#!/usr/bin/env bash
# proxy-vm/scripts/install.sh
# Bootstrap script for fresh Ubuntu 24.04 VM.
set -euo pipefail

PROXY_DIR="/opt/proxy"
REPO_URL="https://github.com/YOUR_ORG/YOUR_REPO.git"  # TODO: replace with actual repo

echo "=== [1/6] Installing Docker and dependencies ==="
apt-get update -qq
apt-get install -y docker.io docker-compose-plugin git curl

echo "=== [2/6] Enabling Docker ==="
systemctl enable --now docker

echo "=== [3/6] Creating project directory ==="
mkdir -p "${PROXY_DIR}"

echo "=== [4/6] Cloning repository ==="
if [ -d "${PROXY_DIR}/.git" ]; then
    echo "Repository already exists, pulling latest..."
    git -C "${PROXY_DIR}" pull
else
    git clone "${REPO_URL}" "${PROXY_DIR}"
fi

echo "=== [5/6] Setting up .env ==="
cd "${PROXY_DIR}/proxy-vm"
if [ ! -f .env ]; then
    cp .env.example .env
    # Generate a random PROXY_SECRET
    GENERATED_SECRET=$(openssl rand -hex 32)
    sed -i "s/change-me-generate-with-openssl-rand-hex-32/${GENERATED_SECRET}/" .env
    echo ""
    echo ">>> .env created with auto-generated PROXY_SECRET"
    echo ">>> Edit /opt/proxy/proxy-vm/.env to set ALLOWED_CIDR"
    echo ""
else
    echo ".env already exists, skipping..."
fi

echo "=== [6/6] Starting containers ==="
docker compose up -d --build

echo ""
echo "=========================================="
echo " Proxy is running on port 8080"
echo " Health check: curl http://localhost:8080/health"
echo ""
echo " IMPORTANT: Edit ${PROXY_DIR}/proxy-vm/.env"
echo "   - Set ALLOWED_CIDR to your k8s cluster CIDR"
echo "   - Then run: docker compose restart"
echo "=========================================="