#!/bin/bash
### BEGIN INIT INFO
# Provides:          sipb-xen-remctl-auto
# Required-Start:    $local_fs $remote_fs
# Required-Stop:     $local_fs $remote_fs
# Default-Start:     2 3 4 5
# Default-Stop:      0 1 6
# Short-Description: conserver config from invirt config for invirt host
# Description:
### END INIT INFO 

PACKAGE=sipb-xen-remctl-auto

. /lib/lsb/init-functions

gen_config()
{
    local errormail="$( invirt-getconf web.errormail )" \
          hostname="$( invirt-getconf web.hostname )" \
          tracuri="$( invirt-getconf trac.uri )" \
          svnpath="$( invirt-getconf svn.repopath )"

    cat > /etc/apache2/sites-available/ssl << EOF
<VirtualHost *:443>
	ServerAdmin $hostname
	ServerName $trachost:443
	
	DocumentRoot /var/www/sipb-xen-www
	<Directory /var/www/sipb-xen-www>
		Options Indexes FollowSymLinks MultiViews ExecCGI
		AllowOverride None
		Order allow,deny
		allow from all
	</Directory>
	<Location />
		Require valid-user
		AuthType SSLCert
		AuthSSLCertVar SSL_CLIENT_S_DN_Email
		AuthSSLCertStripSuffix "@MIT.EDU"
	</Location>

	RewriteEngine On
	RewriteRule ^/favicon.ico - [L]
	RewriteRule ^/static(.*) - [L]
	RewriteRule ^/overlord/static(.*) /static/\$1 [L]
	RewriteRule ^/admin/static(.*) /static/\$1 [L]
	RewriteRule ^/trac.fcgi(.*) - [L]
	RewriteRule ^/trac/chrome/common(.*) /usr/share/trac/htdocs\$1 [L]
	RewriteRule ^/trac(.*) /var/www/trac/trac.fcgi\$1 [L]
	RewriteRule ^/var(.*) - [L]
	RewriteRule ^/wiki(.*) - [L]
	RewriteRule ^/kill.cgi - [L]
	RewriteRule ^/~ - [L]
	RewriteRule ^/(.*) /var/www/sipb-xen-www/main.fcgi/\$1 [L]

	RewriteLog /var/log/apache2/rewrite.log
	RewriteLogLevel 0 

	ErrorLog /var/log/apache2/error.log

	# Possible values include: debug, info, notice, warn, error, crit,
	# alert, emerg.
	LogLevel warn

	CustomLog /var/log/apache2/ssl_access.log combined
	ServerSignature On

	SSLEngine on

	SSLCertificateFile ssl/server.crt
	SSLCertificateKeyFile ssl/server.key
	
	SSLCACertificateFile ssl/mitCAclient.pem
	SSLVerifyClient require
	SSLVerifyDepth 10

	SSLOptions +StdEnvVars
	
	SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0


	Redirect /wiki $tracuri	
</VirtualHost>

<VirtualHost *:446>
	ServerAdmin $errormail
	ServerName $hostname:446
	
	DocumentRoot /var/www/sipb-xen-www
	<Directory />
		Options Indexes FollowSymLinks MultiViews ExecCGI
		AllowOverride None
		Order allow,deny
		allow from all
	</Directory>

	ErrorLog /var/log/apache2/error.log

	# Possible values include: debug, info, notice, warn, error, crit,
	# alert, emerg.
	LogLevel warn

	CustomLog /var/log/apache2/ssl_nocert_access.log combined
	ServerSignature On

	SSLEngine on

	SSLCertificateFile ssl/server.crt
	SSLCertificateKeyFile ssl/server.key
	
	SSLVerifyClient none

	SSLOptions +StdEnvVars
	
	SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0	
</VirtualHost>
EOF

    cat > /etc/apache2/sites-available/svn << EOF
<VirtualHost *:1111>
	ServerAdmin $errormail
	ServerName $hostname:1111
	
	<Directory />
		Options FollowSymLinks
		AllowOverride None
	</Directory>
	<Location />
		DAV svn
		SVNPath $svnpath
		AuthType Basic
		AuthName "xvm.mit.edu subversion repository"
		AuthUserFile /etc/apache2/dav_svn.passwd
		<LimitExcept GET PROPFIND OPTIONS REPORT>
			Require valid-user
		</LimitExcept>
	</Location>

	ErrorLog /var/log/apache2/error.log

	# Possible values include: debug, info, notice, warn, error, crit,
	# alert, emerg.
	LogLevel warn

	CustomLog /var/log/apache2/svn_access.log combined
	ServerSignature On

	SSLEngine on

	SSLCertificateFile ssl/server.crt
	SSLCertificateKeyFile ssl/server.key
</VirtualHost>
EOF
}

case "$1" in
  start|reload|force-reload|restart)
    log_begin_msg "Reloading config for $PACKAGE"
    gen_config
    log_end_msg $?
    ;;
  stop)
    ;;
  *)
    log_success_msg "Usage: /etc/init.d/$PACKAGE {start|reload|force-reload|restart|stop}"
    ;;
esac