESTAMP_12_CRON_MONTHLY=$(stat -c %x "$TIMESTAMP_12_CRON_MONTHLY")

if [[ ! -f "$TIMESTAMP_13_CRON_SOMETIMES" ]]; then
    LAST_TIMESTAMP_13_CRON_SOMETIMES=$(stat -c %x "$TIMESTAMP_13_CRON_SOMETIMES")
fi

sed -i "s|@SS_BUILD|${SS_BUILD}|g" "$TMP_SS_CONSTANTS_PHP"
sed -i "s|@SS_PLUGIN_BLACKLIST|${SS_PLUGIN_BLACKLIST}|g" "$TMP_SS_CONSTANTS_PHP"

sed -i "s|@WP_CRON_METHOD|${WP_CRON_METHOD}|g" "$TMP_SS_CONSTANTS_PHP"
sed -i "s|@WP_CRON_INTERVAL|${WP_CRON_INTERVAL}|g" "$TMP_SS_CONSTANTS_PHP"

if [[ -n "$LAST_TIMESTAMP_00_CRONTAB" ]]; then 
    sed -i "s|@LAST_TIMESTAMP_00_CRONTAB|${LAST_TIMESTAMP_00_CRONTAB}|g" "$TMP_SS_CONSTANTS_PHP"
else 
    sed -i "s|@LAST_TIMESTAMP_00_CRONTAB|UNKNOWN|g" "$TMP_SS_CONSTANTS_PHP"
fi

if [[ -n "$LAST_TIMESTAMP_01_CRON_OFTEN" ]]; then 
    sed -i "s|@LAST_TIMESTAMP_01_CRON_OFTEN|${LAST_TIMESTAMP_01_CRON_OFTEN}|g" "$TMP_SS_CONSTANTS_PHP"
else 
    sed -i "s|@LAST_TIMESTAMP_01_CRON_OFTEN|UNKNOWN|g" "$TMP_SS_CONSTANTS_PHP"
fi

if [[ -n "$LAST_TIMESTAMP_02_CRON_REGULAR" ]]; then 
    sed -i "s|@LAST_TIMESTAMP_02_CRON_REGULAR|${LAST_TIMESTAMP_02_CRON_REGULAR}|g" "$TMP_SS_CONSTANTS_PHP"
else 
    sed -i "s|@LAST_TIMESTAMP_02_CRON_REGULAR|UNKNOWN|g" "$TMP_SS_CONSTANTS_PHP"
fi

if [[ -n "$LAST_TIMESTAMP_03_CRON_QUARTER_HOURLY" ]]; then 
    sed -i "s|@LAST_TIMESTAMP_03_CRON_QUARTER_HOURLY|${LAST_TIMESTAMP_03_CRON_QUARTER_HOURLY}|g" "$TMP_SS_CONSTANTS_PHP"
else 
    sed -i "s|@LAST_TIMESTAMP_03_CRON_QUARTER_HOURLY|UNKNOWN|g" "$TMP_SS_CONSTANTS_PHP"
fi

if [[ -n "$LAST_TIMESTAMP_04_CRON_HALF_HOURLY" ]]; then 
    sed -i "s|@LAST_TIMESTAMP_04_CRON_HALF_HOURLY|${LAST_TIMESTAMP_04_CRON_HALF_HOURLY}|g" "$TMP_SS_CONSTANTS_PHP"
else 
    sed -i "s|@LAST_TIMESTAMP_04_CRON_HALF_HOURLY|UNKNOWN|g" "$TMP_SS_CONSTANTS_PHP"
fi

if [[ -n "$LAST_TIMESTAMP_05_CRON_HOURLY" ]]; then 
    sed -i "s|@LAST_TIMESTAMP_05_CRON_HOURLY|${LAST_TIMESTAMP_05_CRON_HOURLY}|g" "$TMP_SS_CONSTANTS_PHP"
else 
    sed -i "s|@LAST_TIMESTAMP_05_CRON_HOURLY|UNKNOWN|g" "$TMP_SS_CONSTANTS_PHP"
fi

if [[ -n "$LAST_TIMESTAMP_06_CRON_QUARTER_DAILY" ]]; then 
    sed -i "s|@LAST_TIMESTAMP_06_CRON_QUARTER_DAILY|${LAST_TIMESTAMP_06_CRON_QUARTER_DAILY}|g" "$TMP_SS_CONSTANTS_PHP"
else 
    sed -i "s|@LAST_TIMESTAMP_06_CRON_QUARTER_DAILY|UNKNOWN|g" "$TMP_SS_CONSTANTS_PHP"
fi

