sparry

#!/bin/sh

#############################################################################
# Version 1.4.2-RELEASE (27-01-2022)
#############################################################################

#############################################################################
# Copyright 2016-2022 Nozel/Sebas Veeke. Licenced under a Creative Commons
# Attribution-NonCommercial-ShareAlike 4.0 International License.
#
# See https://creativecommons.org/licenses/by-nc-sa/4.0/
#
# Contact:
# > e-mail      mail@nozel.org
# > GitHub      nozel-org
#############################################################################

#############################################################################
# VARIABLES
#############################################################################

# remindbot version
SPARRY_VERSION='1.4.2'

# apache parameters
APACHE_DIR='/usr/local/etc/apache24'
APACHE_CONFDIR='/usr/local/etc/apache24/Includes'
DEFAULT_DOCUMENTROOT='/usr/local/www'

# let's encrypt parameters
LETSENCRYPT_CERTDIR='/usr/local/etc/letsencrypt'

# zero out used variables
ARGUMENT_VERSION='0'
ARGUMENT_HELP='0'
ARGUMENT_SPAWN='0'
ARGUMENT_DESPAWN='0'
ARGUMENT_PROXY='0'
ARGUMENT_EXAMPLE='0'
ARGUMENT_NONE='0'
DNS_RECORDS='0'
DOMAIN_NAME='0'
CHOICE_SUBDOMAIN='0'
DOCUMENTROOT_PATH='0'
CHOICE_TLS='0'
EMAIL_ADDRESS='0'
CHOICE_SECURITY_HEADERS='0'
CHOICE_EXAMPLE_TEMPLATE='0'
CHOICE_LOGGING='0'
CHOICE_RESTART_APACHE='0'
APACHE_LISTEN_IP='0'
LETSENCRYPT_EMAIL='0'

# additional parameters can be configured in /usr/local/etc/sparry.conf
# if the sparry configuration file exists, it gets sources by sparry
if [ -f /usr/local/etc/sparry.conf ]; then
    . /usr/local/etc/sparry.conf
fi

#############################################################################
# ARGUMENTS
#############################################################################

# enable help, version and a cli option
while test -n "$1"; do
    case "$1" in
        # options
        --version|-v)
            ARGUMENT_VERSION='1'
            shift
            ;;
        --help|help|-h)
            ARGUMENT_HELP='1'
            shift
            ;;
        # features
        --spawn|spawn|-s)
            ARGUMENT_SPAWN='1'
            shift
            ;;
        --despawn|despawn|-d)
            ARGUMENT_DESPAWN='1'
            shift
            ;;
        --proxy|proxy|-p)
            ARGUMENT_PROXY='1'
            shift
            ;;
        --example|example|-e)
            ARGUMENT_EXAMPLE='1'
            shift
            ;;
        --harden|harden|-h)
            ARGUMENT_HARDEN='1'
            shift
            ;;
        # other
        *)
            ARGUMENT_NONE='1'
            shift
            ;;
    esac
done

#############################################################################
# ERROR FUNCTIONS
#############################################################################

# argument errors
error_invalid_option() {
    echo 'sparry: invalid argument'
    echo "Use 'sparry --help' for a list of valid arguments."
    exit 1
}

error_wrong_amount_of_arguments() {
    echo 'sparry: wrong amount of arguments'
    echo "Use 'sparry --help' for a list of valid arguments."
    exit 1
}

error_not_yet_implemented() {
    echo 'sparry: this feature has not been implemented yet.'
    exit 1
}

# requirement errors
error_os_not_supported() {
    echo 'sparry: operating system is not supported.'
    exit 1
}

error_apache_not_installed() {
    echo 'sparry: apache not installed'
    echo "use 'pkg install apache24' or install apache from ports."
    exit 1
}

error_certbot_not_installed() {
    echo 'sparry: certbot not installed'
    echo "use 'pkg install py38-certbot py38-certbot-apache' or install certbot from ports."
    exit 1
}

error_curl_not_installed() {
    echo 'sparry: curl not installed'
    echo "use 'pkg install curl' or install curl from ports."
    exit 1
}

error_no_root_privileges() {
    echo 'sparry: you need to be root to perform this command'
    echo "use 'sudo sparry', 'sudo -s' or run sparry as root user."
    exit 1
}

error_no_internet_connection() {
    echo 'sparry: access to the internet is required.'
    exit 1
}

# feature errors
error_type_yes_or_no() {
    echo '     error: type yes or no and press enter to continue.'
}

error_type_valid_number() {
    echo '     error: type a valid number and press enter to continue.'
}

error_dns_required() {
    echo '     error: propagated DNS required, please configure DNS first.'
    exit 1
}

error_invalid_domain() {
    echo '     error: invalid domain: add a valid domain. a valid domain:'
    echo '       - consists of domain.tld or subdomain.domain.tld.'
    echo '       - can be reached from this server (nameservers and records).'
}

error_user_validation_failed() {
    echo '     Too bad, but you can always try again. Bye.'
    exit 0
}

error_empty_port_required() {
    echo 'Cannot find service that has port 80 in use, please stop service first.'
    exit 1
}

#############################################################################
# REQUIREMENT FUNCTIONS
#############################################################################

requirement_root() {
    # show error when sparry has no root privileges
    if [ "$(id -u)" -ne 0 ]; then
        error_no_root_privileges
    fi
}

requirement_os() {
    # show error when freebsd-version cannot be found (which probably means the user isn't running FreeBSD)
    if [ ! "$(command -v freebsd-version)" ]; then
        error_os_not_supported
    fi
}

requirement_apache() {
    # show error when apachectl cannot be found (which probably means the user has not installed apache)
    if [ ! "$(command -v apachectl)" ]; then
        error_apache_not_installed
    fi
}

requirement_certbot() {
    # show error when apachectl cannot be found (which probably means the user has not installed certbot)
    if [ ! "$(command -v certbot)" ]; then
        error_certbot_not_installed
    fi
}

requirement_curl() {
    # show error when curl cannot be found (which probably means the user has not installed curl)
    if [ ! "$(command -v curl)" ]; then
        error_curl_not_installed
    fi
}

requirement_internet() {
    # check internet connection
    if ! nc -zw2 google.com 443 2>/dev/null; then
        error_no_internet_connection
    fi
}

