#!/usr/bin/env python3

import sys
from pathlib import Path

script_dir = Path(__file__).parent.absolute()

sys.path.insert(0, str(script_dir))

from shared import install_latest_pipx, local_bin, poetry_install_latest, run, step

logs_dir = Path("/var/log/advlabdb/")

step("Update system packages")
run("sudo apt update")
run("sudo apt dist-upgrade")

step("Remove unused packages")
run("sudo apt autoremove")

step("Install needed system packages")
run("sudo apt install python3 python3-pip python3-venv ufw nginx systemd -y")

step("Install optional system packages")
run("sudo apt install htop")

step("Setup firewall")
run("sudo ufw default allow outgoing")
run("sudo ufw default deny incoming")
run("sudo ufw allow ssh")
run("sudo ufw allow http/tcp")
# TODO: Setup https
# run("sudo ufw allow https/tcp")
run("sudo ufw enable")
run("sudo ufw status")

step("Enable Gunicorn")
gunicorn_service_file = script_dir / "gunicorn.service"
run(f"sudo cp -v {gunicorn_service_file} /etc/systemd/system/")
run("sudo systemctl enable gunicorn")

step("Setup Nginx")
for dir_appendix in ("available", "enabled"):
    run(f"sudo rm -v /etc/nginx/sites-{dir_appendix}/default")

nginx_conf_file = script_dir / "advlabdb.conf"
run(f"sudo cp -v {nginx_conf_file} /etc/nginx/sites-available/")
run("sudo ln -v -s /etc/nginx/sites-available/advlabdb.conf /etc/nginx/sites-enabled/")
run("sudo systemctl enable nginx")

step("Install pipx")
install_latest_pipx()

pipx_bin = local_bin / "pipx"

step("Install Poetry")
run(f"{pipx_bin} install poetry")
# Place virtual environments in the root directory of the project
# The virtual environment will then be found in /home/admin/advlabdb/.venv
poetry_bin = local_bin / "poetry"
run(f"{poetry_bin} config virtualenvs.in-project true")

step("Install Certbot")
run(f"{pipx_bin} install certbot")
run(f"{pipx_bin} inject certbot certbot-nginx")

step("Setup Certbot")
certbot_bin = local_bin / "certbot"
run(f"sudo {certbot_bin} --nginx")
run(
    f"echo \"0 0,12 * * * root python3 -c 'import random; import time; time.sleep(random.random() * 3600)' && sudo {certbot_bin} renew -q\" | sudo tee -a /etc/crontab"
)

step("Setup update cron jobs")

user_update_script = script_dir / "user_update.py"
user_update_log = logs_dir / "user_update.log"

root_update_script = script_dir / "root_update.py"
root_update_log = logs_dir / "root_update.log"

# Every Sunday at 04:00
run(f'echo "0 4 * * 0 admin python3 {user_update_script} &>> {user_update_log}" | sudo tee -a /etc/crontab')
# Every Sunday at 04:15
run(f'echo "15 4 * * 0 root python3 {root_update_script} &>> {root_update_log}" | sudo tee -a /etc/crontab')

step("Install latest Poetry packages")
poetry_install_latest(script_dir)

step("Deactivate the 'root' user")
run("sudo passwd -l root")

step("Reboot")
run("sudo reboot")