From bb7d0f11d11e74d2587747193662ca3eedae84e9 Mon Sep 17 00:00:00 2001
From: boksbc <boban.blaskovic@gmail.com>
Date: Thu, 16 Oct 2025 11:34:57 +0200
Subject: [PATCH] Laudende Default seite entfernen

---
 config/nginx/site.conf.tmpl |  15 +---
 scripts/80-app.sh           | 145 +++++++++++++++++++++++++++++-------
 scripts/lib.sh              |  38 ++++++++++
 3 files changed, 159 insertions(+), 39 deletions(-)

diff --git a/config/nginx/site.conf.tmpl b/config/nginx/site.conf.tmpl
index 439c085..934e7a0 100644
--- a/config/nginx/site.conf.tmpl
+++ b/config/nginx/site.conf.tmpl
@@ -1,5 +1,3 @@
-# im Repo-Wurzelverzeichnis:
-sudo tee config/nginx/site.conf.tmpl >/dev/null <<'EOF'
 # ===================== HTTP (Port 80) =====================
 server {
   listen 80 default_server;
@@ -16,15 +14,4 @@ server {
 }
 
 # ===================== HTTPS (Port 443) ====================
-## __SSL_SERVER_BLOCK__
-EOF
-
-# sicherheitshalber Default-Site entfernen (sonst doppelter default_server)
-sudo rm -f /etc/nginx/sites-enabled/default /etc/nginx/sites-available/default
-
-# Nginx-Step erneut laufen lassen
-cd scripts
-sudo -E bash 70-nginx.sh
-
-# Prüfen
-sudo nginx -t && sudo systemctl reload nginx
\ No newline at end of file
+## __SSL_SERVER_BLOCK__
\ No newline at end of file
diff --git a/scripts/80-app.sh b/scripts/80-app.sh
index cbc68ed..e8f4812 100644
--- a/scripts/80-app.sh
+++ b/scripts/80-app.sh
@@ -27,44 +27,139 @@ sudo -u "$APP_USER" -H bash -lc "cd ${APP_DIR} && cp -n .env.example .env || tru
 grep -q '^APP_KEY=' "$ENV_FILE" || echo "APP_KEY=" >> "$ENV_FILE"
 sudo -u "$APP_USER" -H bash -lc "cd ${APP_DIR} && php artisan key:generate --force || true"
 
-# APP_URL heuristisch
-APP_URL="http://${SERVER_PUBLIC_IPV4}"
-UI_CERT="/etc/ssl/ui/fullchain.pem"; UI_KEY="/etc/ssl/ui/privkey.pem"
-if [[ -f "$UI_CERT" && -f "$UI_KEY" && resolve_ok "$UI_HOST" ]]; then
-  APP_URL="https://${UI_HOST}"
+# --- Hilfen -----------------------------------------------------------------
+# DNS-Check (A/AAAA zeigt auf SERVER_PUBLIC_IPV4) – kommt aus lib.sh
+# resolve_ok "$host" -> 0/1
+
+# APP_HOST und APP_URL bestimmen
+APP_HOST_VAL="$SERVER_PUBLIC_IPV4"
+if [[ -n "${UI_HOST:-}" ]] && resolve_ok "$UI_HOST"; then
+  APP_HOST_VAL="$UI_HOST"
 fi
 
-upsert_env APP_NAME            "${APP_NAME}"
-upsert_env APP_URL             "${APP_URL}"
-upsert_env APP_ENV             "production"
-upsert_env APP_DEBUG           "false"
-upsert_env APP_LOCALE          "${APP_LOCALE}"
-upsert_env APP_FALLBACK_LOCALE "en"
-upsert_env SERVER_PUBLIC_IPV4  "${SERVER_PUBLIC_IPV4}"
-upsert_env SERVER_PUBLIC_IPV6  "${SERVER_PUBLIC_IPV6}"
+UI_CERT="/etc/ssl/ui/fullchain.pem"
+UI_KEY="/etc/ssl/ui/privkey.pem"
+if [[ "$APP_HOST_VAL" = "$UI_HOST" ]]; then
+  if [[ -f "$UI_CERT" && -f "$UI_KEY" ]]; then
+    APP_URL_VAL="https://${UI_HOST}"
+  else
+    APP_URL_VAL="http://${UI_HOST}"
+  fi
+else
+  if [[ -f "$UI_CERT" && -f "$UI_KEY" ]]; then
+    APP_URL_VAL="https://${SERVER_PUBLIC_IPV4}"
+  else
+    APP_URL_VAL="http://${SERVER_PUBLIC_IPV4}"
+  fi
+fi
 
