#!/usr/bin/env bash
set -euo pipefail

APP_USER="${APP_USER:-skola}"
APP_DIR="${APP_DIR:-/opt/skola/current}"
ENV_DIR="${ENV_DIR:-/etc/skola}"
ENV_FILE="${ENV_FILE:-$ENV_DIR/skola-api.env}"
DB_NAME="${SKOLA_DB_NAME:-skola}"
DB_USER="${SKOLA_DB_USER:-skola_app}"
DB_PASSWORD="${SKOLA_DB_PASSWORD:-}"

if [[ $EUID -ne 0 ]]; then
  echo "Run this script with sudo: sudo bash deploy/ec2/bootstrap-ubuntu.sh"
  exit 1
fi

if [[ -z "$DB_PASSWORD" ]]; then
  read -r -s -p "MariaDB password for $DB_USER: " DB_PASSWORD
  echo
fi

echo "Installing system packages..."
apt-get update
apt-get install -y ca-certificates curl gnupg git nginx mariadb-server

if ! command -v node >/dev/null 2>&1 || [[ "$(node --version | sed 's/^v//' | cut -d. -f1)" -lt 20 ]]; then
  echo "Installing Node.js 20..."
  mkdir -p /etc/apt/keyrings
  curl -fsSL https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key \
    | gpg --dearmor -o /etc/apt/keyrings/nodesource.gpg
  echo "deb [signed-by=/etc/apt/keyrings/nodesource.gpg] https://deb.nodesource.com/node_20.x nodistro main" \
    > /etc/apt/sources.list.d/nodesource.list
  apt-get update
  apt-get install -y nodejs
fi

if ! id "$APP_USER" >/dev/null 2>&1; then
  useradd --system --create-home --shell /bin/bash "$APP_USER"
fi

mkdir -p /opt/skola "$ENV_DIR"
chown -R "$APP_USER:$APP_USER" /opt/skola
chmod 750 "$ENV_DIR"

echo "Configuring MariaDB database and user..."
systemctl enable --now mariadb
mariadb <<SQL
CREATE DATABASE IF NOT EXISTS \`$DB_NAME\` CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
CREATE USER IF NOT EXISTS '$DB_USER'@'localhost' IDENTIFIED BY '$DB_PASSWORD';
ALTER USER '$DB_USER'@'localhost' IDENTIFIED BY '$DB_PASSWORD';
GRANT ALL PRIVILEGES ON \`$DB_NAME\`.* TO '$DB_USER'@'localhost';
FLUSH PRIVILEGES;
SQL

if [[ ! -f "$ENV_FILE" ]]; then
  cp "$APP_DIR/deploy/ec2/env.production.example" "$ENV_FILE"
  sed -i "s/^SKOLA_DB_USER=.*/SKOLA_DB_USER=$DB_USER/" "$ENV_FILE"
  sed -i "s/^SKOLA_DB_PASSWORD=.*/SKOLA_DB_PASSWORD=$DB_PASSWORD/" "$ENV_FILE"
  sed -i "s/^SKOLA_DB_NAME=.*/SKOLA_DB_NAME=$DB_NAME/" "$ENV_FILE"
  chmod 640 "$ENV_FILE"
  chown root:"$APP_USER" "$ENV_FILE"
  echo "Created $ENV_FILE. Edit secrets before starting the service."
else
  echo "$ENV_FILE already exists; leaving it unchanged."
fi

cp "$APP_DIR/deploy/ec2/skola-api.service" /etc/systemd/system/skola-api.service
cp "$APP_DIR/deploy/ec2/nginx-skola-api.conf" /etc/nginx/sites-available/skola-api
ln -sfn /etc/nginx/sites-available/skola-api /etc/nginx/sites-enabled/skola-api
rm -f /etc/nginx/sites-enabled/default
nginx -t

systemctl daemon-reload
systemctl enable skola-api
systemctl enable --now nginx

echo "Bootstrap complete."
echo "Next: edit $ENV_FILE, then run: sudo bash $APP_DIR/deploy/ec2/deploy.sh"