#!/bin/bash
set -e

echo "[INFO] ngxinst script version 0.9.0b"

VERSION="${1:-stable}"

if [[ "${EUID}" -ne 0 ]]; then
  echo "[ERROR] Please run this script as root or with sudo."
  exit 1
fi

# Detect OS
if [ -f /etc/os-release ]; then
  . /etc/os-release
  OS_ID="${ID,,}"
  OS_VERSION_ID="${VERSION_ID}"
else
  echo "[ERROR] Unable to detect operating system."
  exit 1
fi

install_nginx_debian() {
  echo "[INFO] Detected Debian-based system ($OS_ID)."
  apt install -y curl gnupg2 ca-certificates lsb-release debian-archive-keyring
  curl https://nginx.org/keys/nginx_signing.key | gpg --dearmor \
    | tee /usr/share/keyrings/nginx-archive-keyring.gpg >/dev/null
  gpg --dry-run --quiet --no-keyring --import --import-options import-show /usr/share/keyrings/nginx-archive-keyring.gpg
  CODENAME=$(lsb_release -cs)
  if [ "$VERSION" = "mainline" ]; then
    echo "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] \
http://nginx.org/packages/mainline/debian $CODENAME nginx" \
      | tee /etc/apt/sources.list.d/nginx.list
  else
    echo "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] \
http://nginx.org/packages/debian $CODENAME nginx" \
      | tee /etc/apt/sources.list.d/nginx.list
  fi
  echo -e "Package: *\nPin: origin nginx.org\nPin: release o=nginx\nPin-Priority: 900\n" \
    | tee /etc/apt/preferences.d/99nginx
  apt update
  apt install -y nginx
}

install_nginx_ubuntu() {
  echo "[INFO] Detected Ubuntu-based system ($OS_ID)."
  apt install -y curl gnupg2 ca-certificates lsb-release ubuntu-keyring
  curl https://nginx.org/keys/nginx_signing.key | gpg --dearmor \
    | tee /usr/share/keyrings/nginx-archive-keyring.gpg >/dev/null
  gpg --dry-run --quiet --no-keyring --import --import-options import-show /usr/share/keyrings/nginx-archive-keyring.gpg
  CODENAME=$(lsb_release -cs)
  if [ "$VERSION" = "mainline" ]; then
    echo "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] \
http://nginx.org/packages/mainline/ubuntu $CODENAME nginx" \
      | tee /etc/apt/sources.list.d/nginx.list
  else
    echo "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] \
http://nginx.org/packages/ubuntu $CODENAME nginx" \
      | tee /etc/apt/sources.list.d/nginx.list
  fi
  echo -e "Package: *\nPin: origin nginx.org\nPin: release o=nginx\nPin-Priority: 900\n" \
    | tee /etc/apt/preferences.d/99nginx
  apt update
  apt install -y nginx
}

install_nginx_rhel() {
  echo "[INFO] Detected RHEL-based system ($OS_ID)."
  yum install -y yum-utils
  cat > /etc/yum.repos.d/nginx.repo <<EOF
[nginx-stable]
name=nginx stable repo
baseurl=http://nginx.org/packages/centos/\$releasever/\$basearch/
gpgcheck=1
enabled=1
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true

[nginx-mainline]
name=nginx mainline repo
baseurl=http://nginx.org/packages/mainline/centos/\$releasever/\$basearch/
gpgcheck=1
enabled=0
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true
EOF
  if [ "$VERSION" = "mainline" ]; then
    yum-config-manager --enable nginx-mainline
  fi
  yum install -y nginx
}

install_nginx_sles() {
  echo "[INFO] Detected SLES system ($OS_ID)."
  if [ "$VERSION" = "mainline" ]; then
    zypper addrepo --gpgcheck --type yum --refresh --check 'http://nginx.org/packages/mainline/sles/$releasever_major' nginx-mainline
  else
    zypper addrepo --gpgcheck --type yum --refresh --check 'http://nginx.org/packages/sles/$releasever_major' nginx-stable
  fi
  curl -o /tmp/nginx_signing.key https://nginx.org/keys/nginx_signing.key
  gpg --with-fingerprint /tmp/nginx_signing.key
  rpmkeys --import /tmp/nginx_signing.key
  zypper install -y nginx
}

install_nginx_alpine() {
  echo "[INFO] Detected Alpine system ($OS_ID)."
  if [ "$VERSION" = "mainline" ]; then
    printf "%s%s%s%s\n" "@nginx " "http://nginx.org/packages/mainline/alpine/v" $(egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release) "/main" | tee -a /etc/apk/repositories
  else
    printf "%s%s%s%s\n" "@nginx " "http://nginx.org/packages/alpine/v" $(egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release) "/main" | tee -a /etc/apk/repositories
  fi
  curl -o /tmp/nginx_signing.rsa.pub https://nginx.org/keys/nginx_signing.rsa.pub
  openssl rsa -pubin -in /tmp/nginx_signing.rsa.pub -text -noout
  mv /tmp/nginx_signing.rsa.pub /etc/apk/keys/
  apk add nginx@nginx
}

install_nginx_amazon() {
  echo "[INFO] Detected Amazon Linux system ($OS_ID)."
  yum install -y yum-utils
  cat > /etc/yum.repos.d/nginx.repo <<EOF
[nginx-stable]
name=nginx stable repo
baseurl=http://nginx.org/packages/amzn2/\$releasever/\$basearch/
gpgcheck=1
enabled=1
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true
priority=9

[nginx-mainline]
name=nginx mainline repo
baseurl=http://nginx.org/packages/mainline/amzn2/\$releasever/\$basearch/
gpgcheck=1
enabled=0
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true
priority=9
EOF
  if [ "$VERSION" = "mainline" ]; then
    yum-config-manager --enable nginx-mainline
  fi
  yum install -y nginx
}

echo "[INFO] Detected OS: $OS_ID $OS_VERSION_ID"
echo "[INFO] Installing nginx version: $VERSION"

case "$OS_ID" in
  debian)
    install_nginx_debian
    ;;
  ubuntu)
    install_nginx_ubuntu
    ;;
  centos|rhel|rocky|almalinux|ol)
    install_nginx_rhel
    ;;
  sles)
    install_nginx_sles
    ;;
  alpine)
    install_nginx_alpine
    ;;
  amzn|amzn2)
    install_nginx_amazon
    ;;
  *)
    echo "[ERROR] Unsupported OS: $OS_ID"
    exit 1
    ;;
esac

echo "[INFO] nginx installation completed."
nginx -v