#!/bin/bash

SDIR="$(cd -- "$(dirname -- "${BASH_SOURCE[0]}")" && pwd)"

source "$SDIR/shared.sh"

LOGS_DIR=/var/log/advlabdb

step "Update system packages"
sudo apt update
sudo apt dist-upgrade

step "Remove unused packages"
sudo apt autoremove

step "Install needed system packages"
sudo apt install python3 python3-pip python3-venv ufw nginx systemd -y

step "Install optional system packages"
sudo apt install htop

step "Setup firewall"
sudo ufw default allow outgoing
sudo ufw default deny incoming
sudo ufw allow ssh
sudo ufw allow http/tcp
# TODO: Setup https
#sudo ufw allow https/tcp
sudo ufw enable
sudo ufw status

step "Enable Gunicorn"
sudo cp -v "$SDIR/gunicorn.service" /etc/systemd/system/
sudo systemctl enable gunicorn

step "Setup Nginx"
sudo rm -v /etc/nginx/sites-{available,enabled}/default
sudo cp -v "$SDIR/advlabdb.conf" /etc/nginx/sites-available/
sudo ln -v -s /etc/nginx/sites-available/advlabdb.conf /etc/nginx/sites-enabled/
sudo systemctl enable nginx

step "Install pipx"
install_latest_pipx
LOCAL_BIN=/home/admin/.local/bin/
PATH="$LOCAL_BIN:$PATH"

step "Install Poetry"
pipx install poetry

step "Install Certbot"
pipx install certbot
pipx inject certbot certbot-nginx

step "Setup Certbot"
sudo "$LOCAL_BIN/certbot" --nginx
echo "0 0,12 * * * root python3 -c 'import random; import time; time.sleep(random.random() * 3600)' && sudo $LOCAL_BIN/certbot renew -q" | sudo tee -a /etc/crontab

step "Setup update cron jobs"
# Every Sunday at 04:00
echo "0 4 * * 0 admin bash $SDIR/user_update.sh &>> $LOGS_DIR/user_update.log" | sudo tee -a /etc/crontab
# Every Sunday at 04:15
echo "15 4 * * 0 root bash $SDIR/root_update.sh &>> $LOGS_DIR/root_update.log" | sudo tee -a /etc/crontab

step "Install latest Poetry packages"
poetry_install_latest

step "Deactivate the 'root' user"
sudo passwd -l root

step "Reboot"
sudo reboot