#############################################################################
# GENERAL FUNCTIONS
#############################################################################

sparry_version() {
    echo "sparry version ${SPARRY_VERSION}"
    echo "Copyright (C) 2016-2022 Nozel."
    echo "License CC Attribution-NonCommercial-ShareAlike 4.0 Int."
    echo
    echo "Written by Sebas Veeke"
}

sparry_help() {
    echo "Usage:"
    echo " sparry [option]..."
    echo
    echo "Features:"
    echo " -s, --spawn          Start guided creation of new apache vhost configuration"
    #echo " -d, --despawn        Start guided removal of apache vhost configuration"
    #echo " -p, --proxy          Start guided creation of new apache proxy vhost creation"
    echo " -e, --example        Create example vhost configuration for manual editing"
    echo
    echo "Options:"
    echo " -h, --help           Display this help and exit"
    echo " -v, --version        Display version information and exit"
}

#############################################################################
# SUPPORT FUNCTIONS
#############################################################################

validate_dns_records() {
    # Sparry simply compares the default external IPv4 address with the DNS A record of the domain(s) chosen.
    if [ "$(host -4 -t A $1 | grep -w "has address" | awk '{print $4}')" = "${EXTERNAL_IP_ADDRESS}" ]; then
        echo "     > Domain $1 has been configured correctly"
    else
        echo
        echo "error: DNS is not configured correctly or is not yet propagated."
        echo "Add 'A  $1  ${EXTERNAL_IP_ADDRESS}' to DNS configuration or wait for the propagation."
        exit 1
    fi
}

check_apache_modules() {
    # make sure apache configuration (httpd.conf) has required modules enabled
    echo
    echo 'Effectuating user choices'
    # some modules have to be enabled in order to work nicely with sparry. it first checks whether 
    # they are enabled in http.conf and if not tries to uncomment the commented module listing.
    # if that fails as well it adds the needed entries itself on the end of http.conf
    echo '> Checking httpd.conf for required apache modules'
    # make sure mod_ssl is enabled
    grep --line-regexp --quiet 'LoadModule ssl_module libexec/apache24/mod_ssl.so' ${APACHE_DIR}/httpd.conf
    if [ "${?}" -eq '0' ]; then
        echo '> ssl_module is already enabled'
    else
        echo '> ssl_module is disabled, enabling now'
        grep --line-regexp --quiet '#LoadModule ssl_module libexec/apache24/mod_ssl.so' ${APACHE_DIR}/httpd.conf
        if [ "${?}" -eq '0' ]; then
            sed -i -e s%'#LoadModule ssl_module libexec/apache24/mod_ssl.so'%'LoadModule ssl_module libexec/apache24/mod_ssl.so'%g ${APACHE_DIR}/httpd.conf
        else
            echo '' >> ${APACHE_DIR}/httpd.conf
            echo '# Line below was automatically added by Sparry' >> ${APACHE_DIR}/httpd.conf
            echo 'LoadModule ssl_module libexec/apache24/mod_ssl.so' >> ${APACHE_DIR}/httpd.conf
        fi
    fi
    # make sure mod_rewrite is enabled
    grep --line-regexp --quiet 'LoadModule rewrite_module libexec/apache24/mod_rewrite.so' ${APACHE_DIR}/httpd.conf
    if [ "${?}" -eq '0' ]; then
        echo '> rewrite_module is already enabled'
    else
        echo '> rewrite_modules is disabled, enabling now'
        grep --line-regexp --quiet '#LoadModule rewrite_module libexec/apache24/mod_rewrite.so' ${APACHE_DIR}/httpd.conf
        if [ "${?}" -eq '0' ]; then
            sed -i -e s%'#LoadModule rewrite_module libexec/apache24/mod_rewrite.so'%'LoadModule rewrite_module libexec/apache24/mod_rewrite.so'%g ${APACHE_DIR}/httpd.conf
        else
            echo '' >> ${APACHE_DIR}/httpd.conf
            echo '# Line below was automatically added by Sparry' >> ${APACHE_DIR}/httpd.conf
            echo 'LoadModule rewrite_module libexec/apache24/mod_rewrite.so' >> ${APACHE_DIR}/httpd.conf
        fi
    fi
    # make sure apache listens on port 443
    echo '> Checking if apache listens on port 443'
    grep --line-regexp --quiet '^Listen.*443.*$' ${APACHE_DIR}/httpd.conf
    if [ "${?}" -eq '0' ]; then
        echo '> Apache is already listening on port 443'
    else
        echo '> Apache does not listen on port 443, enabling now'
        grep --line-regexp --quiet '#Listen 443' ${APACHE_DIR}/httpd.conf
        if [ "${?}" -eq '0' ]; then
            sed -i -e s%'#Listen443'%'Listen 443'%g ${APACHE_DIR}/httpd.conf
        else
            echo >> ${APACHE_DIR}/httpd.conf
            echo '# Line below was automatically added by Sparry' >> ${APACHE_DIR}/httpd.conf
            echo 'Listen 443' >> ${APACHE_DIR}/httpd.conf
        fi
    fi            
    # make sure nothing uses port 80 (certbot needs it)
    echo '> Checking if port 80 is being currently used'
    sockstat -l | grep :80 > /dev/null
    if [ "${?}" -eq '0' ]; then
        echo '> Port 80 is being used, trying to find service'
        service apache24 status > /dev/null
        if [ "${?}" -eq '0' ]; then
            echo '> Apache found on port 80, stopping service apache'
            service apache24 stop
        else
            echo '> Cannot find service that uses port 80, please stop service first'
            error_empty_port_required
        fi
    else
        echo '> Port 80 is not being used, Sparry will continue'
    fi
}

