#!/bin/bash

# Atera Agent Installation Variables
ATERA_ACCOUNT_ID='db/28FAe+gZ1JAqJi4hiBj1fXAaO7aDfegwJisijvHE='
ATERA_CUSTOMER_ID='1'
ATERA_ENVIRONMENT='Production'
ATERA_INSTALL_DIR='/usr/lib/atera-agent'
ATERA_TARBALL_SOURCE='https://ps.atera.com/installers/Agents/Linux/2.5.6/AteraAgent-2.5.6.tar.gz'
ATERA_TARBALL_TARGET='/usr/lib/atera-agent/AteraLinuxAgent.tar.gz'
ATERA_SERVICE_NAME='AteraAgent.service'
ATERA_SERVICE_PATH='/etc/systemd/system/AteraAgent.service'

# Create settings folder if not exist
if [ ! -d '/etc/atera-agent' ]; then
       sudo mkdir '/etc/atera-agent'
else
       # Check if agent from different account, then uninstall
      if [ -f '/etc/atera-agent/.settings.json' ]; then
               # Check account changed
              installedAccountId=$(grep -o '"AccountId":"[^"]*' '/etc/atera-agent/.settings.json' | grep -o '[^"]*$')
               if [ "${installedAccountId}" != "${ATERA_ACCOUNT_ID}" ]; then
                       echo "Detected different account id, performing uninstalling, was: ${installedAccountId}, new: ${ATERA_ACCOUNT_ID}"
                       sudo bash "${ATERA_INSTALL_DIR}/uninstall.sh"
               fi
       fi
fi
# Check if agent is running
if [ -f "${ATERA_SERVICE_PATH}" ]; then
       echo 'Detected atera agent already installed, performing upgrade'
       sudo systemctl disable "${ATERA_SERVICE_NAME}"
       sudo systemctl stop "${ATERA_SERVICE_NAME}"
fi
# If agent directory doesn't exist
if [ ! -d "${ATERA_INSTALL_DIR}" ]; then
       sudo mkdir "${ATERA_INSTALL_DIR}"
fi
# Install dotnet
wget -O - https://dot.net/v1/dotnet-install.sh | sudo bash -s -- -Runtime dotnet -Channel 8.0 -InstallDir '/usr/lib/atera-agent/.dotnet'
# Download or copy agent tarball
if [[ "${ATERA_TARBALL_SOURCE}" =~ ^https?:// ]]; then
       # Source is a URL, download it
       sudo wget -O "${ATERA_TARBALL_TARGET}" "${ATERA_TARBALL_SOURCE}"
       if [ $? -ne 0 ]; then
               echo 'Failed downloading agent'
               exit 1
       fi
else
       # Source is a local path, copy it
       sudo cp "${ATERA_TARBALL_SOURCE}" "${ATERA_TARBALL_TARGET}"
       if [ $? -ne 0 ]; then
               echo 'Failed copying agent from local path'
               exit 1
       fi
fi
# Extract agent
if [ ! -d "${ATERA_INSTALL_DIR}/bin" ]; then
       sudo mkdir "${ATERA_INSTALL_DIR}/bin"
fi
sudo tar --extract --overwrite --file="${ATERA_TARBALL_TARGET}" --directory="${ATERA_INSTALL_DIR}/bin"
if [ $? -ne 0 ]; then
       echo 'Failed extracting agent'
       sudo rm -rf "${ATERA_TARBALL_TARGET}"
       exit 1
fi
# Delete agent archive
sudo rm -rf "${ATERA_TARBALL_TARGET}"
# Move uninstall file to agent directory
sudo mv "${ATERA_INSTALL_DIR}/bin/uninstall.sh" "${ATERA_INSTALL_DIR}/uninstall.sh"
sudo chown root:root "${ATERA_INSTALL_DIR}/uninstall.sh"
sudo chmod +x "${ATERA_INSTALL_DIR}/uninstall.sh"
# Create certificate folder if not exist
if [ ! -d '/etc/ssl/certs/atera-agent' ]; then
      sudo mkdir -p /etc/ssl/certs/atera-agent
fi
# Check if OS is Red Hat-based
os_type=$(grep -iE "(red hat|rocky|alma)" /etc/os-release)
if [[ $os_type != "" ]]; then
       echo 'This system is running Red Hat based Linux.'
       # Check if SELinux is in enforcing mode
       sestatus_output=$(sestatus | grep "Current mode:")
       if [[ $sestatus_output != *"enforcing"* ]]; then
               echo "No need to apply policies the selinux isn't in enforcing mode"
       else
               echo 'Creating atera policies...'
               # Enable http connection
               sudo setsebool -P nis_enabled 1
               if [ ! -d '/var/spool/atera-agent' ]; then
                       sudo mkdir /var/spool/atera-agent
               fi
               # Define policies for agent healthy running
               sudo cat > atera_custom_policy.te << EOF
module atera_custom_policy 1.0;
require {
type var_spool_t;
type init_t;
type tmp_t;
class process { execmem getsession };
class sock_file { create unlink };
class fifo_file { create open read unlink };
class file { create setattr unlink write };
}
#============= init_t ==============
allow init_t self:process { execmem getsession };
allow init_t tmp_t:fifo_file { create open read unlink };
allow init_t tmp_t:sock_file { create unlink };
allow init_t var_spool_t:file { create setattr unlink write };
EOF
               # Apply policies
               sudo checkmodule -M -m -o atera_custom_policy.mod atera_custom_policy.te
               sudo semodule_package -o atera_custom_policy.pp -m atera_custom_policy.mod
               sudo semodule -i atera_custom_policy.pp
               sudo semanage fcontext -a -t bin_t "${ATERA_INSTALL_DIR}(/.*)?"
               sudo restorecon -Rv "${ATERA_INSTALL_DIR}"
               sudo semanage fcontext -a -t systemd_unit_file_t '/etc/atera-agent(/.*)?'
               sudo restorecon -Rv /etc/atera-agent
               sudo semanage fcontext -a -t systemd_unit_file_t '/etc/ssl/certs/atera-agent(/.*)?'
               sudo restorecon -Rv /etc/ssl/certs/atera-agent
               sudo rm -f atera_custom_policy.te atera_custom_policy.mod atera_custom_policy.pp
               echo 'Atera policies have been created'
       fi
fi
# Create settings file if not exist
if [ ! -f '/etc/atera-agent/.settings.json' ]; then
       # Create settings file
      sudo '/usr/lib/atera-agent/.dotnet/dotnet' "${ATERA_INSTALL_DIR}/bin/Atera.Agent.Linux.dll" init-settings --account-id "${ATERA_ACCOUNT_ID}" --environment "${ATERA_ENVIRONMENT}" --customer-id "${ATERA_CUSTOMER_ID}"
fi
# Create daemon
sudo mv -f "${ATERA_INSTALL_DIR}/bin/${ATERA_SERVICE_NAME}" "${ATERA_SERVICE_PATH}"
sudo systemctl daemon-reload
sudo systemctl enable "${ATERA_SERVICE_NAME}"
sudo systemctl start "${ATERA_SERVICE_NAME}"