# Update the list of available packages and their versions
sudo apt update

# Install required packages for adding a new repository securely
sudo apt-get install -y ca-certificates curl apt-transport-https lsb-release gnupg

# Download Microsoft's GPG key, convert it to the required format, and save it securely
curl -sL https://packages.microsoft.com/keys/microsoft.asc | gpg --dearmor | sudo tee /usr/share/keyrings/microsoft.gpg > /dev/null

# Add the Microsoft Azure CLI repository to the list of sources
echo "deb [arch=amd64 signed-by=/usr/share/keyrings/microsoft.gpg] https://packages.microsoft.com/repos/azure-cli/ $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/azure-cli.list

# Update the list of available packages again to include the newly added repository
sudo apt update

# Install the Azure CLI package
sudo apt-get install -y azure-cli

# Install essential build tools and libraries needed for compiling software
sudo apt install -y build-essential zlib1g-dev libssl-dev libreadline-dev libyaml-dev libcurl4-openssl-dev libffi-dev

# Install PostgreSQL, development libraries, Apache server, and related tools
sudo apt install -y postgresql libpq-dev apache2 apache2-dev subversion git

# Download the Ruby source archive
curl -O https://cache.ruby-lang.org/pub/ruby/3.2/ruby-3.2.4.tar.gz

# Extract the downloaded Ruby archive
tar xvf ruby-3.2.4.tar.gz

# Navigate into the extracted Ruby source directory
cd ruby-3.2.4

# Configure the Ruby build without documentation to reduce installation size
./configure --disable-install-doc

# Compile the Ruby source code
make

# Install the compiled Ruby binaries
sudo make install

# Verify the installed Ruby version
ruby -v

# Create a directory for Redmine data
sudo mkdir /var/lib/redmine

# Change the ownership of the Redmine directory to the www-data user
sudo chown www-data /var/lib/redmine

# Install Subversion (SVN) version control system
sudo apt-get install -y subversion

# Checkout the stable branch of Redmine source code as the www-data user
sudo -u www-data svn co https://svn.redmine.org/redmine/branches/5.1-stable /var/lib/redmine

# Navigate to the Redmine directory
cd /var/lib/redmine

# Configure the bundle to exclude development and test environments
sudo bundle config set --local without 'development test'

# Install all required Ruby gems for the application
sudo bundle install

# Generate a secret token for Redmine
sudo -u www-data bin/rake generate_secret_token

# Run database migrations in the production environment
sudo -u www-data RAILS_ENV=production bin/rake db:migrate

# Install the Passenger gem without documentation
sudo gem install passenger -N

# Automatically install the Passenger Apache2 module with Ruby support
sudo passenger-install-apache2-module --auto --languages ruby

# Display the configuration snippet to integrate Passenger with Apache2
passenger-install-apache2-module --snippet

# Edit the Apache2 configuration file for Redmine
sudo vi /etc/apache2/conf-available/redmine.conf

# Enable the Redmine Apache2 configuration
sudo a2enconf redmine

# Reload the Apache2 service to apply changes
sudo systemctl reload apache2

apache2ctl configtest
sudo vi redmine.conf
sudo systemctl reload apache2

# Move to the Apache2 sites-enabled directory
cd /etc/apache2/sites-enabled

# Create a backup of the current default configuration file
sudo cp -p 000-default.conf 000-default.conf.bak

# Edit the default configuration file
sudo vi 000-default.conf

# Test the Apache2 configuration for syntax errors
apache2ctl configtest

# Reload the Apache2 service to apply the changes
sudo systemctl reload apache2

<VirtualHost *:80>
    ServerAdmin webmaster@localhost
    DocumentRoot /var/www/html
    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined

    # Redmine Path
    Alias /redmine /path/to/redmine/public
    <Directory /path/to/redmine/public>
        Require all granted
        Options -MultiViews
    </Directory>
</VirtualHost>

# Install the MySQL client core version 8.0
# Includes essential MySQL client utilities for interacting with a MySQL server
sudo apt install mysql-client-core-8.0

