#!/usr/bin/env xonsh

from pathlib import Path
import sys

script_dir = Path(__file__).parent.absolute()

sys.path.insert(0, str(script_dir))

from shared import step, install_latest_pipx, poetry_install_latest

logs_dir = Path("/var/log/advlabdb")

step("Update system packages")
sudo apt update
sudo apt dist-upgrade

step("Remove unused packages")
sudo apt autoremove

step("Install needed system packages")
sudo apt install python3 python3-pip python3-venv ufw nginx systemd -y

step("Install optional system packages")
sudo apt install htop

step("Setup firewall")
sudo ufw default allow outgoing
sudo ufw default deny incoming
sudo ufw allow ssh
sudo ufw allow http/tcp
# TODO: Setup https
# sudo ufw allow https/tcp
sudo ufw enable
sudo ufw status

step("Enable Gunicorn")
sudo cp -v @(script_dir)/gunicorn.service /etc/systemd/system/
sudo systemctl enable gunicorn

step("Setup Nginx")
sudo rm -v /etc/nginx/sites-{available,enabled}/default
sudo cp -v @(script_dir)/advlabdb.conf /etc/nginx/sites-available/
sudo ln -v -s /etc/nginx/sites-available/advlabdb.conf /etc/nginx/sites-enabled/
sudo systemctl enable nginx

step("Install pipx")
install_latest_pipx()

local_bin = Path("/home/admin/.local/bin/")
$PATH.insert(0, str(local_bin))

step("Install Poetry")
pipx install poetry

step("Install Certbot")
pipx install certbot
pipx inject certbot certbot-nginx

step("Setup Certbot")
sudo @(local_bin)/certbot --nginx
echo f"0 0,12 * * * root python3 -c 'import random; import time; time.sleep(random.random() * 3600)' && sudo {local_bin}/certbot renew -q" | sudo tee -a /etc/crontab

step("Setup update cron jobs")
# Every Sunday at 04:00
echo f"0 4 * * 0 admin bash {script_dir}/user_update.sh &>> {logs_dir}/user_update.log" | sudo tee -a /etc/crontab
# Every Sunday at 04:15
echo f"15 4 * * 0 root bash {script_dir}/root_update.sh &>> {logs_dir}/root_update.log" | sudo tee -a /etc/crontab

step("Install latest Poetry packages")
poetry_install_latest()

step("Deactivate the 'root' user")
sudo passwd -l root

step("Reboot")
sudo reboot