# Beyond Hosting
# CentOS 7 KVM WHM Installer Automation

#Set the SSH warning not to touch server during installation
echo -e '**************************************************\n __          __     _____  _   _ _____ _   _  _____ \n \ \        / /\   |  __ \| \ | |_   _| \ | |/ ____|\n  \ \  /\  / /  \  | |__) |  \| | | | |  \| | |  __ \n   \ \/  \/ / /\ \ |  _  /| . ` | | | | . ` | | |_ |\n    \  /\  / ____ \| | \ \| |\  |_| |_| |\  | |__| |\n     \/  \/_/    \_\_|  \_\_| \_|_____|_| \_|\_____|\n\nA cPanel installation is currently in progress.\n\nDO NOT REBOOT OR TOUCH THIS SERVER UNTIL \nTHE CPANEL INSTALLATION HAS COMPLETED.\n\nYou can view the status of the cPanel installation\nby running the following command: \n\ntail -f /usr/local/beyondhosting/cpanelinstall.log\n\nPlease wait for the final message stating\nThe Beyond Hosting cPanel installer has finished.\n**************************************************' > /etc/motd

#Set transient hostname to match the static hostname file
hostnamectl set-hostname $(cat /etc/hostname)

#Clean old yum caches from template
yum clean all

#Install required cPanel Packages
yum install rdate bzip2 memcached nrpe wget yum-plugin-priorities -y

#Disable priorities
sed -i '/enabled/s/1/0/' /etc/yum/pluginconf.d/priorities.conf

#Config swap if disabled and activate tuning params.
if ! grep -q swap /etc/fstab; then
dd if=/dev/zero of=/swap bs=256M count=8
chmod 0600 /swap
mkswap /swap
swapon /swap
echo "/swap swap swap defaults 0 0" >> /etc/fstab
fi

echo "vm.swappiness = 1" >> /etc/sysctl.conf
sysctl -p

#Install and configure NRPE 
yum install nagios-plugins-load nagios-plugins-swap nagios-plugins-disk nagios-plugins-dns nagios-plugins-tcp nagios-plugins nagios-common nrpe -y
wget -4 http://mirror.beyondhosting.net/provisioning/cpanel-automated-provisioning/nrpe/bhnrpe.cfg -O /etc/nrpe.d/bhnrpe.cfg
sed -i 's/allowed_hosts=127.0.0.1/allowed_hosts=8.29.138.28/g' -- /etc/nagios/nrpe.cfg

wget -4 http://mirror.beyondhosting.net/provisioning/cpanel-automated-provisioning/nrpe/bh-update-nrpe.service -O /etc/systemd/system/bh-update-nrpe.service
wget -4 http://mirror.beyondhosting.net/provisioning/cpanel-automated-provisioning/nrpe/bh-update-nrpe.timer -O /etc/systemd/system/bh-update-nrpe.timer
wget -4 http://mirror.beyondhosting.net/provisioning/cpanel-automated-provisioning/nrpe/nrpe.service -O /etc/systemd/system/nrpe.service

systemctl daemon-reload
systemctl enable nrpe bh-update-nrpe.service bh-update-nrpe.timer
systemctl restart nrpe bh-update-nrpe.timer

#OOB Automation
# Add User
useradd  -m -d /usr/local/beyondhosting/bhautomation/ bhautomation;