+# --- .env schreiben (vollständig wie vorher) --------------------------------
+upsert_env APP_URL             "${APP_URL_VAL}"
+upsert_env APP_HOST            "${APP_HOST_VAL}"
+upsert_env APP_ADMIN_USER      "${ADMIN_USER}"
+upsert_env APP_ADMIN_EMAIL     "${ADMIN_EMAIL}"
+upsert_env APP_ADMIN_PASS      "${ADMIN_PASS}"
+upsert_env APP_NAME            "${APP_NAME}"
+upsert_env APP_ENV             "${APP_ENV:-production}"
+upsert_env APP_DEBUG           "${APP_DEBUG:-false}"
+
+# Locale
+upsert_env APP_LOCALE          "${APP_LOCALE:-de}"
+upsert_env APP_FALLBACK_LOCALE "en"
+
+# Server IPs
+upsert_env SERVER_PUBLIC_IPV4 "${SERVER_PUBLIC_IPV4}"
+if [[ -n "${SERVER_PUBLIC_IPV6:-}" ]]; then
+  upsert_env SERVER_PUBLIC_IPV6 "${SERVER_PUBLIC_IPV6}"
+else
+  upsert_env SERVER_PUBLIC_IPV6 ""
+fi
+
+# Hosts & LE
 upsert_env BASE_DOMAIN "${BASE_DOMAIN}"
 upsert_env UI_SUB      "${UI_SUB}"
 upsert_env WEBMAIL_SUB "${WEBMAIL_SUB}"
 upsert_env SYSTEM_SUB  "${SYSTEM_SUB}"
 upsert_env MTA_SUB     "${MTA_SUB}"
+upsert_env LE_EMAIL    "${LE_EMAIL:-admin@${BASE_DOMAIN}}"
 
+# DB
 upsert_env DB_CONNECTION "mysql"
-upsert_env DB_HOST "127.0.0.1"
-upsert_env DB_PORT "3306"
-upsert_env DB_DATABASE "${DB_NAME}"
-upsert_env DB_USERNAME "${DB_USER}"
-upsert_env DB_PASSWORD "${DB_PASS}"
+upsert_env DB_HOST       "127.0.0.1"
+upsert_env DB_PORT       "3306"
+upsert_env DB_DATABASE   "${DB_NAME}"
+upsert_env DB_USERNAME   "${DB_USER}"
+upsert_env DB_PASSWORD   "${DB_PASS}"
 
-upsert_env CACHE_DRIVER "redis"
-upsert_env SESSION_DRIVER "redis"
-upsert_env REDIS_CLIENT "phpredis"
-upsert_env REDIS_HOST "127.0.0.1"
-upsert_env REDIS_PORT "6379"
-upsert_env REDIS_PASSWORD "${REDIS_PASS:-}"
+# Cache/Session/Redis
+upsert_env CACHE_SETTINGS_STORE         "redis"
+upsert_env CACHE_STORE                  "redis"
+upsert_env CACHE_DRIVER                 "redis"
+upsert_env CACHE_PREFIX                 "${APP_USER_PREFIX}_cache:"
+upsert_env SESSION_DRIVER               "redis"
+upsert_env SESSION_SECURE_COOKIE        "true"
+upsert_env SESSION_SAMESITE             "lax"
+upsert_env REDIS_CLIENT                 "phpredis"
+upsert_env REDIS_HOST                   "127.0.0.1"
+upsert_env REDIS_PORT                   "6379"
+upsert_env REDIS_PASSWORD               "${REDIS_PASS:-}"
+upsert_env REDIS_DB                     "0"
+upsert_env REDIS_CACHE_DB               "1"
+upsert_env REDIS_CACHE_CONNECTION       "cache"
+upsert_env REDIS_CACHE_LOCK_CONNECTION  "default"
 
