# Copyright 2024 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#      http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# Reference: https://tomcat.apache.org/tomcat-10.0-doc/index.html
# Reference: https://www.mkyong.com/tomcat/tomcat-default-administrator-password/

include_recipe 'c2d-config'
include_recipe 'c2d-config::create-self-signed-certificate'
include_recipe 'apache2'
include_recipe 'apache2::mod-ssl'
include_recipe 'apache2::mod-rewrite'
include_recipe 'apache2::mod-proxy_http'
include_recipe 'apache2::rm-index'
include_recipe 'apache2::security-config'
include_recipe 'openjdk11'
include_recipe 'tomcat::ospo'

apt_update do
  action :update
end

package 'xmlstarlet' do
  action :install
end

# Create tomcat user.
user node['tomcat']['user'] do
  home '/home/tomcat'
  shell '/bin/bash'
  action :create
  manage_home true
end

# Create tomcat home directory.
directory '/opt/tomcat' do
  owner 'tomcat'
  group 'tomcat'
  mode '0755'
  action :create
end

# Assign permissions for home directory.
directory node['tomcat']['app']['install_dir'] do
  owner node['tomcat']['user']
  group node['tomcat']['user']
  mode '0755'
  action :create
  recursive true
end

# Download tomcat.
remote_file '/tmp/tomcat.tar.gz' do
  source "https://archive.apache.org/dist/tomcat/tomcat-10/v#{node['tomcat']['version']}/bin/apache-tomcat-#{node['tomcat']['version']}.tar.gz"
  verify "echo '#{node['tomcat']['sha256']} %{path}' | sha256sum -c"
  action :create
end

# Extract tomcat to home directory.
bash 'Extract Tomcat' do
  user 'tomcat'
  cwd '/tmp'
  code <<-EOH
tar -xf tomcat.tar.gz -C /opt/tomcat --strip-components=1
EOH
end

# Create tomcat service.
systemd_unit 'tomcat.service' do
  content <<~EOU
  [Unit]
  Description=Apache Tomcat Web Application Container
  After=network.target

  [Service]
  Type=forking

  Environment=JAVA_HOME=/usr/lib/jvm/java-1.11.0-openjdk-amd64
  Environment=CATALINA_PID=/opt/tomcat/temp/tomcat.pid
  Environment=CATALINA_HOME=/opt/tomcat
  Environment=CATALINA_BASE=/opt/tomcat
  Environment='CATALINA_OPTS=-Xms512M -Xmx1024M -server -XX:+UseParallelGC'
  Environment='JAVA_OPTS=-Djava.awt.headless=true -Djava.security.egd=file:/dev/./urandom'

  ExecStart=/opt/tomcat/bin/startup.sh
  ExecStop=/opt/tomcat/bin/shutdown.sh

  User=tomcat
  Group=tomcat
  UMask=0007
  RestartSec=10
  Restart=always

  [Install]
  WantedBy=multi-user.target
  EOU

  action [:create, :enable]
end

bash 'add tomcat groups' do
  user 'root'
  code <<-EOH
sed -i -e '$ i \\
\\
  <role rolename="manager-gui"/>\\
  <role rolename="admin-gui"/>\\
' /opt/tomcat/conf/tomcat-users.xml
EOH
end

service 'tomcat' do
  action :reload
end

# Configure Apache Reverse Proxy
template '/etc/apache2/sites-available/tomcat.conf' do
  source 'tomcat.conf.erb'
end

apache2_disable_site '000-default'
apache2_enable_site 'tomcat'

c2d_startup_script 'tomcat' do
  source 'tomcat'
  action :cookbook_file
end