#!/bin/bash

# Installing dependencies
sudo apt install -y python3-dev python3-babel python3-venv uwsgi uwsgi-plugin-python3 git build-essential libxslt-dev zlib1g-dev libffi-dev libssl-dev shellcheck nginx

# SearX
## Creating and setting up user
sudo -H useradd --shell /bin/bash --system \
    --home-dir "/usr/local/searx" \
    --comment 'Privacy-respecting metasearch engine' searx

sudo -H mkdir "/usr/local/searx"
sudo -H chown -R "searx:searx" "/usr/local/searx"

## Installing searx
sudo -H -u searx git clone "https://github.com/searx/searx.git" "/usr/local/searx/searx-src"
sudo -H -u searx python3 -m venv "/usr/local/searx/searx-pyenv"
echo "export SEARX_SETTINGS_PATH=\"/etc/searx/settings.yml\"" | sudo -H -u searx tee -a "/usr/local/searx/.profile" > /dev/null
echo ". /usr/local/searx/searx-pyenv/bin/activate" | sudo -H -u searx tee -a "/usr/local/searx/.profile" > /dev/null
sudo -H -u searx /usr/local/searx/searx-pyenv/bin/pip install -U pip setuptools wheel pyyaml
sudo -H -u searx /usr/local/searx/searx-pyenv/bin/pip install -e "/usr/local/searx/searx-src"

## Configuring SearX
sudo -H mkdir -p "/etc/searx"
sudo -H cp "searx/" "/etc/"
sudo -H sed -i -e "s/ultrasecretkey/$(openssl rand -hex 16)/g" "/etc/searx/settings.yml"

# uwsgi
sudo -H cp -rf uwsgi/ /etc/
sudo -H ln -s /etc/uwsgi/apps-available/searx.ini /etc/uwsgi/apps-enabled/
sudo -H mkdir -p /run/uwsgi/app/searx/
sudo -H chown -R searx:searx /run/uwsgi/app/searx/

# Nginx
sudo -H mkdir -p /etc/nginx/certs
sudo -H cp -rf nginx/ /etc/
sudo -H ln -s /etc/nginx/sites-available/server /etc/nginx/sites-enabled/server
sudo -H sed -i s:"$(grep access_log /etc/nginx/nginx.conf | awk '{print $2}' )":\/dev\/null\;:g /etc/nginx/nginx.conf
sudo -H sed -i s:"$(grep error_log /etc/nginx/nginx.conf | awk '{print $2}' )":\/dev\/null\;:g /etc/nginx/nginx.conf

# SSL
openssl req -x509 -out localhost.crt -keyout localhost.key -newkey rsa:2048 -nodes -sha256 -subj '/CN=localhost' -extensions EXT -config <( printf "[dn]\nCN=localhost\n[req]\ndistinguished_name = dn\n[EXT]\nsubjectAltName=DNS:localhost\nkeyUsage=digitalSignature\nextendedKeyUsage=serverAuth")
sudo mv localhost.* /etc/nginx/certs

# Restarting services
sudo -H systemctl restart nginx
sudo -H systemctl enable nginx
sudo -H service uwsgi restart searx