#!/usr/bin/env bash
set -euo pipefail

DOMAIN="{{DOMAIN}}"
DB_NAME="{{DB_NAME}}"
DB_USER="{{DB_USER}}"
DB_PASSWORD="{{DB_PASSWORD}}"
WP_ROOT="/var/www/$DOMAIN"

if [ "$(id -u)" -ne 0 ]; then
  echo "Jalankan sebagai root."
  exit 1
fi

if command -v apt-get >/dev/null 2>&1; then
  apt-get update
  DEBIAN_FRONTEND=noninteractive apt-get -y install nginx mariadb-server php-fpm php-mysql php-xml php-curl php-zip php-mbstring php-gd php-intl unzip curl tar
  PHP_SOCK="$(find /run/php -name 'php*-fpm.sock' | sort -V | tail -n 1)"
  systemctl enable --now nginx mariadb
  systemctl restart php*-fpm
elif command -v dnf >/dev/null 2>&1 || command -v yum >/dev/null 2>&1; then
  PKG="$(command -v dnf || command -v yum)"
  "$PKG" -y install epel-release || true
  "$PKG" -y install nginx mariadb-server php php-fpm php-mysqlnd php-xml php-curl php-zip php-mbstring php-gd php-intl unzip curl tar policycoreutils-python-utils || "$PKG" -y install nginx mariadb-server php php-fpm php-mysqlnd php-xml php-curl php-zip php-mbstring php-gd php-intl unzip curl tar
  PHP_SOCK="/run/php-fpm/www.sock"
  systemctl enable --now nginx mariadb php-fpm
else
  echo "OS tidak didukung. Gunakan Ubuntu, Debian, CentOS, AlmaLinux, RockyLinux, atau RHEL."
  exit 1
fi

mysql -e "CREATE DATABASE IF NOT EXISTS \`$DB_NAME\` CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;"
mysql -e "CREATE USER IF NOT EXISTS '$DB_USER'@'localhost' IDENTIFIED BY '$DB_PASSWORD';"
mysql -e "GRANT ALL PRIVILEGES ON \`$DB_NAME\`.* TO '$DB_USER'@'localhost'; FLUSH PRIVILEGES;"

mkdir -p "$WP_ROOT"
curl -fsSL https://wordpress.org/latest.tar.gz | tar -xz --strip-components=1 -C "$WP_ROOT"
cp "$WP_ROOT/wp-config-sample.php" "$WP_ROOT/wp-config.php"
sed -i "s/database_name_here/$DB_NAME/; s/username_here/$DB_USER/; s/password_here/$DB_PASSWORD/" "$WP_ROOT/wp-config.php"
curl -fsSL https://api.wordpress.org/secret-key/1.1/salt/ > /tmp/wp-salts.txt || true
if [ -s /tmp/wp-salts.txt ]; then
  sed -i "/AUTH_KEY/d;/SECURE_AUTH_KEY/d;/LOGGED_IN_KEY/d;/NONCE_KEY/d;/AUTH_SALT/d;/SECURE_AUTH_SALT/d;/LOGGED_IN_SALT/d;/NONCE_SALT/d" "$WP_ROOT/wp-config.php"
  sed -i "/table_prefix/i $(sed 's/[\/&]/\\&/g' /tmp/wp-salts.txt | tr '\n' ' ')" "$WP_ROOT/wp-config.php"
fi
chown -R nginx:nginx "$WP_ROOT" 2>/dev/null || chown -R www-data:www-data "$WP_ROOT"

cat > "/etc/nginx/conf.d/$DOMAIN.conf" <<NGINX
server {
  listen 80;
  server_name $DOMAIN www.$DOMAIN;
  root $WP_ROOT;
  index index.php index.html;
  client_max_body_size 64M;

  location / {
    try_files \$uri \$uri/ /index.php?\$args;
  }

  location ~ \.php$ {
    include fastcgi_params;
    fastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name;
    fastcgi_pass unix:$PHP_SOCK;
  }
}
NGINX

rm -f /etc/nginx/sites-enabled/default 2>/dev/null || true
nginx -t
systemctl reload nginx
echo "WordPress siap. Buka http://$DOMAIN untuk menyelesaikan instalasi."