# Add SSH Key
su bhautomation -c "mkdir ~/.ssh && chmod 0700 ~/.ssh && echo 'from=\"8.29.138.28\",no-agent-forwarding,no-port-forwarding,no-X11-forwarding ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDTED38Uv92NSBEau9Dpj9ija3kOUyc2bE7rgNaz2oNm7hP7d9ejAX99DytBUbLVk1eASg8TZECyrGppTkaJ5n08KLVzjbxIPFiobn5CZ1xwu3TfmsGG9HnErgc4HV/FNRMJ5yd96hr78ks1lInK1b1iZq2Jmu+tW/2IfTUHbdJelWyvowocbEln4KhgGY4ZD2bDdVqZyBjtVfbtcBoqicsAXvPFQFeyy0xWxixuwweCheJajKD3CkVEISWJtVraGvbJA/TCcLln/6dbbv2TDFKBB186PUsKdAF+w0dR6SHQ9cRY2C9xZrSg8yyk4RenX1CC3nNcU9MyZXToMuOvFXF' > ~/.ssh/authorized_keys && chmod 600 ~/.ssh/authorized_keys"
echo 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDBocZM9epoxl+iCXTRDmxUobVjATauexZscGNhoWcCKR9QUoWhsOcBQ6iKTepO/L9jT4da6rhSR0t9uvF5KkARpnyCTq7K5E6U0oQen7/dMvQHKyJ3/o5WoD2aen4JAd3uzbeM1clzeRsGaQo0xQoU0NltxTpWJEV3my+L4YKQLitNbYFRoc54bFAJCF46tTJapyiwxDvV9xR9BKfDuQGPJHUkJyf0YHFjLK2iWlKrxkNGfEKXBp+t9X98F6kL+jhGZrNGCCum22if54qTd3lSXwK7xzPeFCHHe8qiW55DUzBdB7wZGyO8XHKOkz6AZnhXB7OtWqTSBqK3JH2uDB7S+2/C+rNKX0MmRzUBljlKH9gIrlgZBsavmTPueyS0wIUSX3SZEe5/9Gc8/V4b+/MYWiK3NdeF6SwNnbJFhVM8Z5FWEXXt4lWGqc9jIXBr8XgxwKz3XeGR2qU7JZeBZxRHTjeQMme3PPiS0K03NxTUb6OisRGvNefzGAJBoLErXJ2ygNk33oAjdtOTVKTEUydLX0MMnC4zIGfXoLHO1XzQWh97Sk2gHmQyXscFwvBV3+W2zwxAJ3/PexnlSVus2Oh/0nKXyq7sQ5JJsn/TKaKMhqyVnXvb7dc1+mtY3lEWY3qTnTUv4I3taGoSuzrQ+gsRGXNIHzSCudy80W0mt3icTw== root@yipyip-yolo.nexcess.net' >> /home/bhautomation/.ssh/authorized_keys
mkdir -p /root/.ssh ; echo 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDBocZM9epoxl+iCXTRDmxUobVjATauexZscGNhoWcCKR9QUoWhsOcBQ6iKTepO/L9jT4da6rhSR0t9uvF5KkARpnyCTq7K5E6U0oQen7/dMvQHKyJ3/o5WoD2aen4JAd3uzbeM1clzeRsGaQo0xQoU0NltxTpWJEV3my+L4YKQLitNbYFRoc54bFAJCF46tTJapyiwxDvV9xR9BKfDuQGPJHUkJyf0YHFjLK2iWlKrxkNGfEKXBp+t9X98F6kL+jhGZrNGCCum22if54qTd3lSXwK7xzPeFCHHe8qiW55DUzBdB7wZGyO8XHKOkz6AZnhXB7OtWqTSBqK3JH2uDB7S+2/C+rNKX0MmRzUBljlKH9gIrlgZBsavmTPueyS0wIUSX3SZEe5/9Gc8/V4b+/MYWiK3NdeF6SwNnbJFhVM8Z5FWEXXt4lWGqc9jIXBr8XgxwKz3XeGR2qU7JZeBZxRHTjeQMme3PPiS0K03NxTUb6OisRGvNefzGAJBoLErXJ2ygNk33oAjdtOTVKTEUydLX0MMnC4zIGfXoLHO1XzQWh97Sk2gHmQyXscFwvBV3+W2zwxAJ3/PexnlSVus2Oh/0nKXyq7sQ5JJsn/TKaKMhqyVnXvb7dc1+mtY3lEWY3qTnTUv4I3taGoSuzrQ+gsRGXNIHzSCudy80W0mt3icTw== root@yipyip-yolo.nexcess.net' >> /root/.ssh/authorized_keys

# Enable sudo
echo 'bhautomation ALL=(ALL) NOPASSWD:ALL'> /etc/sudoers.d/bhautomation

#Bash Profile Customizations

#Root
wget -4 http://mirror.beyondhosting.net/provisioning/cpanel-automated-provisioning/bash/customer-bash_profile -O /root/.bash_profile
wget -4 http://mirror.beyondhosting.net/provisioning/cpanel-automated-provisioning/bash/customer-bashrc -O /root/.bashrc

#Skel
wget -4 http://mirror.beyondhosting.net/provisioning/cpanel-automated-provisioning/bash/customer-bash_profile -O /etc/skel/.bash_profile
wget -4 http://mirror.beyondhosting.net/provisioning/cpanel-automated-provisioning/bash/customer-bashrc -O /etc/skel/.bashrc