+# Reverb / Queue / Logs
+upsert_env BROADCAST_DRIVER      "reverb"
+upsert_env QUEUE_CONNECTION      "redis"
+upsert_env LOG_CHANNEL           "daily"
+
+# Reverb Credentials/Host
+upsert_env REVERB_APP_ID         "${APP_USER_PREFIX}"
+# nur Generieren, wenn leer – sonst vorhandene Werte erhalten
+grep -q '^REVERB_APP_KEY=' "$ENV_FILE"  || upsert_env REVERB_APP_KEY    "${APP_USER_PREFIX}_$(openssl rand -hex 16)"
+grep -q '^REVERB_APP_SECRET=' "$ENV_FILE" || upsert_env REVERB_APP_SECRET "${APP_USER_PREFIX}_$(openssl rand -hex 32)"
+upsert_env REVERB_HOST           "\${APP_HOST}"
+upsert_env REVERB_PORT           "443"
+upsert_env REVERB_SCHEME         "https"
+upsert_env REVERB_PATH           "/ws"
+upsert_env REVERB_SCALING_ENABLED "true"
+upsert_env REVERB_SCALING_CHANNEL "reverb"
+
+# Vite Expose
+upsert_env VITE_REVERB_APP_KEY   "\${REVERB_APP_KEY}"
+upsert_env VITE_REVERB_HOST      "\${REVERB_HOST}"
+upsert_env VITE_REVERB_PORT      "\${REVERB_PORT}"
+upsert_env VITE_REVERB_SCHEME    "\${REVERB_SCHEME}"
+upsert_env VITE_REVERB_PATH      "\${REVERB_PATH}"
+
+# Reverb Server (Backend)
+upsert_env REVERB_SERVER_APP_KEY "\${REVERB_APP_KEY}"
+upsert_env REVERB_SERVER_HOST    "127.0.0.1"
+upsert_env REVERB_SERVER_PORT    "8080"
+upsert_env REVERB_SERVER_PATH    ""
+upsert_env REVERB_SERVER_SCHEME  "http"
+
+# DEV-Block (optional per DEV_MODE=1)
+DEV_MODE="${DEV_MODE:-0}"
+if [[ "$DEV_MODE" = "1" ]]; then
+  # vor doppelten Blöcken schützen
+  sed -i '/^# --- MailWolt DEV/,/^# --- \/MailWolt DEV/d' "${ENV_FILE}"
+  cat >> "${ENV_FILE}" <<CONF
+# --- MailWolt DEV ---
+VITE_DEV_HOST=127.0.0.1
+VITE_DEV_PORT=5173
+VITE_HMR_PROTOCOL=wss
+VITE_HMR_CLIENT_PORT=443
+VITE_HMR_HOST=${SERVER_PUBLIC_IPV4}
+VITE_DEV_ORIGIN=$(grep '^APP_URL=' "${ENV_FILE}" | cut -d= -f2-)
+# --- /MailWolt DEV ---
+CONF
+fi
+
+# Rechte & Laravel Cache
 chown -R "$APP_USER":"$APP_GROUP" "$APP_DIR"
 chmod -R u=rwX,g=rwX,o=rX "$APP_DIR"
 install -d -m 0775 -o "$APP_USER" -g "$APP_GROUP" "$APP_DIR/storage" "$APP_DIR/bootstrap/cache"
 
-sudo -u "$APP_USER" -H bash -lc "cd ${APP_DIR} && php artisan optimize:clear && php artisan config:cache"
\ No newline at end of file
+sudo -u "$APP_USER" -H bash -lc "cd ${APP_DIR} && php artisan optimize:clear && php artisan config:cache"
+sudo systemctl restart php*-fpm || true
\ No newline at end of file
diff --git a/scripts/lib.sh b/scripts/lib.sh
index c9ba316..09808cc 100644
--- a/scripts/lib.sh
+++ b/scripts/lib.sh
@@ -12,6 +12,44 @@ err(){  echo -e "${RED}[x]${NC} $*"; }
 die(){ err "$*"; exit 1; }
 require_root(){ [[ "$(id -u)" -eq 0 ]] || die "Bitte als root ausführen."; }
 
+# --- Defaults, nur wenn noch nicht gesetzt ---------------------------------
+: "${APP_USER:=mailwolt}"
+: "${APP_GROUP:=www-data}"
+: "${APP_DIR:=/var/www/${APP_USER}}"
+
+: "${APP_NAME:=MailWolt}"
+
+: "${BASE_DOMAIN:=example.com}"
+: "${UI_SUB:=ui}"
+: "${WEBMAIL_SUB:=webmail}"
+: "${MTA_SUB:=mx}"
+: "${SYSTEM_SUB:=system}"
+
+# DB / Redis (werden später durch .env überschrieben)
+: "${DB_NAME:=${APP_USER}}"
+: "${DB_USER:=${APP_USER}}"
+: "${DB_PASS:=changeme}"
+: "${REDIS_PASS:=changeme}"
+
+# Stabile Zert-Pfade (UI/WEBMAIL/MX → symlinked via 20-ssl.sh)
+: "${MAIL_SSL_DIR:=/etc/ssl/mail}"
+: "${UI_SSL_DIR:=/etc/ssl/ui}"
+: "${WEBMAIL_SSL_DIR:=/etc/ssl/webmail}"
+: "${UI_CERT:=${UI_SSL_DIR}/fullchain.pem}"
+: "${UI_KEY:=${UI_SSL_DIR}/privkey.pem}"
+
+# Optional: E-Mail für LE
+: "${LE_EMAIL:=admin@${BASE_DOMAIN}}"
+
+load_env_file(){
+  local f="$1"
+  [[ -f "$f" ]] || return 0
+  while IFS='=' read -r k v; do
+    [[ "$k" =~ ^[A-Z0-9_]+$ ]] || continue
+    export "$k=$v"
+  done < <(grep -E '^[A-Z0-9_]+=' "$f")
+}
+
 header(){ echo -e "${CYAN}${BAR}${NC}
 ${CYAN} 888b     d888          d8b 888 888       888          888 888
 ${CYAN} 8888b   d8888          Y8P 888 888   o   888          888 888