request_certificate() {
    # request TLS certificate through certbot based on chosen key size and (sub)domain layout
    # explanation of certbot arguments:
    # 'certonly' let us retrieve only a certificate, since Sparry will take care of putting it in the vhost
    # 'standalone' is the used certbot method
    # 'quiet' is used to suppress certbot output
    # 'non-interactive' makes certbot somewhat non-interactive
    # 'agree-tos' accepts the certbot terms of service without user interaction
    # 'email' adds the earlier given email address, also to limit user interaction
    # 'certname' makes sure our certificate always have the name of the domain
    # 'rsa-key-size' let us choose the rsa key size (in this case either 2048 or 4096 bit)
    # 'domain' is pretty self-explanatory
    echo '> Requesting TLS certificate'
    if [ "${CHOICE_TLS}" = '1' ] && [ "${CHOICE_SUBDOMAIN}" = '1' ]; then
        certbot certonly --standalone --quiet --non-interactive --agree-tos --email ${EMAIL_ADDRESS} --cert-name ${DOMAIN_NAME} --rsa-key-size 2048 --domain ${DOMAIN_NAME}
    elif [ "${CHOICE_TLS}" = '1' ] && [ "${CHOICE_SUBDOMAIN}" = '2' ]; then
        certbot certonly --standalone --quiet --non-interactive --agree-tos --email ${EMAIL_ADDRESS} --cert-name ${DOMAIN_NAME} --rsa-key-size 2048 --domain ${DOMAIN_NAME} --domain www.${DOMAIN_NAME}
    elif [ "${CHOICE_TLS}" = '2' ] && [ "${CHOICE_SUBDOMAIN}" = '1' ]; then
        certbot certonly --standalone --quiet --non-interactive --agree-tos --email ${EMAIL_ADDRESS} --cert-name ${DOMAIN_NAME} --rsa-key-size 4096 --domain ${DOMAIN_NAME}
    elif [ "${CHOICE_TLS}" = '2' ] && [ "${CHOICE_SUBDOMAIN}" = '2' ]; then
        certbot certonly --standalone --quiet --non-interactive --agree-tos --email ${EMAIL_ADDRESS} --cert-name ${DOMAIN_NAME} --rsa-key-size 4096 --domain ${DOMAIN_NAME} --domain www.${DOMAIN_NAME}
    fi
    echo '> Certificate received'
}

#############################################################################
# FEATURE FUNCTIONS
#############################################################################

feature_spawn() {
    ### 1 GATHER USER INPUT
    echo
    echo 'Sparry will guide you through the creation of a new apache virtual host'
    echo 'configuration file. Please answer the following questions:'
    echo
    # this question is meant to make clear to the user that DNS should really be configured before using sparry
    while true
        do
            read -r -p '(1)  Did you configure and propagate relevant DNS records? [yes/no]: ' DNS_RECORDS
            [ "${DNS_RECORDS}" = 'yes' ] || [ "${DNS_RECORDS}" = 'y' ] || \
            [ "${DNS_RECORDS}" = 'no' ] || [ "${DNS_RECORDS}" = 'n' ] && break
            error_type_yes_or_no
        done
    # show error when user didn't configure DNS
    if [ "${DNS_RECORDS}" = 'no' ] || [ "${DNS_RECORDS}" = 'n' ]; then
        error_dns_required
    fi
    # ask for the domain name and validate input by checking if the given domain is usable
    while true
        do
            read -r -p '(2)  Enter domain name (e.g. domain.tld): ' DOMAIN_NAME
            echo "     > Performing DNS lookup for ${DOMAIN_NAME}"
            host "${DOMAIN_NAME}" > /dev/null
            [ "$?" -eq '0' ] && break
                error_invalid_domain
        done
    echo "     > Domain ${DOMAIN_NAME} OK"
    # ask for (sub)domain layout and validate input
    echo '(3)  Select (sub)domain layout:'
    echo "     1 ${DOMAIN_NAME}"
    echo "     2 ${DOMAIN_NAME} and www.${DOMAIN_NAME}"
    while true
        do
            read -r -p '     [1-2]: ' CHOICE_SUBDOMAIN
            [ "${CHOICE_SUBDOMAIN}" = '1' ] || [ "${CHOICE_SUBDOMAIN}" = '2' ] && break
            error_type_valid_number
        done
    # check whether DNS records have been properly set
    echo '     > Performing external IP address lookup'
    EXTERNAL_IP_ADDRESS="$(curl --silent ipecho.net/plain)"
    echo "     > External IP address is ${EXTERNAL_IP_ADDRESS}"
    echo '     > Checking if DNS records have been set correctly'
    if [ "${CHOICE_SUBDOMAIN}" = '1' ]; then
        validate_dns_records "${DOMAIN_NAME}"
    elif [ "${CHOICE_SUBDOMAIN}" = '2' ]; then
        validate_dns_records "${DOMAIN_NAME}"
        validate_dns_records "www.${DOMAIN_NAME}"
    fi
    # ask for DocumentRoot and if empty variable, populate with $DEFAULT_DOCUMENTROOT
    echo "(4)  DocumentRoot (full path or empty for /usr/local/www/${DOMAIN_NAME}):"
