#!/bin/bash

echo "Deployment Debian + Caddy + Directus + Nuxt"

if [ "$EUID" -ne 0 ]; then
  echo "Please run as root"
  exit
fi

#
# USER
#

echo "Create user"

read -p "Enter username: " username

if id "$username" &>/dev/null; then
    echo "User '$username' already exists."
    exit 1
fi

echo "Generate and store the password somewhere safe"
read -s -p "Enter password: " password
echo
useradd -m "$username"
chsh -s /bin/bash $username
echo "$username:$password" | chpasswd

usermod -aG sudo $username

echo "User '$username' created with password successfully."

#
# SSH
#

echo "Setup SSH"

touch /etc/ssh/sshd_config.d/custom.conf
echo "PermitRootLogin no" >> /etc/ssh/sshd_config.d/custom.conf
echo "PermitEmptyPasswords no" >> /etc/ssh/sshd_config.d/custom.conf
systemctl reload ssh

#
# FIREWALL AND FAIL2BAN
#

echo "Setup Firewall and Fail2Ban"
apt install -y ufw fail2ban
systemctl enable fail2ban
ufw allow ssh
ufw allow http
ufw allow https

#
# TODO : ZABBIX AND URBACKUP
#

echo "TODO : Zabbix and Urbackup"

#
# CADDY
#

echo "Install Caddy Webserver"
apt install -y debian-keyring debian-archive-keyring apt-transport-https curl
curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' | gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg
curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt' | tee /etc/apt/sources.list.d/caddy-stable.list
apt update
apt install -y caddy
caddy run