#WHM :: Configure Version

#WHM - Configure release tiers /etc/cpupdate.conf
wget -4 http://mirror.beyondhosting.net/provisioning/cpanel-automated-provisioning/cpanel-configs/cpupdate.conf -O /etc/cpupdate.conf

#WHM :: Configure cPanel Settings
mkdir /root/cpanel_profile/
wget -4 http://mirror.beyondhosting.net/provisioning/cpanel-automated-provisioning/cpanel-configs/cpanel.config -O /root/cpanel_profile/cpanel.config

#Configure Defaults for WHM
#edit /etc/wwwacct.conf for pre-loaded configuration

#Customize easyapache before install.
wget -4 http://mirror.beyondhosting.net/provisioning/cpanel-automated-provisioning/apache/bh-ea4-default.json -O /etc/cpanel_initial_install_ea4_profile.json

#Set the fastest mirror (local for sure) (update47.cpanel.net)
#wget -4 http://mirror.beyondhosting.net/provisioning/cpanel-automated-provisioning/cpanel-configs/cpsources.conf -O /etc/cpsources.conf

# Make sure hostname has at least two dots in it (cPanel-style FQDN validation)
while [ `echo $(hostname) | grep -o '\.' |wc -l` -lt 2 ] ; do
  if [ `grep -o '\.' /etc/hostname |wc -l` -ge 2 ] ; then
    # If /etc/hostname contains a FQDN try and set that
    hostnamectl set-hostname $(cat /etc/hostname)
  else
    echo "Error: cPanel requries a FQDN hostname"
    exit 1
  fi
  # Wait 5 seconds before next check
  sleep 5
  # Restart the hostname service to ensure it is updated
  systemctl restart systemd-hostnamed
done


#Disable the cPanel service restart daemon.
mkdir -p /var/cpanel/disabled
touch /var/cpanel/disabled/auto-restart-services

#Install cPanel

cd /home && curl -o latest -L https://securedownloads.cpanel.net/latest && sh latest

#Hide the Feature Showcase screen from WHM logins.
touch /var/cpanel/activate/features/disable_feature_showcase

#Begin Plugin Install

#Set contact email address
ADMIN_EMAIL=root

#Install Softaculous and Update
wget -4 -N http://files.softaculous.com/install.sh -O /tmp/softac.sh
sh /tmp/softac.sh --quick

#Softaculous Tweaks

#Set branding displayed in cPanel interface
replace "$globals['sn'] = 'Softaculous';" "$globals['sn'] = 'Beyond Hosting';" -- /usr/local/cpanel/whostmgr/docroot/cgi/softaculous/enduser/universal.php

#Disable random usernames, value required for enabling random passwords
replace "$globals['random_username'] = '';" "$globals['random_username'] = 0;" -- /usr/local/cpanel/whostmgr/docroot/cgi/softaculous/enduser/universal.php

#Enable randomly generated passwords during installations such as WP
replace "$globals['random_pass'] = '';" "$globals['random_pass'] = 1;" -- /usr/local/cpanel/whostmgr/docroot/cgi/softaculous/enduser/universal.php

#Disable random database prefixes, not needed for cPanel servers
replace "$globals['random_dbprefix'] = '';" "$globals['random_dbprefix'] = 0;" -- /usr/local/cpanel/whostmgr/docroot/cgi/softaculous/enduser/universal.php

#Disable Softaculous email spam
replace "$globals['off_email_link'] = '';" "globals['off_email_link'] = 1;" -- /usr/local/cpanel/whostmgr/docroot/cgi/softaculous/enduser/universal.php

#Disable passwords from being sent via email, security issue
replace "$globals['email_password'] = '';" "$globals['email_password'] = 0;" -- /usr/local/cpanel/whostmgr/docroot/cgi/softaculous/enduser/universal.php

#Disable installation subfolder from being pre-filled. For wordpress sites, this will stop it from installing into /wp/ folder by default
replace "$globals['no_prefill'] = '';" "$globals['no_prefill'] = 1;" -- /usr/local/cpanel/whostmgr/docroot/cgi/softaculous/enduser/universal.php

#Enable Softaculous backup restoration (for any backups that were manually generated by user)
replace "$globals['disable_backup_restore'] = '';" "$globals['disable_backup_restore'] = 0;" -- /usr/local/cpanel/whostmgr/docroot/cgi/softaculous/enduser/universal.php