    read -r -p '     : ' DOCUMENTROOT_PATH
    if [ -z "${DOCUMENTROOT_PATH}" ]; then
        DOCUMENTROOT_PATH="${DEFAULT_DOCUMENTROOT}"
        echo "     default path ${DOCUMENTROOT_PATH} will be used"
    fi
    # ask whether user wants a tls certificate and validate input
    echo '(5)  Select TLS certificate'
    echo '     1 TLS certificate with RSA key size of 2048 bits (default)'
    echo '     2 TLS certificate with RSA key size of 4096 bits (paranoid)'
    while true
        do
            read -r -p '     [1-2]: ' CHOICE_TLS
            [ "${CHOICE_TLS}" = '1' ] || [ "${CHOICE_TLS}" = '2' ] && break
            error_type_valid_number
        done
    # let's encrypt requires a email address, but you can add a fake one. another option would be to
    # use the --register-unsafely-without-email flag, but that isn't recommended so it isn't supported
    if [ "${LETSENCRYPT_EMAIL}" = '0' ]; then
        read -r -p "(5b) Enter Let's Encrypt email address: " EMAIL_ADDRESS
    else
        echo "(5b) Found email address in sparry.conf, skipping question"
        EMAIL_ADDRESS="${LETSENCRYPT_EMAIL}"
    fi
    echo '(6)  Select VirtualHost profile'
    echo '     General profiles:'
    echo '     1  Strict           [enforce: HTTPS] [disable: ext-resource, inline-css, iframes]'
    echo '     2  Loose            [enforce: HTTPS] [disable: ext-resource, iframes] [enable: inline-css]'
    echo '     3  Poor             [enforce: HTTPS] [enable: ext-resource, inline-css, iframes]'
    echo '     4  Weak             [allow: HTTP]    [enable: ext-resource, inline-css, iframes]'
    echo '     5  Disable          [disable: HTTP security headers]'
    echo ''
    echo '     Application profiles:'
    echo '     6  Wordpress        VirtualHost configuration for default Wordpress installation'
    echo '     7  Nextcloud        VirtualHost configuration for default Nextcloud installation'
    echo ''
    echo '     Reverse proxy profiles:'
    echo '     8  Proxy Strict     Reverse Proxy VirtualHost configuration based on Strict profile'
    echo '     9  Proxy Loose      Reverse Proxy VirtualHost configuration based on Loose profile'
    echo '     10 Proxy Poor       Reverse Proxy VirtualHost configuration based on Poor profile'
    echo '     11 Proxy Weak       Reverse Proxy VirtualHost configuration based on Weak profile'
    echo '     12 Proxy Disable    Reverse Proxy VirtualHost configuration based on Disable profile'
    echo '     13 Proxy Wordpress  Reverse Proxy VirtualHost configuration based on Wordpress profile'
    echo '     14 Proxy Nextcloud  Reverse Proxy VirtualHost configuration based on Nextcloud profile'
    while true
        do
            read -r -p '     [1-14]: ' CHOICE_SECURITY_HEADERS
            [ "${CHOICE_SECURITY_HEADERS}" = '1' ] || [ "${CHOICE_SECURITY_HEADERS}" = '2' ] || \
            [ "${CHOICE_SECURITY_HEADERS}" = '3' ] || [ "${CHOICE_SECURITY_HEADERS}" = '4' ] || \
            [ "${CHOICE_SECURITY_HEADERS}" = '5' ] || [ "${CHOICE_SECURITY_HEADERS}" = '6' ] || \
            [ "${CHOICE_SECURITY_HEADERS}" = '7' ] || [ "${CHOICE_SECURITY_HEADERS}" = '8' ] || \
            [ "${CHOICE_SECURITY_HEADERS}" = '9' ] || [ "${CHOICE_SECURITY_HEADERS}" = '10' ] || \
            [ "${CHOICE_SECURITY_HEADERS}" = '11' ] || [ "${CHOICE_SECURITY_HEADERS}" = '12' ] || \
            [ "${CHOICE_SECURITY_HEADERS}" = '13' ] || [ "${CHOICE_SECURITY_HEADERS}" = '14' ] && break
            error_type_valid_number
        done
    # ask what logging configuration should be used and validate input
    echo '(7)  Select logging'
    echo '     1 Error logging'
    echo '     2 Access logging'
    echo '     3 Error and access logging'
    echo '     4 No logging'
    while true
        do
            read -r -p '     [1-4]: ' CHOICE_LOGGING
            [ "${CHOICE_LOGGING}" = '1' ] || [ "${CHOICE_LOGGING}" = '2' ] || \
            [ "${CHOICE_LOGGING}" = '3' ] || [ "${CHOICE_LOGGING}" = '4' ] && break
            error_type_valid_number
        done
    # ask whether apache should be restarted after the new web configuration has been created and validate input
    while true
        do
            read -r -p '(8)  Restart apache after creation? [yes/no]: ' CHOICE_RESTART_APACHE
            [ "${CHOICE_RESTART_APACHE}" = 'yes' ] || [ "${CHOICE_RESTART_APACHE}" = 'y' ] || \
            [ "${CHOICE_RESTART_APACHE}" = 'no' ] || [ "${CHOICE_RESTART_APACHE}" = 'n' ] && break
            error_type_yes_or_no
        done