if [[ -n "$LAST_TIMESTAMP_07_CRON_HALF_DAILY" ]]; then 
    sed -i "s|@LAST_TIMESTAMP_07_CRON_HALF_DAILY|${LAST_TIMESTAMP_07_CRON_HALF_DAILY}|g" "$TMP_SS_CONSTANTS_PHP"
else 
    sed -i "s|@LAST_TIMESTAMP_07_CRON_HALF_DAILY|UNKNOWN|g" "$TMP_SS_CONSTANTS_PHP"
fi

if [[ -n "$LAST_TIMESTAMP_08_CRON_DAILY" ]]; then 
    sed -i "s|@LAST_TIMESTAMP_08_CRON_DAILY|${LAST_TIMESTAMP_08_CRON_DAILY}|g" "$TMP_SS_CONSTANTS_PHP"
else 
    sed -i "s|@LAST_TIMESTAMP_08_CRON_DAILY|UNKNOWN|g" "$TMP_SS_CONSTANTS_PHP"
fi

if [[ -n "$LAST_TIMESTAMP_09_CRON_HALF_WEEKLY" ]]; then 
    sed -i "s|@LAST_TIMESTAMP_09_CRON_HALF_WEEKLY|${LAST_TIMESTAMP_09_CRON_HALF_WEEKLY}|g" "$TMP_SS_CONSTANTS_PHP"
else 
    sed -i "s|@LAST_TIMESTAMP_09_CRON_HALF_WEEKLY|UNKNOWN|g" "$TMP_SS_CONSTANTS_PHP"
fi

if [[ -n "$LAST_TIMESTAMP_10_CRON_WEEKLY" ]]; then 
    sed -i "s|@LAST_TIMESTAMP_10_CRON_WEEKLY|${LAST_TIMESTAMP_10_CRON_WEEKLY}|g" "$TMP_SS_CONSTANTS_PHP"
else 
    sed -i "s|@LAST_TIMESTAMP_10_CRON_WEEKLY|UNKNOWN|g" "$TMP_SS_CONSTANTS_PHP"
fi

if [[ -n "$LAST_TIMESTAMP_11_CRON_HALF_MONTHLY" ]]; then 
    sed -i "s|@LAST_TIMESTAMP_11_CRON_HALF_MONTHLY|${LAST_TIMESTAMP_11_CRON_HALF_MONTHLY}|g" "$TMP_SS_CONSTANTS_PHP"
else 
    sed -i "s|@LAST_TIMESTAMP_11_CRON_HALF_MONTHLY|UNKNOWN|g" "$TMP_SS_CONSTANTS_PHP"
fi

if [[ -n "$LAST_TIMESTAMP_12_CRON_MONTHLY" ]]; then 
    sed -i "s|@LAST_TIMESTAMP_12_CRON_MONTHLY|${LAST_TIMESTAMP_12_CRON_MONTHLY}|g" "$TMP_SS_CONSTANTS_PHP"
else 
    sed -i "s|@LAST_TIMESTAMP_12_CRON_MONTHLY|UNKNOWN|g" "$TMP_SS_CONSTANTS_PHP"
fi

if [[ -n "$LAST_TIMESTAMP_13_CRON_SOMETIMES" ]]; then 
    sed -i "s|@LAST_TIMESTAMP_13_CRON_SOMETIMES|${LAST_TIMESTAMP_13_CRON_SOMETIMES}|g" "$TMP_SS_CONSTANTS_PHP"
else 
    sed -i "s|@LAST_TIMESTAMP_13_CRON_SOMETIMES|UNKNOWN|g" "$TMP_SS_CONSTANTS_PHP"
fi


