#!/bin/bash
# A bootstrap script for Ubuntu on DigitalOcean

set -eu
trap 'echo "Error on line $LINENO"; exit 1' ERR

echo "Starting bootstrap setup..."

# Update system and install required packages
echo "Updating system and installing required packages..."
apt-get update && apt-get upgrade -y
apt-get install -y make git pwgen htop lnav wget curl openssl rsync ufw \
  apt-transport-https ca-certificates gnupg-agent software-properties-common

# Configure locale
echo "Configuring locales..."
locale-gen en_GB.UTF-8 en_US.UTF-8

# Create user
echo "Enter your desired username:"
read -r USER_NAME
if id "${USER_NAME}" &>/dev/null; then
  echo "User '${USER_NAME}' already exists!"
else
  adduser --disabled-password --gecos "" "${USER_NAME}"
  usermod -aG sudo "${USER_NAME}"
  echo "User '${USER_NAME}' created and added to sudo group."
fi

# Generate and set password
USER_PASSWORD="$(pwgen -r ',;' -s 25 -y)"
echo -e "Generated password for ${USER_NAME}: \e[34m${USER_PASSWORD}\e[0m. \e[91mSave it securely!\e[0m"
echo "${USER_NAME}:${USER_PASSWORD}" | chpasswd

# Sync root's .ssh to user
echo "Syncing SSH configuration..."
rsync --archive --chown="${USER_NAME}":"${USER_NAME}" ~/.ssh "/home/${USER_NAME}"

# Configure SSH
echo "Configuring SSH..."
if grep -q "PermitRootLogin yes" /etc/ssh/sshd_config; then
  sed -i 's/PermitRootLogin yes/PermitRootLogin no/' /etc/ssh/sshd_config
fi
if ! grep -q "PasswordAuthentication no" /etc/ssh/sshd_config; then
  echo "PasswordAuthentication no" >> /etc/ssh/sshd_config
fi
systemctl restart ssh

# Configure firewall
echo "Setting up UFW firewall..."
ufw --force enable
ufw default deny incoming
ufw default allow outgoing
ufw allow 22/tcp
ufw allow 80/tcp
ufw allow 443/tcp
echo "UFW configuration completed."

# Install Docker
echo "Installing Docker..."
apt-get update
apt-get install -y ca-certificates curl
install -m 0755 -d /etc/apt/keyrings
curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc
chmod a+r /etc/apt/keyrings/docker.asc

# Add Docker repository
echo \
  "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu \
  $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \
  tee /etc/apt/sources.list.d/docker.list > /dev/null

apt-get update
apt-get install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
groupadd -f docker
usermod -aG docker "${USER_NAME}"
echo "Docker installation completed."

# Docker Compose Plugin Verification
docker --version
docker compose version

echo "Bootstrap setup complete!"