#!/bin/bash

RED='\033[1;31m'
BOLD='\033[1m'
RESET='\033[0m'

echo -e "${RED}${BOLD}Deployment Debian + Caddy + Directus + Nuxt${RESET}"

if [ "$EUID" -ne 0 ]; then
  echo "Please run as root"
  exit
fi

#
# USER
#
echo -e "${RED}${BOLD}Create a user ? (y/n) ${RESET}"
read answer
if [[ "$answer" == "y" ]]; then
    echo -e "${RED}${BOLD}Create user${RESET}"

    read -p "Enter username: " username

    if id "$username" &>/dev/null; then
        echo "User '$username' already exists."
        exit 1
    fi

    echo -e "${RED}${BOLD}Generate and store the password somewhere safe${RESET}"
    read -s -p "Enter password: " password
    echo
    useradd -m "$username"
    chsh -s /bin/bash $username
    echo "$username:$password" | chpasswd

    usermod -aG sudo $username

    echo -e "${RED}${BOLD}User '$username' created with password successfully.${RESET}"
fi

#
# SSH
#
echo -e "${RED}${BOLD}Setup SSH ? (y/n) ${RESET}"
read answer
if [[ "$answer" == "y" ]]; then
    echo -e "${RED}${BOLD}Setup SSH${RESET}"

    touch /etc/ssh/sshd_config.d/custom.conf
    echo "PermitRootLogin no" >> /etc/ssh/sshd_config.d/custom.conf
    echo "PermitEmptyPasswords no" >> /etc/ssh/sshd_config.d/custom.conf
    systemctl reload ssh
fi

#
# FIREWALL AND FAIL2BAN
#
echo -e "${RED}${BOLD}Setup Firewall and Fail2ban ? (y/n) ${RESET}"
read answer
if [[ "$answer" == "y" ]]; then
    echo -e "${RED}${BOLD}Setup Firewall and Fail2ban${RESET}"
    apt install -y ufw fail2ban
    systemctl enable fail2ban
    ufw allow ssh
    ufw allow http
    ufw allow https
fi

#
# TODO : ZABBIX AND URBACKUP
#

echo -e "${RED}${BOLD}TODO : Zabbix and Urbackup${RESET}"

#
# CADDY
#
echo -e "${RED}${BOLD}Install Caddy webserver ? (y/n) ${RESET}"
read answer
if [[ "$answer" == "y" ]]; then
    echo -e "${RED}${BOLD}Install Caddy Webserver${RESET}"
    apt install -y debian-keyring debian-archive-keyring apt-transport-https curl
    curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' | gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg
    curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt' | tee /etc/apt/sources.list.d/caddy-stable.list
    apt update
    apt install -y caddy
fi