sed -i "s|@SYSTEM_VENDOR|${SYSTEM_VENDOR}|g" "$TMP_SS_CONSTANTS_PHP"
sed -i "s|@SYSTEM_VIRTUAL|${SYSTEM_VIRTUAL}|g" "$TMP_SS_CONSTANTS_PHP"
sed -i "s|@SYSTEM_LINUX_KERNEL|${SYSTEM_LINUX_KERNEL}|g" "$TMP_SS_CONSTANTS_PHP"
sed -i "s|@SYSTEM_CPU_CORES|${SYSTEM_CPU_CORES}|g" "$TMP_SS_CONSTANTS_PHP"
sed -i "s|@SYSTEM_OS_PRETTY_NAME|${SYSTEM_OS_PRETTY_NAME}|g" "$TMP_SS_CONSTANTS_PHP"
sed -i "s|@SYSTEM_MYSQL_VERSION|${SYSTEM_MYSQL_VERSION}|g" "$TMP_SS_CONSTANTS_PHP"
sed -i "s|@SYSTEM_MYSQL_SIZE|${SYSTEM_MYSQL_SIZE}|g" "$TMP_SS_CONSTANTS_PHP"
sed -i "s|@SYSTEM_DISK_FREE|${SYSTEM_DISK_FREE}|g" "$TMP_SS_CONSTANTS_PHP"
sed -i "s|@SYSTEM_DISK_TOTAL|${SYSTEM_DISK_TOTAL}|g" "$TMP_SS_CONSTANTS_PHP"
sed -i "s|@SYSTEM_IPV4_ADDRESS|${SYSTEM_IPV4_ADDRESS}|g" "$TMP_SS_CONSTANTS_PHP"
sed -i "s|@SYSTEM_IPV6_ADDRESS|${SYSTEM_IPV6_ADDRESS}|g" "$TMP_SS_CONSTANTS_PHP"
sed -i "s|@SYSTEM_HOSTNAME|${SYSTEM_HOSTNAME}|g" "$TMP_SS_CONSTANTS_PHP"
sed -i "s|@SYSTEM_SERVER_SOFTWARE|${SYSTEM_SERVER_SOFTWARE}|g" "$TMP_SS_CONSTANTS_PHP"

SYSTEM_PHP_VERSION=$(php -v | awk '/^PHP/{print $2}')
# SYSTEM_PHP_EXTENSIONS
sed -i "s|@SYSTEM_PHP_VERSION|${SYSTEM_PHP_VERSION}|g" "$TMP_SS_CONSTANTS_PHP"
sed -i "s|@SYSTEM_PHP_EXTENSIONS|${SYSTEM_PHP_EXTENSIONS}|g" "$TMP_SS_CONSTANTS_PHP"

VALIDATE_TMP_SS_CONSTANTS_PHP=$(grep 'SS_EOF' "$TMP_SS_CONSTANTS_PHP")
if [[ -n "$VALIDATE_TMP_SS_CONSTANTS_PHP" ]]; then
    cp "$TMP_SS_CONSTANTS_PHP" "$PATH_SS_CONSTANTS_PHP"
    chown www-data:www-data "$PATH_SS_CONSTANTS_PHP"
    chmod 0440 "$PATH_SS_CONSTANTS_PHP" ## 0440 (read-only)
fi 

####################################################################################################
#### SS-Worker: Retrieve Latest Nginx Maintenance File #############################################
####################################################################################################

## retrieve latest maintenance.html file ##
wget -O /tmp/maintenance.html "$MIRROR_MAINTENANCE_HTML"
cp /tmp/maintenance.html /var/www/meta/maintenance.html
chown www-data:www-data /var/www/meta/maintenance.html
chmod 0444 /var/www/meta/maintenance.html ## 0444

####################################################################################################
#### SS-Worker: Reset Permissions (SlickStack Core) #################################################
####################################################################################################

## THIS SNIPPET DOES NOT RELY ON SS-CONFIG OR SS-FUNCTIONS ##

## SNIPPET: ss-check, ss-worker, ss core cron jobs

## we hardcode this permissions reset snippet into all ss core scripts for redundancy ##
## this ensures permissions are regularly fixed without requiring dependencies ##

## make directories ##
mkdir /var/www
mkdir /var/www/backups
mkdir /var/www/backups/config
mkdir /var/www/backups/html
mkdir /var/www/backups/mysql
mkdir /var/www/backups/mysql/data
mkdir /var/www/cache
mkdir /var/www/cache/nginx
mkdir /var/www/cache/opcache
mkdir /var/www/cache/system
mkdir /var/www/certs
mkdir /var/www/certs/keys
mkdir /var/www/crons
mkdir /var/www/crons/custom
mkdir /var/www/html
mkdir /var/www/html/.well-known
mkdir /var/www/html/.well-known/acme-challenge
mkdir /var/www/logs
mkdir /var/www/meta
mkdir /var/www/sites

