#!/bin/bash
# Production Setup Script for Faction War Dispatch Bot
# Run this script on your Linux server as root (sudo bash setup_production.sh)
#
# This script will:
#   - Create a service user 'factionwar' (no password by default)
#   - Clone the repository from https://git.jerick.xyz/jerick/faction_war_dispatch_bot.git
#   - Install all dependencies
#   - Configure Nginx with SSL
#   - Set up systemd service
#   - Configure firewall
#
# Note: To set a password for the factionwar user later (if needed for SSH):
#   sudo passwd factionwar

set -e  # Exit on error

echo "========================================"
echo "Faction War Dispatch Bot - Setup Script"
echo "========================================"
echo ""

# Check if running as root
if [ "$EUID" -ne 0 ]; then
    echo "Please run as root (use sudo)"
    exit 1
fi

# Get domain name
read -p "Enter your domain name (e.g., faction.yourdomain.com): " DOMAIN
if [ -z "$DOMAIN" ]; then
    echo "Domain name is required!"
    exit 1
fi

# Get email for Let's Encrypt
read -p "Enter your email for SSL certificate (Let's Encrypt): " EMAIL
if [ -z "$EMAIL" ]; then
    echo "Email is required for SSL certificate!"
    exit 1
fi

echo ""
echo "Installing required packages..."
apt update
apt install -y python3 python3-pip python3-venv nginx certbot python3-certbot-nginx git

echo ""
echo "Creating application user..."
if ! id "factionwar" &>/dev/null; then
    # Create user without password (non-interactive)
    adduser --disabled-password --gecos "" --home /opt/faction-war factionwar
    echo "Created user: factionwar"
fi

echo ""
echo "Setting up application directory..."
mkdir -p /opt/faction-war/app
cd /opt/faction-war/app

# Clone repository if directory is empty
if [ -z "$(ls -A /opt/faction-war/app)" ]; then
    echo "Cloning repository from https://git.jerick.xyz/jerick/faction_war_dispatch_bot.git"
    git clone https://git.jerick.xyz/jerick/faction_war_dispatch_bot.git .

    if [ $? -ne 0 ]; then
        echo "Failed to clone repository. Please check:"
        echo "  - Repository URL is correct"
        echo "  - You have access to the repository"
        echo "  - Network connection is working"
        exit 1
    fi

    # Set ownership
    chown -R factionwar:factionwar /opt/faction-war/app
    echo "Repository cloned successfully"
else
    echo "Application directory already exists, skipping clone"
fi

echo ""
echo "Setting up Python virtual environment..."
if [ ! -d "venv" ]; then
    sudo -u factionwar python3 -m venv venv
fi

echo "Installing Python dependencies..."
sudo -u factionwar venv/bin/pip install -r requirements.txt

echo ""
echo "Creating data directory..."
mkdir -p /opt/faction-war/app/data
chown -R factionwar:factionwar /opt/faction-war/app/data
chmod 700 /opt/faction-war/app/data

echo ""
echo "Setting up environment file..."
if [ ! -f ".env" ]; then
    cp .env.example .env
    echo ""
    echo "⚠️  IMPORTANT: Edit /opt/faction-war/app/.env with your configuration!"
    echo "   Generate secure secrets with:"
    echo "   - AUTH_PASSWORD: openssl rand -base64 32"
    echo "   - JWT_SECRET: openssl rand -hex 64"
    echo ""
    read -p "Press Enter to edit .env file now (or Ctrl+C to exit and edit later)..."
    nano .env
fi

chown factionwar:factionwar .env
chmod 600 .env

echo ""
echo "Setting up Nginx configuration..."
# Create a basic HTTP-only config first (Certbot will add SSL)
cat > /etc/nginx/sites-available/faction-war << EOF
# Basic HTTP configuration - Certbot will add SSL
server {
    listen 80;
    listen [::]:80;
    server_name $DOMAIN;

    location / {
        proxy_pass http://127.0.0.1:8000;
        proxy_set_header Host \$host;
        proxy_set_header X-Real-IP \$remote_addr;
        proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto \$scheme;
    }
}
EOF

ln -sf /etc/nginx/sites-available/faction-war /etc/nginx/sites-enabled/faction-war

# Remove default nginx site if it exists
rm -f /etc/nginx/sites-enabled/default

echo ""
echo "Testing Nginx configuration..."
nginx -t

echo ""
echo "Reloading Nginx..."
systemctl reload nginx

echo ""
echo "Getting SSL certificate from Let's Encrypt..."
echo "Certbot will automatically configure SSL in the Nginx config"
certbot --nginx -d $DOMAIN --non-interactive --agree-tos --email $EMAIL --redirect

echo ""
echo "Setting up systemd service..."
cp faction-war.service /etc/systemd/system/faction-war.service
systemctl daemon-reload
systemctl enable faction-war
systemctl start faction-war

echo ""
echo "Configuring firewall..."
ufw --force enable
ufw allow ssh
ufw allow 80/tcp
ufw allow 443/tcp

echo ""
echo "Setting up backup cron job..."
cat > /opt/faction-war/backup.sh << 'EOF'
#!/bin/bash
BACKUP_DIR="/opt/faction-war/backups"
DATE=$(date +%Y%m%d_%H%M%S)
APP_DIR="/opt/faction-war/app"

mkdir -p $BACKUP_DIR
tar -czf $BACKUP_DIR/data_backup_$DATE.tar.gz -C $APP_DIR data/
find $BACKUP_DIR -name "data_backup_*.tar.gz" -mtime +7 -delete
echo "Backup completed: data_backup_$DATE.tar.gz"
EOF

chmod +x /opt/faction-war/backup.sh

# Add to crontab if not already present
(crontab -l 2>/dev/null | grep -v backup.sh; echo "0 2 * * * /opt/faction-war/backup.sh") | crontab -

echo ""
echo "========================================"
echo "Setup Complete!"
echo "========================================"
echo ""
echo "Your application should now be running at: https://$DOMAIN"
echo ""
echo "User Account Information:"
echo "  - Service user: factionwar (no password by default)"
echo "  - Work as this user: sudo -u factionwar bash"
echo "  - Set password (if needed): sudo passwd factionwar"
echo "  - Application directory: /opt/faction-war/app"
echo ""
echo "Important next steps:"
echo "1. Visit https://$DOMAIN and log in with your AUTH_PASSWORD"
echo "2. Configure your API keys in the Settings page"
echo "3. Test the application functionality"
echo ""
echo "Useful commands:"
echo "  - Check status: sudo systemctl status faction-war"
echo "  - View logs: sudo journalctl -u faction-war -f"
echo "  - Restart: sudo systemctl restart faction-war"
echo "  - Update code: cd /opt/faction-war/app && sudo -u factionwar git pull && sudo systemctl restart faction-war"
echo "  - Edit config: sudo -u factionwar nano /opt/faction-war/app/.env"
echo ""
echo "Security reminders:"
echo "  - Keep your .env file secure (chmod 600)"
echo "  - Regularly update: apt update && apt upgrade"
echo "  - Monitor logs for suspicious activity"
echo "  - Backup data regularly (automated at 2 AM daily)"
echo ""