#Dissallow passwords from being blank
replace "$globals['empty_pass'] = '';" "$globals['empty_pass'] = 0;" -- /usr/local/cpanel/whostmgr/docroot/cgi/softaculous/enduser/universal.php

#Dissallow usernames from being blank
replace "$globals['empty_username'] = '';" "$globals['empty_username'] = 0;" -- /usr/local/cpanel/whostmgr/docroot/cgi/softaculous/enduser/universal.php

#Require a password strength of at least 80 during installations
replace "$globals['pass_strength'] = '';" "$globals['pass_strength'] = 80;" -- /usr/local/cpanel/whostmgr/docroot/cgi/softaculous/enduser/universal.php

#Disable Softaculous auto backups from taking place
replace "$globals['disable_auto_backup'] = '';" "$globals['disable_auto_backup'] = 1;" -- /usr/local/cpanel/whostmgr/docroot/cgi/softaculous/enduser/universal.php

#Disable Softaculous auto daily backup cron
replace "$globals['disable_auto_backup_daily'] = '';" "$globals['disable_auto_backup_daily'] = 1;" -- /usr/local/cpanel/whostmgr/docroot/cgi/softaculous/enduser/universal.php

#Disable Softaculous auto weekly backup cron
replace "$globals['disable_auto_backup_weekly'] = '';" "$globals['disable_auto_backup_weekly'] = 1;" -- /usr/local/cpanel/whostmgr/docroot/cgi/softaculous/enduser/universal.php

#Disable Softaculous auto monthly backup cron
replace "$globals['disable_auto_backup_monthly'] = '';" "$globals['disable_auto_backup_monthly'] = 0;" -- /usr/local/cpanel/whostmgr/docroot/cgi/softaculous/enduser/universal.php

#Set a max of 1 auto backups to be stored on server. 0 would be unlimited
replace "$globals['auto_backup_limit'] = '';" "$globals['auto_backup_limit'] = 1;" -- /usr/local/cpanel/whostmgr/docroot/cgi/softaculous/enduser/universal.php

#Remove random twitter buttons from interface that clutter things up
replace "$globals['install_tweet_off'] = '';" "$globals['install_tweet_off'] = 1;" -- /usr/local/cpanel/whostmgr/docroot/cgi/softaculous/enduser/universal.php
replace "$globals['upgrade_tweet_off'] = '';" "$globals['upgrade_tweet_off'] = 1;" -- /usr/local/cpanel/whostmgr/docroot/cgi/softaculous/enduser/universal.php
replace "$globals['clone_tweet_off'] = '';" "$globals['clone_tweet_off'] = 1;" -- /usr/local/cpanel/whostmgr/docroot/cgi/softaculous/enduser/universal.php

#Disable scripts to be pre-downloaded on the server for faster installation times
replace "$globals['pre_download_all'] = 1;" "$globals['pre_download_all'] = 0;" -- /usr/local/cpanel/whostmgr/docroot/cgi/softaculous/enduser/universal.php

#Install AutoInstall SSL Plugin
curl http://mirror.beyondhosting.net/provisioning/cpanel-automated-provisioning/autoinstallssl/update.sh | bash

# Install CSF
yum install firewalld iptables-services -y
wget -4 -N https://download.configserver.com/csf.tgz -O /tmp/csf.tgz
tar -zxvf /tmp/csf.tgz --directory /root/
cd /root/csf/
./install.sh

#Enable CSF
csf -e

#Grab configuration
wget http://mirror.beyondhosting.net/provisioning/cpanel-automated-provisioning/csf/csf.conf -O /etc/csf/csf.conf
wget http://mirror.beyondhosting.net/provisioning/cpanel-automated-provisioning/csf/csf.pignore -O /etc/csf/csf.pignore
replace 'LF_ALERT_FROM = ""' "LF_ALERT_FROM = \"firewall@`uname -n`\"" -- /etc/csf/csf.conf

#Reload rules
csf -r

# Install Maldet
curl http://mirror.beyondhosting.net/provisioning/cpanel-automated-provisioning/maldet/install.sh | bash

#Install litespeed plugin
yum -y install ea-php54-php-litespeed ea-php55-php-litespeed ea-php56-php-litespeed ea-php70-php-litespeed ea-php71-php-litespeed
cd /usr/src
curl http://www.litespeedtech.com/packages/cpanel/lsws_whm_plugin_install.sh | sh
cd ~