    ### 2 VALIDATE USER INPUT
    # show user all given answers and validate user input one last time
    echo '(9)  Does the following configuration look reasonable?'
    echo '     ############################################################################'
    if [ "${CHOICE_SUBDOMAIN}" = '1' ]; then
        echo "     # ServerName:         ${DOMAIN_NAME}"
        echo "     # DocumentRoot:       ${DOCUMENTROOT_PATH}/${DOMAIN_NAME}"
    elif [ "${CHOICE_SUBDOMAIN}" = '2' ]; then
        echo "     # ServerName:         ${DOMAIN_NAME}"
        echo "     # ServerAlias         www.${DOMAIN_NAME}"
        echo "     # DocumentRoot:       ${DOCUMENTROOT_PATH}/${DOMAIN_NAME}"
    fi
    if [ "${CHOICE_TLS}" = '1' ]; then
        echo '     # TLS certificate:    RSA 2048'
        echo "     # TLS email address:  ${EMAIL_ADDRESS}"
    elif [ "${CHOICE_TLS}" = '2' ]; then
        echo '     # TLS certificate:    RSA 4096'
        echo "     # TLS email address:  ${EMAIL_ADDRESS}"
    fi
    if [ "${CHOICE_SECURITY_HEADERS}" = '1' ]; then
        echo '     # Selected profile:   Strict'
        echo '     # Security headers:'
        echo '     #   Strict-Transport-Security: "max-age=31536000; includeSubDomains;"'
        echo '     #   X-Frame-Options "DENY"'
        echo '     #   X-XSS-Protection: "1; mode=block"'
        echo '     #   X-Content-Type-Options "nosniff"'
        echo '     #   X-Permitted-Cross-Domain-Policies: none'
        echo '     #   Referrer-Policy same-origin'
        echo "     #   Content-Security-Policy: default-src https://${DOMAIN_NAME}"
    elif [ "${CHOICE_SECURITY_HEADERS}" = '2' ]; then
        echo '     # Selected profile:   Loose'
        echo '     # Security headers:'
        echo '     #   Strict-Transport-Security: "max-age=31536000; includeSubDomains;"'
        echo '     #   X-Frame-Options "DENY"'
        echo '     #   X-XSS-Protection: "1; mode=block"'
        echo '     #   X-Content-Type-Options "nosniff"'
        echo '     #   X-Permitted-Cross-Domain-Policies: none'
        echo '     #   Referrer-Policy same-origin'
        echo "     #   Content-Security-Policy: default-src https://${DOMAIN_NAME}; style-src 'unsafe-inline'"
    elif [ "${CHOICE_SECURITY_HEADERS}" = '3' ]; then
        echo '     # Selected profile:   Poor'
        echo '     # Security headers:'
        echo '     #   Strict-Transport-Security: "max-age=31536000; includeSubDomains;"'
        echo '     #   X-Frame-Options "SAMEORIGIN"'
        echo '     #   X-XSS-Protection: "1; mode=block"'
        echo '     #   X-Content-Type-Options "nosniff"'
        echo '     #   X-Permitted-Cross-Domain-Policies: none'
        echo '     #   Referrer-Policy same-origin'
        echo "     #   Content-Security-Policy: default-src https:; style-src 'unsafe-inline'"
    elif [ "${CHOICE_SECURITY_HEADERS}" = '4' ]; then
        echo '     # Selected profile:   Weak'
        echo '     # Security headers:'
        echo '     #   X-Frame-Options "SAMEORIGIN"'
        echo '     #   X-XSS-Protection: "1; mode=block"'
        echo '     #   X-Content-Type-Options "nosniff"'
        echo '     #   X-Permitted-Cross-Domain-Policies: none'
        echo '     #   Referrer-Policy same-origin'
    elif [ "${CHOICE_SECURITY_HEADERS}" = '5' ]; then
        echo '     # Selected profile:   Disable'
        echo '     # Security headers:   Disabled'
    elif [ "${CHOICE_SECURITY_HEADERS}" = '6' ]; then
        echo '     # Selected profile:   Wordpress'
        echo '     # Security headers:'
        echo '     #   Header always set Strict-Transport-Security: "max-age=31536000; includeSubDomains;"'
        echo '     #   Header always set X-Frame-Options "SAMEORIGIN"'
        echo '     #   Header always set X-XSS-Protection: "1; mode=block"'
        echo '     #   Header always set X-Content-Type-Options "nosniff"'
        echo '     #   Header always set X-Permitted-Cross-Domain-Policies: none'
        echo '     #   Header always set Referrer-Policy same-origin'
        echo '     #   Header always set Content-Security-Policy "default-src https: data: 'unsafe-inline' 'unsafe-eval'"'
    elif [ "${CHOICE_SECURITY_HEADERS}" = '7' ]; then
        echo '     # Selected profile:   Nextcloud'
        echo '     # Security headers:'
        echo '     #   Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains"'
    elif [ "${CHOICE_SECURITY_HEADERS}" = '8' ]; then
        echo '     # Selected profile:   Proxy Strict'
        echo '     # Security headers:'
        echo '     #   Strict-Transport-Security: "max-age=31536000; includeSubDomains;"'
        echo '     #   X-Frame-Options "DENY"'
        echo '     #   X-XSS-Protection: "1; mode=block"'
        echo '     #   X-Content-Type-Options "nosniff"'
        echo '     #   X-Permitted-Cross-Domain-Policies: none'
        echo '     #   Referrer-Policy same-origin'
        echo "     #   Content-Security-Policy: default-src https://${DOMAIN_NAME}"
    elif [ "${CHOICE_SECURITY_HEADERS}" = '9' ]; then
        echo '     # Selected profile:   Proxy Loose'
        echo '     # Security headers:'
        echo '     #   Strict-Transport-Security: "max-age=31536000; includeSubDomains;"'
        echo '     #   X-Frame-Options "DENY"'
        echo '     #   X-XSS-Protection: "1; mode=block"'
        echo '     #   X-Content-Type-Options "nosniff"'
        echo '     #   X-Permitted-Cross-Domain-Policies: none'
        echo '     #   Referrer-Policy same-origin'
        echo "     #   Content-Security-Policy: default-src https://${DOMAIN_NAME}; style-src 'unsafe-inline'"
    elif [ "${CHOICE_SECURITY_HEADERS}" = '10' ]; then
        echo '     # Selected profile:   Proxy Poor'
        echo '     # Security headers:'
        echo '     #   Strict-Transport-Security: "max-age=31536000; includeSubDomains;"'
        echo '     #   X-Frame-Options "SAMEORIGIN"'
        echo '     #   X-XSS-Protection: "1; mode=block"'
        echo '     #   X-Content-Type-Options "nosniff"'
        echo '     #   X-Permitted-Cross-Domain-Policies: none'
        echo '     #   Referrer-Policy same-origin'
        echo "     #   Content-Security-Policy: default-src https:; style-src 'unsafe-inline'"
    elif [ "${CHOICE_SECURITY_HEADERS}" = '4' ]; then
        echo '     # Selected profile:   Proxy Weak'
        echo '     # Security headers:'
        echo '     #   X-Frame-Options "SAMEORIGIN"'
        echo '     #   X-XSS-Protection: "1; mode=block"'
        echo '     #   X-Content-Type-Options "nosniff"'
        echo '     #   X-Permitted-Cross-Domain-Policies: none'
        echo '     #   Referrer-Policy same-origin'
    elif [ "${CHOICE_SECURITY_HEADERS}" = '5' ]; then
        echo '     # Selected profile:   Proxy Disable'
        echo '     # Security headers:   Disabled'
    elif [ "${CHOICE_SECURITY_HEADERS}" = '6' ]; then
        echo '     # Selected profile:   Proxy Wordpress'
        echo '     # Security headers:'
        echo '     #   Header always set Strict-Transport-Security: "max-age=31536000; includeSubDomains;"'
        echo '     #   Header always set X-Frame-Options "SAMEORIGIN"'
        echo '     #   Header always set X-XSS-Protection: "1; mode=block"'
        echo '     #   Header always set X-Content-Type-Options "nosniff"'
        echo '     #   Header always set X-Permitted-Cross-Domain-Policies: none'
        echo '     #   Header always set Referrer-Policy same-origin'
        echo '     #   Header always set Content-Security-Policy "default-src https: data: 'unsafe-inline' 'unsafe-eval'"'
    elif [ "${CHOICE_SECURITY_HEADERS}" = '7' ]; then
        echo '     # Selected profile:   Proxy Nextcloud'
        echo '     # Security headers:'
        echo '     #   Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains"'
    fi
    if [ "${CHOICE_LOGGING}" = '1' ]; then
        echo '     # Logging:            Error logging'
    elif [ "${CHOICE_LOGGING}" = '2' ]; then
        echo '     # Logging:            Access logging'
    elif [ "${CHOICE_LOGGING}" = '3' ]; then
        echo '     # Logging:            Error and access logging'
    elif [ "${CHOICE_LOGGING}" = '4' ]; then
        echo '     # Logging:            Disabled'
    fi
    if [ "${CHOICE_RESTART_APACHE}" = 'yes' ]; then
        echo "     # Restart Apache:     Yes"
    elif [ "${CHOICE_RESTART_APACHE}" = 'no' ]; then
        echo "     # Restart Apache:     No"
    fi
    echo '     ############################################################################'
    while true
        do
            read -r -p '     (yes/no): ' USER_VALIDATION
            [ "${USER_VALIDATION}" = 'yes' ] || [ "${USER_VALIDATION}" = 'y' ] || \
            [ "${USER_VALIDATION}" = 'no' ] || [ "${USER_VALIDATION}" = 'n' ] && break
            error_type_yes_or_no
        done
    # stop script if user validation didn't succeed
    if [ "${USER_VALIDATION}" = 'no' ] || [ "${USER_VALIDATION}" = 'n' ]; then
        error_user_validation_failed
    fi

