#!/bin/bash
# =============================================================================
# setup-main.sh — Preparar una VM limpia Ubuntu/Debian para la VM Principal
# =============================================================================
# Este script instala Docker, Docker Compose, Git, configura firewall basico
# y genera secrets automaticos para la VM Principal.
# =============================================================================

set -e

RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
BLUE='\033[0;34m'
NC='\033[0m'

log_info()  { echo -e "${BLUE}[INFO]${NC}  $1"; }
log_ok()    { echo -e "${GREEN}[OK]${NC}    $1"; }
log_warn()  { echo -e "${YELLOW}[WARN]${NC}  $1"; }

# -----------------------------------------------------------------------------
# 1. Actualizar sistema
# -----------------------------------------------------------------------------
log_info "Actualizando paquetes del sistema..."
apt-get update && apt-get upgrade -y

# -----------------------------------------------------------------------------
# 2. Instalar dependencias basicas
# -----------------------------------------------------------------------------
log_info "Instalando dependencias..."
apt-get install -y \
    curl \
    wget \
    git \
    ufw \
    software-properties-common \
    apt-transport-https \
    ca-certificates \
    gnupg \
    lsb-release \
    jq \
    openssl

# -----------------------------------------------------------------------------
# 3. Instalar Docker
# -----------------------------------------------------------------------------
if ! command -v docker &> /dev/null; then
    log_info "Instalando Docker..."
    curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg
    echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null
    apt-get update
    apt-get install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
    systemctl enable docker
    systemctl start docker
    log_ok "Docker instalado."
else
    log_ok "Docker ya estaba instalado."
fi

# -----------------------------------------------------------------------------
# 4. Verificar Docker Compose v2
# -----------------------------------------------------------------------------
if ! docker compose version &> /dev/null; then
    log_error "Docker Compose v2 no disponible. Instalando..."
    apt-get install -y docker-compose-plugin
fi
log_ok "Docker Compose v2: $(docker compose version --short)"

# -----------------------------------------------------------------------------
# 5. Configurar firewall UFW
# -----------------------------------------------------------------------------
log_info "Configurando firewall..."
ufw default deny incoming
ufw default allow outgoing
ufw allow ssh
ufw allow 80/tcp
ufw allow 443/tcp
ufw --force enable
log_ok "Firewall configurado. Puertos permitidos: SSH, 80, 443"

# -----------------------------------------------------------------------------
# 6. Crear directorio del proyecto
# -----------------------------------------------------------------------------
PROJECT_DIR="/opt/project-afterlife"
mkdir -p "$PROJECT_DIR"
log_info "Directorio del proyecto: $PROJECT_DIR"

# -----------------------------------------------------------------------------
# 7. Generar secrets automaticos
# -----------------------------------------------------------------------------
log_info "Generando secrets para .env..."

GEN_KEY() { openssl rand -base64 32; }

SECRETS_FILE="/tmp/afterlife-secrets.txt"
{
    echo "# Secrets generados automaticamente el $(date)"
    echo "DATABASE_NAME=afterlife"
    echo "DATABASE_USERNAME=afterlife"
    echo "DATABASE_PASSWORD=$(GEN_KEY)"
    echo "APP_KEYS=$(GEN_KEY),$(GEN_KEY),$(GEN_KEY),$(GEN_KEY)"
    echo "API_TOKEN_SALT=$(GEN_KEY)"
    echo "ADMIN_JWT_SECRET=$(GEN_KEY)"
    echo "TRANSFER_TOKEN_SALT=$(GEN_KEY)"
    echo "JWT_SECRET=$(GEN_KEY)"
    echo "AUTHENTIK_SECRET_KEY=$(openssl rand -base64 60)"
    echo "AUTHENTIK_POSTGRES_PASSWORD=$(GEN_KEY)"
    echo "MINIO_ROOT_USER=afterlife"
    echo "MINIO_ROOT_PASSWORD=$(GEN_KEY)"
} > "$SECRETS_FILE"

log_ok "Secrets generados en: $SECRETS_FILE"
log_warn "COPIA estos valores a docker/.env antes de ejecutar install.sh"

# -----------------------------------------------------------------------------
# 8. Mostrar resumen
# -----------------------------------------------------------------------------
echo ""
echo "=========================================="
echo "  VM Principal — Setup Completado"
echo "=========================================="
echo ""
echo "Docker:        $(docker --version)"
echo "Docker Compose: $(docker compose version --short)"
echo "Git:           $(git --version)"
echo "UFW:           $(ufw status | head -1)"
echo ""
echo "Directorio:    $PROJECT_DIR"
echo "Secrets:       $SECRETS_FILE"
echo ""
echo "Proximos pasos:"
echo "  1. git clone https://git.consultoria-as.com/consultoria-as/project-afterlife.git $PROJECT_DIR"
echo "  2. cd $PROJECT_DIR"
echo "  3. cp docker/.env.example docker/.env"
echo "  4. Copia los secrets de $SECRETS_FILE a docker/.env"
echo "  5. Edita PUBLIC_STRAPI_URL, NEXT_PUBLIC_SITE_URL, etc."
echo "  6. ./scripts/install.sh main"
echo ""