#Finalization for automation ect.
curl "https://clients.beyondhosting.net/automation/api.php?request=update_status&status_id=8"

rm -f /root/latest
rm -f /root/install.sh
rm -f /tmp/softac.sh

#autoinstall ssl cleanup
rm -f /tmp/autoinstallssl.zip
rm -rf /root/autoinstallssl/

#csf cleanup
rm -rf /root/csf/
rm -f /tmp/csf.tgz


#Setup WHM Customizations

# First, figure out our hostname, which is pretty easy. We want the full 
# hostname, so we're not taking any chances and say --fqdn 
host=`/bin/hostname --fqdn | tr '[:upper:]' '[:lower:]'` 
domain=`/bin/hostname --domain | tr '[:upper:]' '[:lower:]'`
hostshort=`/bin/hostname --short | tr '[:upper:]' '[:lower:]'`
ipaddr=`ip addr show dev eth0 | grep -Eo 'inet (addr:)?([0-9]*\.){3}[0-9]*' | grep -Eo '([0-9]*\.){3}[0-9]*' | grep -v '127.0.0.1' | grep -m1 ""`

echo $ipaddr >  /var/cpanel/mainip

sed -r -i "s/ADDR [0-9\.]+/ADDR $ipaddr/" /etc/wwwacct.conf 
sed -r -i "s/HOST .+/HOST $host/" /etc/wwwacct.conf 
sed -r -i "s/NS .+/NS ns1.$domain/" /etc/wwwacct.conf 
sed -r -i "s/NS2 .+/NS2 ns2.$domain/" /etc/wwwacct.conf 

#Detect primary network adapter
ethdev=`ip addr show | awk -v ip="$ipaddr" '$1=="inet" && $3=="brd" && gensub(/\/.*/, "", 1, $2)==ip { print $7 }'`
sed -i "s/ETHDEV/ETHDEV $ethdev/g" /etc/wwwacct.conf
sed -i "s/CONTACTEMAIL/CONTACTEMAIL $ADMIN_EMAIL/g" /etc/wwwacct.conf

#PHP Tweaks 5.6
replace "memory_limit = 32M" "memory_limit = 256M" -- /opt/cpanel/ea-php56/root/etc/php.ini
replace "upload_max_filesize = 2M" "upload_max_filesize = 1024M" -- /opt/cpanel/ea-php56/root/etc/php.ini
replace "max_execution_time = 30" "max_execution_time = 3600" -- /opt/cpanel/ea-php56/root/etc/php.ini

#PHP Tweaks 7.0
replace "memory_limit = 32M" "memory_limit = 256M" -- /opt/cpanel/ea-php70/root/etc/php.ini
replace "upload_max_filesize = 2M" "upload_max_filesize = 1024M" -- /opt/cpanel/ea-php70/root/etc/php.ini
replace "max_execution_time = 30" "max_execution_time = 3600" -- /opt/cpanel/ea-php70/root/etc/php.ini

#PHP Defaults
wget -4 http://mirror.beyondhosting.net/provisioning/cpanel-automated-provisioning/apache/ea4_php.conf -O /etc/cpanel/ea4/php.conf
rm -f /etc/cpanel/ea4/php.conf.cache

#Apache Tweaks
wget -4 http://mirror.beyondhosting.net/provisioning/cpanel-automated-provisioning/apache/apache_local -O /var/cpanel/conf/apache/local
/scripts/rebuildhttpdconf


#Mod Sec Enable
/usr/local/cpanel/scripts/modsec_vendor enable-configs OWASP3

#FTP Tweaks
replace "PassivePortRange:" "PassivePortRange:" -- /etc/pure-ftpd.conf
echo "PassivePortRange: 30000 50000" >> /var/cpanel/conf/pureftpd/main

#Setup WHM with defaults
/usr/local/cpanel/whostmgr/bin/whostmgr2 --updatetweaksettings

#Branding
mkdir /var/cpanel/customizations/
mkdir /var/cpanel/customizations/brand/
wget -4 http://mirror.beyondhosting.net/provisioning/cpanel-automated-provisioning/branding/beyond-cpanel-logo.png -O /var/cpanel/customizations/brand/logo.png
wget -4 http://mirror.beyondhosting.net/provisioning/cpanel-automated-provisioning/branding/beyond-webmail-logo.png -O /var/cpanel/customizations/brand/webmail.png
wget -4 http://mirror.beyondhosting.net/provisioning/cpanel-automated-provisioning/branding/reseller_info.json -O /var/cpanel/customizations/brand/reseller_info.json