    ### 3 EFFECTUATE USER CHOICES
    check_apache_modules
    request_certificate
  
    # spawn VirtualHost configuration file based on choices
    echo "> Downloading base VirtualHost template to ${DOMAIN_NAME}.conf"
    if [ "${CHOICE_SECURITY_HEADERS}" = '1' ]; then
        curl -s https://raw.githubusercontent.com/nozel-org/freebsd-apache-sparry/master/templates/template_virtualhost_strict.conf -o "${APACHE_CONFDIR}/${DOMAIN_NAME}.conf"
    elif [ "${CHOICE_SECURITY_HEADERS}" = '2' ]; then
        curl -s https://raw.githubusercontent.com/nozel-org/freebsd-apache-sparry/master/templates/template_virtualhost_loose.conf -o "${APACHE_CONFDIR}/${DOMAIN_NAME}.conf"
    elif [ "${CHOICE_SECURITY_HEADERS}" = '3' ]; then
        curl -s https://raw.githubusercontent.com/nozel-org/freebsd-apache-sparry/master/templates/template_virtualhost_poor.conf -o "${APACHE_CONFDIR}/${DOMAIN_NAME}.conf"
    elif [ "${CHOICE_SECURITY_HEADERS}" = '4' ]; then
        curl -s https://raw.githubusercontent.com/nozel-org/freebsd-apache-sparry/master/templates/template_virtualhost_weak.conf -o "${APACHE_CONFDIR}/${DOMAIN_NAME}.conf"
    elif [ "${CHOICE_SECURITY_HEADERS}" = '5' ]; then
        curl -s https://raw.githubusercontent.com/nozel-org/freebsd-apache-sparry/master/templates/template_virtualhost_disable.conf -o "${APACHE_CONFDIR}/${DOMAIN_NAME}.conf"
    elif [ "${CHOICE_SECURITY_HEADERS}" = '6' ]; then
        curl -s https://raw.githubusercontent.com/nozel-org/freebsd-apache-sparry/master/templates/template_virtualhost_wordpress.conf -o "${APACHE_CONFDIR}/${DOMAIN_NAME}.conf"
    elif [ "${CHOICE_SECURITY_HEADERS}" = '7' ]; then
        curl -s https://raw.githubusercontent.com/nozel-org/freebsd-apache-sparry/master/templates/template_virtualhost_nextcloud.conf -o "${APACHE_CONFDIR}/${DOMAIN_NAME}.conf"
    elif [ "${CHOICE_SECURITY_HEADERS}" = '8' ]; then
        curl -s https://raw.githubusercontent.com/nozel-org/freebsd-apache-sparry/master/templates/template_virtualhost_proxy_strict.conf -o "${APACHE_CONFDIR}/${DOMAIN_NAME}.conf"
    elif [ "${CHOICE_SECURITY_HEADERS}" = '9' ]; then
        curl -s https://raw.githubusercontent.com/nozel-org/freebsd-apache-sparry/master/templates/template_virtualhost_proxy_loose.conf -o "${APACHE_CONFDIR}/${DOMAIN_NAME}.conf"
    elif [ "${CHOICE_SECURITY_HEADERS}" = '10' ]; then
        curl -s https://raw.githubusercontent.com/nozel-org/freebsd-apache-sparry/master/templates/template_virtualhost_proxy_poor.conf -o "${APACHE_CONFDIR}/${DOMAIN_NAME}.conf"
    elif [ "${CHOICE_SECURITY_HEADERS}" = '11' ]; then
        curl -s https://raw.githubusercontent.com/nozel-org/freebsd-apache-sparry/master/templates/template_virtualhost_proxy_weak.conf -o "${APACHE_CONFDIR}/${DOMAIN_NAME}.conf"
    elif [ "${CHOICE_SECURITY_HEADERS}" = '12' ]; then
        curl -s https://raw.githubusercontent.com/nozel-org/freebsd-apache-sparry/master/templates/template_virtualhost_proxy_disable.conf -o "${APACHE_CONFDIR}/${DOMAIN_NAME}.conf"
    elif [ "${CHOICE_SECURITY_HEADERS}" = '13' ]; then
        curl -s https://raw.githubusercontent.com/nozel-org/freebsd-apache-sparry/master/templates/template_virtualhost_proxy_wordpress.conf -o "${APACHE_CONFDIR}/${DOMAIN_NAME}.conf"
    elif [ "${CHOICE_SECURITY_HEADERS}" = '14' ]; then
        curl -s https://raw.githubusercontent.com/nozel-org/freebsd-apache-sparry/master/templates/template_virtualhost_proxy_nextcloud.conf -o "${APACHE_CONFDIR}/${DOMAIN_NAME}.conf"
    fi

    echo "> Setting ownership and permissions on ${DOMAIN_NAME}.conf"
    chown root:wheel ${APACHE_CONFDIR}/${DOMAIN_NAME}.conf
    chmod 644 ${APACHE_CONFDIR}/${DOMAIN_NAME}.conf

    echo "> Customizing VirtualHost configuration in ${DOMAIN_NAME}.conf"
    if [ "${CHOICE_SUBDOMAIN}" = '1' ]; then
        sed -i '' '/ServerAlias www.<domain_name>/d' "${APACHE_CONFDIR}/${DOMAIN_NAME}.conf"
        sed -i '' '/RewriteCond %{SERVER_NAME} =www.<domain_name>/d' "${APACHE_CONFDIR}/${DOMAIN_NAME}.conf"
        # remove [OR] in 'RewriteCond %{SERVER_NAME} =<domain_name> [OR]'
        sed -i '' "s/\[OR\]//g" "${APACHE_CONFDIR}/${DOMAIN_NAME}.conf"
    fi
    if [ "${CHOICE_LOGGING}" = '1' ]; then
        sed -i '' '\|CustomLog "/var/log/httpd-<domain_name>-access.log" common|d' "${APACHE_CONFDIR}/${DOMAIN_NAME}.conf"
    elif [ "${CHOICE_LOGGING}" = '2' ]; then
        sed -i '' '\|ErrorLog "/var/log/httpd-<domain_name>-error.log"|d' "${APACHE_CONFDIR}/${DOMAIN_NAME}.conf"
    elif [ "${CHOICE_LOGGING}" = '4' ]; then
        sed -i '' '\|# Logging|d' "${APACHE_CONFDIR}/${DOMAIN_NAME}.conf"
        sed -i '' '\|CustomLog "/var/log/httpd-<domain_name>-access.log" common|d' "${APACHE_CONFDIR}/${DOMAIN_NAME}.conf"
        sed -i '' '\|ErrorLog "/var/log/httpd-<domain_name>-error.log"|d' "${APACHE_CONFDIR}/${DOMAIN_NAME}.conf"
    fi
    sed -i '' s%"<domain_name>"%"${DOMAIN_NAME}"%g "${APACHE_CONFDIR}/${DOMAIN_NAME}.conf"

