#!/usr/bin/env bash
# setup-server.sh — Bootstrap a fresh Ubuntu 22.04/24.04 LTS Vultr VPS
# Run once as root (or with sudo) after provisioning.
# Usage: bash setup-server.sh

set -euo pipefail

DOMAIN="ghl.cast.ph"
APP_DIR="/opt/cast-ghl-plugin"
REPO_URL="https://github.com/CAST-ph/cast-ghl-plugin.git"   # adjust if needed

echo "==> Updating system packages"
apt-get update -q && apt-get upgrade -y -q

echo "==> Installing dependencies"
apt-get install -y -q \
    ca-certificates curl gnupg ufw \
    nginx certbot python3-certbot-nginx \
    git

echo "==> Installing Docker"
install -m 0755 -d /etc/apt/keyrings
curl -fsSL https://download.docker.com/linux/ubuntu/gpg \
    | gpg --dearmor -o /etc/apt/keyrings/docker.gpg
chmod a+r /etc/apt/keyrings/docker.gpg
echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] \
https://download.docker.com/linux/ubuntu $(. /etc/os-release && echo "$VERSION_CODENAME") stable" \
    | tee /etc/apt/sources.list.d/docker.list > /dev/null
apt-get update -q
apt-get install -y -q docker-ce docker-ce-cli containerd.io docker-compose-plugin
systemctl enable --now docker

echo "==> Configuring firewall"
ufw default deny incoming
ufw default allow outgoing
ufw allow ssh
ufw allow 'Nginx Full'
ufw --force enable

echo "==> Cloning application"
mkdir -p "$APP_DIR"
if [ -d "$APP_DIR/.git" ]; then
    git -C "$APP_DIR" pull
else
    git clone "$REPO_URL" "$APP_DIR"
fi

echo "==> Installing Nginx config"
cp "$APP_DIR/deploy/nginx/ghl.cast.ph.conf" /etc/nginx/sites-available/"$DOMAIN"
ln -sf /etc/nginx/sites-available/"$DOMAIN" /etc/nginx/sites-enabled/"$DOMAIN"
rm -f /etc/nginx/sites-enabled/default
nginx -t && systemctl reload nginx

echo "==> Obtaining Let's Encrypt certificate"
certbot --nginx -d "$DOMAIN" --non-interactive --agree-tos -m ops@cast.ph
systemctl reload nginx

echo ""
echo "=== Setup complete ==="
echo "Next: copy .env to $APP_DIR/.env then run deploy/deploy.sh"