#Force theme to basic paper lantern
wget -4 http://mirror.beyondhosting.net/provisioning/cpanel-automated-provisioning/branding/set_theme.sh -O /usr/local/beyondhosting/set_theme.sh
cp /usr/local/beyondhosting/set_theme.sh /etc/cron.daily/settheme
chmod +x /etc/cron.daily/settheme

#Enable Advanced DNS and Disable Shell API
echo $'api_shell=0\nzoneedit=1' > /var/cpanel/features/default

#Enable addon domains in packages
wget -4 http://mirror.beyondhosting.net/provisioning/cpanel-automated-provisioning/cpanel-configs/default-package.conf -O /var/cpanel/packages/default

#Preventive
wget -4 http://mirror.beyondhosting.net/provisioning/cpanel-automated-provisioning/crons/log_clean.sh -O /etc/cron.daily/logclean
chmod +x /etc/cron.daily/logclean

#Setup backup defaults
wget http://mirror.beyondhosting.net/provisioning/cpanel-automated-provisioning/cpbackup/backup_config -O /var/cpanel/backups/config

#Disable whm setup wizard
touch /etc/.whostmgrft 

#Install MySQL Config Monitor service
wget -4 http://mirror.beyondhosting.net/provisioning/cpanel-automated-provisioning/mysql-conf/bh-mysql-monitor.service -O /usr/local/beyondhosting/bh-mysql-monitor.service
wget -4 http://mirror.beyondhosting.net/provisioning/cpanel-automated-provisioning/mysql-conf/mysqlconfig.sh -O /usr/local/beyondhosting/mysqlconfig.sh
chmod +x /usr/local/beyondhosting/mysqlconfig.sh
cp /usr/local/beyondhosting/bh-mysql-monitor.service /etc/systemd/system/bh-mysql-monitor.service
systemctl enable bh-mysql-monitor

#Load customized MySQL Configuration
ramsize=$( free -m | sed  -n -e '/^Mem:/s/^[^0-9]*\([0-9]*\) .*/\1/p' )
ram128gb=$(( 128*1024 * 7 / 8 ))
ram64gb=$(( 64*1024 * 7 / 8 ))
ram48gb=$(( 48*1024 * 7 / 8 ))
ram24gb=$(( 24*1024 * 7 / 8 ))
ram12gb=$(( 12*1024 * 7 / 8 ))
ram6gb=$(( 6*1024 * 7 / 8 ))
ram4gb=$(( 4*1024 * 7 / 8 ))

# 128GB RAM
if [ "$ramsize" -gt "$ram128gb" ]
then
  configtype="128"

# 64GB RAM
elif [ "$ramsize" -gt "$ram64gb" ]
then
  configtype="64"

# 48GB RAM
elif [ "$ramsize" -gt "$ram48gb" ]
then
  configtype="48"

# 24GB RAM
elif [ "$ramsize" -gt "$ram24gb" ]
then
  configtype="24"

# 12GB RAM
elif [ "$ramsize" -gt "$ram12gb" ]
then
  configtype="12"

# 6GB RAM
elif [ "$ramsize" -gt "$ram6gb" ]
then
  configtype="6"

# 4GB RAM
elif [ "$ramsize" -gt "$ram4gb" ]
then
  configtype="4"

else
  configtype="standard"

fi

# Grab the MySQL config
wget -4 http://mirror.beyondhosting.net/provisioning/cpanel-automated-provisioning/mysql-conf/base-mysql-$configtype.conf -O /etc/my.cnf
wget -4 http://mirror.beyondhosting.net/provisioning/cpanel-automated-provisioning/mysql-conf/limit_nofile.conf -O /usr/lib/systemd/system/mariadb.service.d/limit_nofile.conf

#Reload systemctl for change
systemctl daemon-reload

# Clean up InnoDB log files
rm -f /var/lib/mysql/ib_logfile*

#Configure Memcached
wget -4 http://mirror.beyondhosting.net/provisioning/cpanel-automated-provisioning/memcached/memcached.conf -O /etc/sysconfig/memcached
yum install ea4-experimental -y
yum install ea-php*-php-devel ea-php56-php-memcached.x86_64 ea-php70-php-memcached.x86_64 -y