    # create DocumentRoot if it not already exists
    if [ ! -d "${DOCUMENTROOT_PATH}/${DOMAIN_NAME}" ]; then
        echo "> Creating document folder ${DOCUMENTROOT_PATH}/${DOMAIN_NAME}"
        mkdir -p "${DOCUMENTROOT_PATH}/${DOMAIN_NAME}"
        echo "> Setting document folder user and group to www"
        chown www:www "${DOCUMENTROOT_PATH}/${DOMAIN_NAME}"
    else
        echo "> Document folder ${DOCUMENTROOT_PATH}/${DOMAIN_NAME} already exists, skipping creation"
    fi
    # create sparry test page if no other index.html already exists
    if [ ! -f "${DOCUMENTROOT_PATH}/${DOMAIN_NAME}/index.html" ]; then
        echo "> Creating test file in ${DOCUMENTROOT_PATH}/${DOMAIN_NAME}/index.html"
        touch "${DOCUMENTROOT_PATH}/${DOMAIN_NAME}/index.html"
        echo '<!DOCTYPE html>' > "${DOCUMENTROOT_PATH}/${DOMAIN_NAME}/index.html"
        echo '<html>' >> "${DOCUMENTROOT_PATH}/${DOMAIN_NAME}/index.html"
        echo '<body>' >> "${DOCUMENTROOT_PATH}/${DOMAIN_NAME}/index.html"
        echo '<h1>Sparry spawned new virtual host succesfully</h1>' >> "${DOCUMENTROOT_PATH}/${DOMAIN_NAME}/index.html"
        echo '</body>' >> "${DOCUMENTROOT_PATH}/${DOMAIN_NAME}/index.html"
        echo '</html>' >> "${DOCUMENTROOT_PATH}/${DOMAIN_NAME}/index.html"
        echo "> Setting test file user and group to www"
        chown www:www "${DOCUMENTROOT_PATH}/${DOMAIN_NAME}/index.html"
        
    else
        echo "> File ${DOCUMENTROOT_PATH}/${DOMAIN_NAME}/index.html already exists, skipping creation"
    fi
    # start apache again if user chose to do so
    if [ "${CHOICE_RESTART_APACHE}" = 'yes' ] || [ "${CHOICE_RESTART_APACHE}" = 'y' ]; then
        echo '> Start apache webserver'
        service apache24 start > /dev/null
    fi
    # show user relevant file locations in a handy overview
    echo
    echo '     ############################################################################'
    echo "     # All done! Check ${DOMAIN_NAME} to see your new configuration in action."
    echo '     #'
    echo '     # File locations:'
    echo "     # VirtualHost configuration:  ${APACHE_CONFDIR}/${DOMAIN_NAME}.conf"
    echo "     # DocumentRoot directory:     ${DOCUMENTROOT_PATH}/${DOMAIN_NAME}"
    echo "     # Certificate directory:      ${LETSENCRYPT_CERTDIR}/live/${DOMAIN_NAME}"
    echo '     ############################################################################'
    echo
}

feature_example() {
    echo 'Sparry will create a example VirtualHost configuration file that can be manually editted to taste.'
    echo
    # ask for DocumentRoot and if empty variable, populate with $DEFAULT_DOCUMENTROOT
    echo '(1)  Enter domain name (enter for example.tld):'
    read -r -p '     : ' DOMAIN_NAME
    if [ -z "${DOMAIN_NAME}" ]; then
        DOMAIN_NAME='example.tld'
        echo '     > default domain example.tld will be used'
    fi

    echo '(2)  What example VirtualHost file do you wish to spawn?'
    echo '     General profiles:'
    echo '     1  Strict           [enforce: HTTPS] [disable: ext-resource, inline-css, iframes]'
    echo '     2  Loose            [enforce: HTTPS] [disable: ext-resource, iframes] [enable: inline-css]'
    echo '     3  Poor             [enforce: HTTPS] [enable: ext-resource, inline-css, iframes]'
    echo '     4  Weak             [allow: HTTP]    [enable: ext-resource, inline-css, iframes]'
    echo '     5  Disable          [disable: HTTP security headers]'
    echo ''
    echo '     Application profiles:'
    echo '     6  Wordpress        VirtualHost configuration for default Wordpress installation'
    echo '     7  Nextcloud        VirtualHost configuration for default Nextcloud installation'
    echo ''
    echo '     Reverse proxy profiles:'
    echo '     8  Proxy Strict     Reverse Proxy VirtualHost configuration based on Strict profile'
    echo '     9  Proxy Loose      Reverse Proxy VirtualHost configuration based on Loose profile'
    echo '     10 Proxy Poor       Reverse Proxy VirtualHost configuration based on Poor profile'
    echo '     11 Proxy Weak       Reverse Proxy VirtualHost configuration based on Weak profile'
    echo '     12 Proxy Disable    Reverse Proxy VirtualHost configuration based on Disable profile'
    echo '     13 Proxy Wordpress  Reverse Proxy VirtualHost configuration based on Wordpress profile'
    echo '     14 Proxy Nextcloud  Reverse Proxy VirtualHost configuration based on Nextcloud profile'
    while true
        do
            read -r -p '     [1-14]: ' CHOICE_EXAMPLE_TEMPLATE
            [ "${CHOICE_SECURITY_HEADERS}" = '1' ] || [ "${CHOICE_SECURITY_HEADERS}" = '2' ] || \
            [ "${CHOICE_SECURITY_HEADERS}" = '3' ] || [ "${CHOICE_SECURITY_HEADERS}" = '4' ] || \
            [ "${CHOICE_SECURITY_HEADERS}" = '5' ] || [ "${CHOICE_SECURITY_HEADERS}" = '6' ] || \
            [ "${CHOICE_SECURITY_HEADERS}" = '7' ] || [ "${CHOICE_SECURITY_HEADERS}" = '8' ] || \
            [ "${CHOICE_SECURITY_HEADERS}" = '9' ] || [ "${CHOICE_SECURITY_HEADERS}" = '10' ] || \
            [ "${CHOICE_SECURITY_HEADERS}" = '11' ] || [ "${CHOICE_SECURITY_HEADERS}" = '12' ] || \
            [ "${CHOICE_SECURITY_HEADERS}" = '13' ] || [ "${CHOICE_SECURITY_HEADERS}" = '14' ] && break
            error_type_valid_number
        done