## user/group ownership ##
chown root:root /var/www ## must be root:root
chown root:root /var/www/backups ## must be root:root
chown root:root /var/www/backups/config ## must be root:root
chown root:root /var/www/backups/mysql ## must be root:root
chown root:root /var/www/backups/mysql/data ## must be root:root
chown www-data:www-data /var/www/cache ## must be www-data:www-data
chown www-data:www-data /var/www/cache/nginx ## must be www-data:www-data
chown www-data:www-data /var/www/cache/opcache ## must be www-data:www-data
chown root:root /var/www/cache/system ## must be root:root
chown root:root /var/www/certs ## must be root:root
chown root:root /var/www/certs/keys ## must be root:root
chown root:root /var/www/crons ## must be root:root
chown root:root /var/www/crons/*cron* ## must be root:root
chown root:root /var/www/crons/custom ## must be root:root
chown root:root /var/www/crons/custom/*cron* ## must be root:root
chown -R "${SFTP_USER}":www-data /var/www/html/.well-known ## accessed by server for e.g. Cerbot but also by SFTP user for things like Stripe ##
chown -R "${SFTP_USER}":www-data /var/www/html/.well-known/acme-challenge ## accessed by server for e.g. Cerbot but also by SFTP user for things like Stripe ##
chown www-data:www-data /var/www/logs ## must be www-data:www-data
chown www-data:www-data /var/www/meta ## must be www-data:www-data
chown www-data:www-data /var/www/meta/ss-constants.php ## must be www-data:www-data
chown root:root /var/www/ss* ## must be root:root

## linux permissions ##
chmod 0755 /var/www ## must be 0755
chmod 0775 /var/www/cache ## 6755 should also work
chmod 0755 /var/www/cache/opcache ## 755 should also work
chmod 0755 /var/www/certs ## must be 0755
chmod 0700 /var/www/certs/keys ## must be 0700
chmod 0644 /var/www/certs/*.crt ## must be 0644
chmod 0644 /var/www/certs/*.pem ## must be 0644
chmod 0600 /var/www/certs/keys/*.key ## must be 0600
chmod 0600 /var/www/certs/keys/*.pem ## must be 0600
chmod 0755 /var/www/crons ## must be 0755
chmod 0700 /var/www/crons/*cron* ## 0700 means only root can execute
chmod 0755 /var/www/crons/custom ## must be 0755
chmod 0700 /var/www/crons/custom/*cron* ## 0700 means only root can execute
chmod 0755 /var/www/html/.well-known ## accessed by server for e.g. Cerbot but also by SFTP user for things like Stripe ##
chmod 0775 /var/www/logs ## 6755 should also work
chmod 0775 /var/www/meta ## 6755 should also work
chmod 0440 /var/www/meta/ss-constants.php
chmod 0700 /var/www/ss* ## 0700 means only root can execute

####################################################################################################
## SS-Worker: Download Latest Blacklist.txt File For Plugin Blacklist (MU Plugin) ##################
####################################################################################################

## here we retrieve the latest plugin blacklist file which might contain urgent changes ##
## maintaining a thoughtful blacklist vastly improves WP performance and security ##

## download latest blacklist (or custom blacklist) ##
if [[ -z "$PLUGIN_BLACKLIST_SOURCE" ]]; then 
    wget -O /tmp/blacklist.txt "$MIRROR_BLACKLIST_TXT"
else 
    wget -O /tmp/blacklist.txt "$PLUGIN_BLACKLIST_SOURCE"
fi

## copy file to wp-content directory ##
cp /tmp/blacklist.txt /var/www/html/wp-content/blacklist.txt

## reset permissions ##
chown www-data:wordpress /var/www/html/wp-content/blacklist.txt ## change to www-data:www-data when ss-perms fixed
chmod 0440 /var/www/html/wp-content/blacklist.txt

## NULL blacklist.txt if ss-config false (allows default SS MU plugin to be installed while still being able to disable plugin blacklist) ##
if [[ "$SS_PLUGIN_BLACKLIST" == "false" ]]; then 
cat /dev/null > /var/www/html/wp-content/blacklist.txt
cat /dev/null > /var/www/html/dev/wp-content/blacklist.txt
cat /dev/null > /var/www/html/staging/wp-content/blacklist.txt
fi

####################################################################################################
#### SS-Worker: Install Ubuntu Swapfile (If Not Exists) ############################################
####################################################################################################

## run ss-install-ubuntu-swap (conditional) ##
if [[ ! -f "/var/www/cache/system/swapfile" ]]; then 
    source /var/www/ss-install-ubuntu-swap
fi

####################################################################################################
#### SS-Worker: Calculate Largest Directories On Server + Update Meta Records ######################
####################################################################################################

# du -a /var/www/html | sort -n -r | head -n 15

####################################################################################################
#### SS-Worker: Various TEMP Tasks (e.g. Urgent Patches From The SlickStack Team, Etc) #############
####################################################################################################