#Enable FPM Requirements
yum install -y ea-php54-php-fpm ea-php55-php-fpm ea-php71-php-fpm

#Ensure EA4 is the correct profile
/usr/local/bin/ea_install_profile  --install  /etc/cpanel_initial_install_ea4_profile.json

# Restart MySQL
systemctl restart mysql

#Disable Unused Services
systemctl disable saslauthd
systemctl disable xinetd
systemctl disable portreserve
systemctl disable rpcbind

#Enable new Services
systemctl enable memcached

# Whitelist office IP in cphulk & CSF
whmapi1 create_cphulk_record list_name=white ip=8.29.138.28
csf -a 8.29.138.28

#Whitelist cloudflare 
#IPv4
for i in `curl https://www.cloudflare.com/ips-v4`; do csf -a $i; done;
#IPv6
for i in `curl https://www.cloudflare.com/ips-v6`; do csf -a $i; done;

#Clear root email before we configure the forwarder.
rm -f /var/spool/mail/root

#Final tasks

#Create default cPanel
cpusername=`echo $domain | sed -e 's/[^a-z]//g' | cut -c1-7`
cppassword=`openssl rand -base64 24`
whmapi1 createacct username=$cpusername domain=$domain password=$cppassword
echo cPanel Username: $cpusername
echo cPanel Password: $cppassword
unset username
unset cppassword

#Create DNS Entrys
whmapi1 addzonerecord domain=$domain name=$host. class=IN ttl=86400 type=A address=$ipaddr
whmapi1 addzonerecord domain=$domain name=ns1.$domain. class=IN ttl=86400 type=A address=$ipaddr
whmapi1 addzonerecord domain=$domain name=ns2.$domain. class=IN ttl=86400 type=A address=$ipaddr

#Disable UPCP Emails.
replace "/usr/local/cpanel/scripts/upcp --cron" "/usr/local/cpanel/scripts/upcp --cron > /dev/null 2>&1" -- /var/spool/cron/root
echo $ADMIN_EMAIL > /root/.forward

#Clear it all up.
rm -f /etc/systemd/system/bh-cpanel-install.service
rm -f /etc/systemd/system/multi-user.target.wants/bh-cpanel-install.service
rm -f /usr/local/beyondhosting/servicestarter.sh
rm -f /var/cpanel/disabled/auto-restart-services

#reload systemd
systemctl daemon-reload

#Install CDP-Agent
echo '[r1soft]
name=R1Soft Repository Server
baseurl=http://repo.r1soft.com/yum/stable/$basearch/
enabled=1
gpgcheck=0'>/etc/yum.repos.d/r1soft.repo;
yum install kernel-devel serverbackup-enterprise-agent -y;
systemctl enable cdp-agent

#Enable auto updating
wget https://mirror.beyondhosting.net/provisioning/cpanel-automated-provisioning/r1soft/update_r1soft_keys -O /usr/local/beyondhosting/update_r1soft_keys
chmod +x /usr/local/beyondhosting/update_r1soft_keys

wget -4 http://mirror.beyondhosting.net/provisioning/cpanel-automated-provisioning/r1soft/bh-update-r1soft.service -O /etc/systemd/system/bh-update-r1soft.service
wget -4 http://mirror.beyondhosting.net/provisioning/cpanel-automated-provisioning/r1soft/bh-update-r1soft.timer -O /etc/systemd/system/bh-update-r1soft.timer

systemctl daemon-reload
systemctl enable bh-update-r1soft.service bh-update-r1soft.timer

#wget -4 http://mirror.beyondhosting.net/provisioning/cpanel-automated-provisioning/r1soft/cdpserver1.pub.key -O /usr/sbin/r1soft/conf/server.allow/cdpserver1
#wget -4 http://mirror.beyondhosting.net/provisioning/cpanel-automated-provisioning/r1soft/cdpserver2.pub.key -O /usr/sbin/r1soft/conf/server.allow/cdpserver2
#wget -4 http://mirror.beyondhosting.net/provisioning/cpanel-automated-provisioning/r1soft/cdpserver3.pub.key -O /usr/sbin/r1soft/conf/server.allow/cdpserver3

#CDP-Agent runs this at first boot
#r1soft-setup --get-module

#Remove the installation warning message from SSH.
echo '' > /etc/motd

echo -e '*************************************************\nThe Beyond Hosting cPanel installer has finished.\n*************************************************'

#Update System
yum update -y

#Done, reboot!
reboot