    # spawn VirtualHost configuration file based on choices
    echo "     > Downloading base VirtualHost template to ${DOMAIN_NAME}.conf"
    if [ "${CHOICE_EXAMPLE_TEMPLATE}" = '1' ]; then
        curl -s https://raw.githubusercontent.com/nozel-org/freebsd-apache-sparry/master/templates/template_virtualhost_strict.conf -o "${DOMAIN_NAME}.conf.example"
    elif [ "${CHOICE_EXAMPLE_TEMPLATE}" = '2' ]; then
        curl -s https://raw.githubusercontent.com/nozel-org/freebsd-apache-sparry/master/templates/template_virtualhost_loose.conf -o "${DOMAIN_NAME}.conf.example"
    elif [ "${CHOICE_EXAMPLE_TEMPLATE}" = '3' ]; then
        curl -s https://raw.githubusercontent.com/nozel-org/freebsd-apache-sparry/master/templates/template_virtualhost_poor.conf -o "${DOMAIN_NAME}.conf.example"
    elif [ "${CHOICE_EXAMPLE_TEMPLATE}" = '4' ]; then
        curl -s https://raw.githubusercontent.com/nozel-org/freebsd-apache-sparry/master/templates/template_virtualhost_weak.conf -o "${DOMAIN_NAME}.conf.example"
    elif [ "${CHOICE_EXAMPLE_TEMPLATE}" = '5' ]; then
        curl -s https://raw.githubusercontent.com/nozel-org/freebsd-apache-sparry/master/templates/template_virtualhost_disable.conf -o "${DOMAIN_NAME}.conf.example"
    elif [ "${CHOICE_EXAMPLE_TEMPLATE}" = '6' ]; then
        curl -s https://raw.githubusercontent.com/nozel-org/freebsd-apache-sparry/master/templates/template_virtualhost_wordpress.conf -o "${DOMAIN_NAME}.conf.example"
    elif [ "${CHOICE_EXAMPLE_TEMPLATE}" = '7' ]; then
        curl -s https://raw.githubusercontent.com/nozel-org/freebsd-apache-sparry/master/templates/template_virtualhost_nextcloud.conf -o "${DOMAIN_NAME}.conf.example"
    elif [ "${CHOICE_EXAMPLE_TEMPLATE}" = '8' ]; then
        curl -s https://raw.githubusercontent.com/nozel-org/freebsd-apache-sparry/master/templates/template_virtualhost_proxy_strict.conf -o "${DOMAIN_NAME}.conf.example"
    elif [ "${CHOICE_EXAMPLE_TEMPLATE}" = '9' ]; then
        curl -s https://raw.githubusercontent.com/nozel-org/freebsd-apache-sparry/master/templates/template_virtualhost_proxy_loose.conf -o "${DOMAIN_NAME}.conf.example"
    elif [ "${CHOICE_EXAMPLE_TEMPLATE}" = '10' ]; then
        curl -s https://raw.githubusercontent.com/nozel-org/freebsd-apache-sparry/master/templates/template_virtualhost_proxy_poor.conf -o "${DOMAIN_NAME}.conf.example"
    elif [ "${CHOICE_EXAMPLE_TEMPLATE}" = '11' ]; then
        curl -s https://raw.githubusercontent.com/nozel-org/freebsd-apache-sparry/master/templates/template_virtualhost_proxy_weak.conf -o "${DOMAIN_NAME}.conf.example"
    elif [ "${CHOICE_EXAMPLE_TEMPLATE}" = '12' ]; then
        curl -s https://raw.githubusercontent.com/nozel-org/freebsd-apache-sparry/master/templates/template_virtualhost_proxy_disable.conf -o "${DOMAIN_NAME}.conf.example"
    elif [ "${CHOICE_EXAMPLE_TEMPLATE}" = '13' ]; then
        curl -s https://raw.githubusercontent.com/nozel-org/freebsd-apache-sparry/master/templates/template_virtualhost_proxy_wordpress.conf -o "${DOMAIN_NAME}.conf.example"
    elif [ "${CHOICE_EXAMPLE_TEMPLATE}" = '14' ]; then
        curl -s https://raw.githubusercontent.com/nozel-org/freebsd-apache-sparry/master/templates/template_virtualhost_proxy_nextcloud.conf -o "${DOMAIN_NAME}.conf.example"
    fi

    # show user relevant file locations in a handy overview
    echo
    echo '     ############################################################################'
    echo "     # All done!"
    echo '     #'
    echo "     # Virtual host configuration:       ${DOMAIN_NAME}.conf.example"
    echo '     ############################################################################'
    echo
}

#############################################################################
# MAIN FUNCTION
#############################################################################

sparry_main() {
    # check if os is supported
    requirement_os

    # check argument validity
    #requirement_argument_validity

    # call relevant functions based on arguments
    if [ "${ARGUMENT_VERSION}" = '1' ]; then
        sparry_version
    elif [ "${ARGUMENT_HELP}" = '1' ]; then
        sparry_help
    elif [ "${ARGUMENT_SPAWN}" = '1' ]; then
        requirement_root
        requirement_os
        requirement_internet
        requirement_apache
        requirement_certbot
        requirement_curl
        feature_spawn
    elif [ "${ARGUMENT_DESPAWN}" = '1' ]; then
        error_not_yet_implemented
    elif [ "${ARGUMENT_PROXY}" = '1' ]; then
        error_not_yet_implemented
    elif [ "${ARGUMENT_EXAMPLE}" = '1' ]; then
        requirement_root
        requirement_os
        requirement_internet
        requirement_apache
        feature_example
    elif [ "${ARGUMENT_HARDEN}" = '1' ]; then
        error_not_yet_implemented
    elif [ "${ARGUMENT_NONE}" = '1' ]; then
        error_invalid_option
    fi
}

#############################################################################
# CALL MAIN FUNCTION
#############################################################################

sparry_main