# source /var/www/ss-install-adminer
# source /var/www/ss-install-nginx-config
# source /var/www/ss-install-wordpress-core
# source /var/www/ss-install-wordpress-config
# source /var/www/ss-install-wordpress-mu-plugins
# source /var/www/ss-perms
# source /var/www/ss-purge
# source /var/www/ss-reset-password-sftp
# source /var/www/ss-clean-files
source /var/www/ss-install-ubuntu-bash
# source /var/www/ss-encrypt-openssl
# source /var/www/ss-encrypt-certbot
# source /var/www/ss-reboot
# source /var/www/ss-install-ubuntu-crontab
# source /var/www/ss-update-config
# source /var/www/ss-install-ufw
# source /var/www/ss-dump-database
# source /var/www/ss-clean-files


OUTDATED_NGINX_CONF=$(grep 'slickstack.crt' /etc/nginx/nginx.conf)
if [[ -n "$OUTDATED_NGINX_CONF" ]]; then
    source /var/www/ss-install-nginx-config
fi

rm /var/www/html/dev/*

# sed -i "s|## EOF|## SS_EOF|g" /var/www/ss-config
# sed -i "s|@STAGING_SITE_STATUS|true|g" /var/www/ss-config
# sed -i "s|@DEV_SITE_STATUS|true|g" /var/www/ss-config
# sed -i "s|@DB_NAME|wordpress|g" /var/www/ss-config

## if not 127.0.0.1 .. fix this and enable
# sed -i "s|@SS_DATABASE_REMOTE|false|g" /var/www/ss-config

sed -i "s|http://mirrors.slickstack.io/wordpress/blacklist.txt|https://raw.githubusercontent.com/littlebizzy/slickstack/master/modules/wordpress/blacklist.txt|g" /var/www/ss-config
sed -i "s|http://mirrors.slickstack.io/modules/wordpress/blacklist.txt|https://raw.githubusercontent.com/littlebizzy/slickstack/master/modules/wordpress/blacklist.txt|g" /var/www/ss-config

####################################################################################################
#### SS-Worker: Cleanup Temporary Files ############################################################
####################################################################################################

## delete tmp files ##
rm /tmp/ss*
rm /tmp/*cron*
rm /tmp/blacklist*
rm /tmp/maintenance.html*

####################################################################################################
#### SS-Worker: Reset Permissions (SS Core Bash Scripts + SS Core Cron Jobs) #######################
####################################################################################################

## SNIPPET: ss-check, ss-worker, ss core cron jobs

## we hardcode this permissions reset snippet into all ss core scripts for redundancy ##
## chmod 0700 means only the root/sudo users can execute the ss core scripts ##

## reset permissions ##
chown root:root /var/www/ss* ## must be root:root
chown root:root /var/www/crons/*cron* ## must be root:root
chmod 0700 /var/www/ss* ## 0700 means root can execute
chmod 0700 /var/www/crons/*cron* ## 0700 means root can execute

## THIS SNIPPET DOES NOT RELY ON SS-CONFIG OR SS-FUNCTIONS

####################################################################################################
#### SS-Worker: Touch Timestamp File ###############################################################
####################################################################################################

## this is a dummy timestamp file that will remember the last time this script was run ##
## it can be useful for developer reference and is sometimes used by SlickStack ##

## script timestamp ##
touch "$TIMESTAMP_SS_WORKER"

####################################################################################################
#### SlickStack: External References Used To Improve This Script (Thanks, Interwebz) ###############
####################################################################################################

## Ref: https://linuxize.com/post/bash-functions/
## Ref: https://www.cyberciti.biz/faq/unix-linux-appleosx-bsd-shell-appending-date-to-filename/
## Ref: https://wordpress.stackexchange.com/questions/199725/triggering-cron-by-calling-wp-cron-php-on-the-command-line-rather-than-with-wget
## Ref: https://serverfault.com/questions/259302/best-location-to-keep-ssl-certificates-and-private-keys-on-ubuntu-servers
## Ref: https://tldp.org/LDP/abs/html/comparison-ops.html
## Ref: https://stackoverflow.com/questions/33203898/wget-skip-download-if-file-already-exists
## Ref: https://stackoverflow.com/questions/12664534/idealised-wget-download-install-process
## Ref: https://unix.stackexchange.com/questions/471521/how-to-get-only-the-version-number-of-php
## Ref: https://stackoverflow.com/questions/62271695/sed-command-isnt-working-to-extract-the-nginx-version-number
## Ref: https://unix.stackexchange.com/questions/67806/how-to-recursively-find-the-amount-stored-in-directory
## Ref: https://www.tecmint.com/check-linux-disk-usage-of-files-and-directories/
## Ref: https://dba.stackexchange.com/questions/14337/calculating-disk-space-usage-per-mysql-db
## Ref: https://serverfault.com/questions/693027/how-to-extract-mysql-version-by-bash-script-in-centos-6
## Ref: https://ss64.com/bash/stat.html

## SS_EOF