#!/bin/bash
#This script written by Frank Salter of Grand Central Chorus UK Technical Team (Barbershop Chorus).
#License - do with this script as you wish...
#This script allows interactive installation of Jitsi server with customisations for running alongside Jamulus audio with most things automated.

#This section sets up the Ubuntu repositories, sets the new hostname and downloads and sets up the dynu.com client software.

tput setaf 3; echo "Please type your hostname (fully qualified domain name as created at dynu.com):"
tput sgr0
read newhostname
apt update -y
apt install apt-transport-https
sudo apt-add-repository universe
sudo apt update -y
apt install net-tools -y
hostnamectl set-hostname $newhostname
URL='https://www.dynu.com/support/downloadfile/31'; FILE=`mktemp`; wget "$URL" -qO $FILE && sudo dpkg -i $FILE; rm $FILE

tput setaf 3; echo "Please enter your dynu.com username."
tput sgr0
read -s dynu
echo username $dynu > /etc/dynuiuc/dynuiuc.conf

tput setaf 3; echo "Please enter your dynu.com password."
tput sgr0
read -s dynu
echo password $dynu >> /etc/dynuiuc/dynuiuc.conf

tput setaf 3; echo "Please enter your dynu.com group name."
tput sgr0
read dynu
echo location $dynu >> /etc/dynuiuc/dynuiuc.conf

echo ipv4 true >> /etc/dynuiuc/dynuiuc.conf
echo ipv6 false >> /etc/dynuiuc/dynuiuc.conf
echo pollinterval 60 >> /etc/dynuiuc/dynuiuc.conf
echo debug false >> /etc/dynuiuc/dynuiuc.conf
echo quiet false >> /etc/dynuiuc/dynuiuc.conf

systemctl enable dynuiuc.service
systemctl restart dynuiuc.service

#This section downloads and sets up the Jitsi repository.

curl https://download.jitsi.org/jitsi-key.gpg.key | sudo sh -c 'gpg --dearmor > /usr/share/keyrings/jitsi-keyring.gpg'
echo 'deb [signed-by=/usr/share/keyrings/jitsi-keyring.gpg] https://download.jitsi.org stable/' | sudo tee /etc/apt/sources.list.d/jitsi-stable.list > /dev/null
apt update

#This section runs the Jitsi meet installer.

apt install jitsi-meet

#This section installs a "letsencrypt" trusted SSL certificate for the web server.

tput setaf 3; echo 'Now we shall install a "letsencrypt" trusted SSL certificate for the web server. You will be asked to enter an email address for expiry notifications.  You MUST do this or it will fail. Nobody will try to sell you anything! Normally the certificate will renew automatically. Press "Enter" to continue...'
tput sgr0
read nowt

/usr/share/jitsi-meet/scripts/install-letsencrypt-cert.sh

#This section increases the screen sharing frame rate as well as other necessary customisations.

[ ! -f /etc/jitsi/meet/$newhostname-config.js.bak ] && cp /etc/jitsi/meet/$newhostname-config.js /etc/jitsi/meet/$newhostname-config.js.bak				#backup config before changing it (if backup not exist)
sed -i -e '/Optional desktop sharing frame rate options/{n;N;N;N;d}' /etc/jitsi/meet/$newhostname-config.js		#delete lines setting sharing frame rate
sed -i "/Optional desktop sharing frame rate options/a\    desktopSharingFrameRate: {\n\    min: 15,\n\    max: 30\n\    }," "/etc/jitsi/meet/$newhostname-config.js"	#replace lines setting sharing frame rate
sed -i -rz 's/[^\n]*(\n[^\n]*\n[^\n]*The STUN servers that will be used in the peer*)/        enabled: false,\1/' /etc/jitsi/meet/$newhostname-config.js		#disable p2p mode
sed -i -rz 's/[^\n]*(\n[^\n]*\n[^\n]*Whether to use a welcome page or not*)/    requireDisplayName: true,\1/' /etc/jitsi/meet/$newhostname-config.js			#force users to enter display name

#This section sets up ssh keys compatible with putty for Windows.

mkdir /root/.ssh
apt install putty-tools
tput setaf 3; echo "Now we shall generate a key pair to allow you to connect to this server securely as root user.  You must copy the private key to a local Windows file before you can use it with putty.  You will be asked to supply a password as the process completes.  You must do this twice.  You do not have to supply a password - if you don't want to simply press "enter" twice.  Your server will still be pretty secure. Press "Enter" to continue..."
tput sgr0
read nowt
puttygen -t rsa -b 4096 -o securekey.ppk
puttygen -L securekey.ppk >> /root/.ssh/authorized_keys
cat securekey.ppk
tput setaf 3; echo "Now you must copy the above key and paste it into a new txt file on your PC. Then rename the file to securekey.ppk as shown in the video and as described in the document. Press "Enter" to continue..."
tput sgr0
read nowt

#This section sets up the firewall

ufw allow 80/tcp
ufw allow 443/tcp
ufw allow 10000/udp
ufw allow 22/tcp
echo "y" | ufw enable

#This section allows modification of video resolution settings.

tput setaf 3; echo "Now we can change Jitsi's video resolution. Reducing the resolution minimises upload traffic and local CPU usage making the system useable for singers with poor internet connections and old PCs. 200p recommended".
while true
do
 tput setaf 3
 read -r -n 1 -p "Do you wish to change the video resolution [y/N] " response
 tput sgr0
 case $response in
     [yY][eE][sS]|[yY])
		printf "\n"
		tput setaf 3; echo "Please enter desired video resolution. For 200p enter 200, for 240p enter 240 etc"
		tput sgr0
		read newresolution
		sed -i "s#// resolution: 720,#resolution: $newresolution,#" "/etc/jitsi/meet/$newhostname-config.js"
		sed -i -e '/resolution of 720p/{n;N;N;N;N;N;N;N;N;d}' /etc/jitsi/meet/$newhostname-config.js		#delete lines setting video resolution
		sed -i "/resolution of 720p/a\    constraints: {\n\      video: {\n\          aspectRatio: 16 / 9,\n\          height: {\n\              ideal: $newresolution,\n\              max: $newresolution,\n\              min: 100\n\          }\n\       }\n\     }," "/etc/jitsi/meet/$newhostname-config.js"

 break
 ;;
     [nN][oO]|[nN])
printf "\n"
 break
        ;;
     *)
 echo ""
 ;;
 esac
done

#This section disables audio.

tput setaf 3; echo "Now we can disable Jitsi audio. Disabling audio is a good idea if you intend to use Jitsi alongside Jamulus."
while true
do
 tput setaf 3
 read -r -n 1 -p "Do you wish to disable Jitsi audio [y/N] " response
 tput sgr0
 case $response in
     [yY][eE][sS]|[yY])
		printf "\n"
		sed -i "s#enableNoAudioDetection: true,#enableNoAudioDetection: false,#" /etc/jitsi/meet/$newhostname-config.js
		sed -i "s#enableNoisyMicDetection: true,#enableNoisyMicDetection: false,#" /etc/jitsi/meet/$newhostname-config.js
		sed -i "s#// startWithAudioMuted: false,#startWithAudioMuted: true,#" /etc/jitsi/meet/$newhostname-config.js
		sed -i "s#// startSilent: false#startSilent: true,#" /etc/jitsi/meet/$newhostname-config.js
 break
 ;;
     [nN][oO]|[nN])
printf "\n"
 break
        ;;
     *)
 echo ""
 ;;
 esac
done

systemctl restart jitsi-videobridge2.service

tput setaf 3; echo "Installation complete"
tput sgr0

#End
