#!/bin/bash

# Server Setup Script for SolarBank IoT Dashboard
# This script prepares a fresh Ubuntu/Debian server for deployment

set -e

# Colors for output
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
NC='\033[0m' # No Color

print_status() {
    echo -e "${GREEN}[INFO]${NC} $1"
}

print_warning() {
    echo -e "${YELLOW}[WARNING]${NC} $1"
}

print_error() {
    echo -e "${RED}[ERROR]${NC} $1"
}

# Check if running as root
if [ "$EUID" -ne 0 ]; then
    print_error "Please run this script as root (use sudo)"
    exit 1
fi

print_status "Setting up server for SolarBank IoT Dashboard deployment..."

# Update system packages
print_status "Updating system packages..."
apt update && apt upgrade -y

# Install required packages
print_status "Installing required packages..."
apt install -y curl wget git htop ufw fail2ban

# Install Docker
print_status "Installing Docker..."
if ! command -v docker &> /dev/null; then
    curl -fsSL https://get.docker.com -o get-docker.sh
    sh get-docker.sh
    rm get-docker.sh
    
    # Add current user to docker group (if not root)
    if [ -n "$SUDO_USER" ]; then
        usermod -aG docker $SUDO_USER
        print_status "Added $SUDO_USER to docker group"
    fi
else
    print_status "Docker is already installed"
fi

# Install Docker Compose
print_status "Installing Docker Compose..."
if ! command -v docker-compose &> /dev/null; then
    curl -L "https://github.com/docker/compose/releases/latest/download/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
    chmod +x /usr/local/bin/docker-compose
else
    print_status "Docker Compose is already installed"
fi

# Configure firewall
print_status "Configuring firewall..."
ufw --force reset
ufw default deny incoming
ufw default allow outgoing
ufw allow ssh
ufw allow 80/tcp
ufw allow 443/tcp
ufw --force enable

# Configure fail2ban
print_status "Configuring fail2ban..."
cat > /etc/fail2ban/jail.local << EOF
[DEFAULT]
bantime = 3600
findtime = 600
maxretry = 3

[sshd]
enabled = true

[nginx-http-auth]
enabled = true

[nginx-limit-req]
enabled = true
EOF

systemctl enable fail2ban
systemctl restart fail2ban

# Create swap file if not exists and system has less than 4GB RAM
RAM_GB=$(free -g | awk '/^Mem:/{print $2}')
if [ $RAM_GB -lt 4 ] && [ ! -f /swapfile ]; then
    print_status "Creating 2GB swap file..."
    fallocate -l 2G /swapfile
    chmod 600 /swapfile
    mkswap /swapfile
    swapon /swapfile
    echo '/swapfile none swap sw 0 0' >> /etc/fstab
fi

# Optimize system for Docker
print_status "Optimizing system for Docker..."
echo 'vm.max_map_count=262144' >> /etc/sysctl.conf
sysctl -p

# Create application directory
print_status "Creating application directory..."
mkdir -p /opt/solarbank
chown $SUDO_USER:$SUDO_USER /opt/solarbank 2>/dev/null || true

# Setup log rotation
print_status "Setting up log rotation..."
cat > /etc/logrotate.d/solarbank << EOF
/opt/solarbank/logs/*.log {
    daily
    missingok
    rotate 30
    compress
    delaycompress
    notifempty
    create 644 root root
}
EOF

# Create systemd service for auto-start
print_status "Creating systemd service..."
cat > /etc/systemd/system/solarbank.service << EOF
[Unit]
Description=SolarBank IoT Dashboard
Requires=docker.service
After=docker.service

[Service]
Type=oneshot
RemainAfterExit=yes
WorkingDirectory=/opt/solarbank
ExecStart=/usr/local/bin/docker-compose -f docker-compose.prod.yml up -d
ExecStop=/usr/local/bin/docker-compose -f docker-compose.prod.yml down
TimeoutStartSec=0

[Install]
WantedBy=multi-user.target
EOF

systemctl daemon-reload
systemctl enable solarbank

print_status "==================================="
print_status "SERVER SETUP COMPLETED SUCCESSFULLY!"
print_status "==================================="
echo
print_status "Next steps:"
print_status "1. Clone your application repository to /opt/solarbank"
print_status "2. Configure your .env.prod file"
print_status "3. Run the deployment script"
echo
print_status "Example commands:"
print_status "cd /opt/solarbank"
print_status "git clone <your-repo-url> ."
print_status "cp environment.prod.example .env.prod"
print_status "nano .env.prod  # Edit with your configuration"
print_status "./scripts/deploy.sh"
echo
print_status "System information:"
print_status "- Docker version: $(docker --version)"
print_status "- Docker Compose version: $(docker-compose --version)"
print_status "- Available memory: $(free -h | grep '^Mem:' | awk '{print $7}')"
print_status "- Available disk space: $(df -h / | tail -1 | awk '{print $4}')"
echo
if [ -n "$SUDO_USER" ]; then
    print_warning "Please log out and log back in for Docker group permissions to take effect"
fi