# Install the MySQL client development library
# Provides headers and libraries needed for compiling and linking MySQL-based applications
sudo apt-get install -y libmysqlclient-dev

# Change to the Redmine directory
cd /var/lib/redmine

# Configure the Bundler to exclude development and test groups
# This ensures only production dependencies are installed
sudo bundle config set --local without 'development test'

# Install the required gems for Redmine
sudo bundle install

# Login to Azure CLI
az login

# Retrieve the access token for the Azure MySQL server
ACCESS_TOKEN=$(az account get-access-token \
  --resource-type oss-rdbms \
  --query accessToken -o tsv)

# Connect to the Azure MySQL server using the access token
mysql -u "mysql-admin" \
  -h chanpu-mysql.mysql.database.azure.com \
  --enable-cleartext-plugin \
  --password="$ACCESS_TOKEN"

SELECT user, host, plugin FROM mysql.user;

# Download the SSL certificate and save it to the /etc/ssl/certs/ directory
sudo wget https://www.digicert.com/CACerts/BaltimoreCyberTrustRoot.crt.pem -O /etc/ssl/certs/BaltimoreCyberTrustRoot.crt.pem

# Verify the file permissions of the downloaded SSL certificate
ls -l /etc/ssl/certs/BaltimoreCyberTrustRoot.crt.pem # Expected: -rw-r--r-- 1 root root

# Verify the directory permissions of the /etc/ssl/certs/ directory
ls -ld /etc/ssl/certs/ # Expected: drwxr-xr-x 2 root root

# Navigate to the Redmine configuration directory
cd /var/lib/redmine/config

# List files related to database configuration
ls -l | grep -i database.yml

# Edit the database configuration file
sudo vi database.yml

production:
  adapter: mysql2
  database: redmine
  host: chanpu-mysql.mysql.database.azure.com
  username: mysql-admin
  password: <%= ENV['ACCESS_TOKEN'] %> # Access token retrieved from environment variable
  encoding: utf8
  port: 3306
  ssl_mode: required
  sslca: /etc/ssl/certs/BaltimoreCyberTrustRoot.crt.pem # SSL certificate for secure connection

#!/bin/bash

# 0. Login to Azure using managed identity
echo "Logging in to Azure using managed identity..."
az login --identity --allow-no-subscriptions > /dev/null 2>&1

# Check login status
if [ $? -ne 0 ]; then
    echo -e "\n[Error] Failed to login to Azure. Ensure managed identity is enabled.\n"
    exit 1
fi

# 1. Retrieve ACCESS_TOKEN using Azure CLI
echo "Retrieving ACCESS_TOKEN..."
ACCESS_TOKEN=$(az account get-access-token --resource-type oss-rdbms --query accessToken -o tsv | tr -d '\n\r')

# 2. Validate the token
if [ -z "$ACCESS_TOKEN" ]; then
    echo -e "\n[Error] Failed to retrieve ACCESS_TOKEN. Check Azure CLI login.\n"
    exit 1
fi
echo "ACCESS_TOKEN retrieved successfully."

# 3. Set ACCESS_TOKEN as a system-wide environment variable
echo "Setting ACCESS_TOKEN as a system-wide environment variable..."
echo "ACCESS_TOKEN=$ACCESS_TOKEN" | sudo tee -a /etc/environment > /dev/null

# 4. Apply the environment variable
source /etc/environment

# 5. Verify token access for www-data user
echo -e "\nVerifying ACCESS_TOKEN for www-data user..."
sudo -u www-data printenv ACCESS_TOKEN

if [ $? -eq 0 ]; then
    echo -e "\n[Success] ACCESS_TOKEN is accessible for www-data user.\n"
else
    echo -e "\n[Error] Failed to access ACCESS_TOKEN for www-data user. Check the setup.\n"
fi

*/30 * * * * /bin/bash /var/lib/redmine/set_access_token.sh

# Run database migrations for Redmine in production mode
# Execute the command as the www-data user
# Enable clear text password plugin for MySQL authentication (use in secure environments only)
sudo -u www-data RAILS_ENV=production bin/rake db:migrate LIBMYSQL_ENABLE_CLEARTEXT_PLUGIN=1