#!/bin/bash
set -e

# =============================================================
# PasteVault - prepare-app.sh
# Provisions all Azure infrastructure and deploys the app.
#
# Prerequisites:
#   - Azure CLI installed and logged in (az login)
#   - .env file present in project root (copy from .env.example)
#   - SSH key at ~/.ssh/id_rsa
#
# Usage:
#   cd sk1/
#   bash scripts/prepare-app.sh
# =============================================================

echo "🔐 PasteVault — Starting full deployment..."

# ---------- CONFIGURATION ----------
RG="pastevault-rg"
VM_LOCATION="westeurope"
DB_LOCATION="northeurope"
VM_NAME="pastevault-vm"
VM_SIZE="Standard_D2s_v3"
VM_USER="azureuser"
DB_SERVER="pastevault-db"
DB_NAME="pastevault"
DB_USER="pvadmin"
STORAGE_ACCOUNT="pastevaultstorage"
SSH_KEY="$HOME/.ssh/id_rsa"

# ---------- CHECKS ----------
if [ ! -f .env ]; then
  echo "❌ .env file not found."
  echo "   Copy .env.example to .env and fill in DB_PASS and SECRET_KEY."
  exit 1
fi

source .env

if [ -z "$DB_PASS" ]; then
  echo "❌ DB_PASS is not set in .env"
  exit 1
fi

if [ ! -f "$SSH_KEY" ]; then
  echo "⚙️  No SSH key found. Generating one..."
  ssh-keygen -t rsa -b 4096 -f "$SSH_KEY" -N ""
fi

# ---------- RESOURCE GROUP ----------
echo ""
echo "1/6 — Creating resource group '$RG'..."
az group create \
  --name $RG \
  --location $VM_LOCATION \
  --output none
echo "     ✅ Resource group ready"

# ---------- VIRTUAL MACHINE ----------
echo ""
echo "2/6 — Creating VM ($VM_SIZE · 2 vCPU · 8GB RAM)..."
az vm create \
  --resource-group $RG \
  --name $VM_NAME \
  --image Ubuntu2204 \
  --size $VM_SIZE \
  --location $VM_LOCATION \
  --admin-username $VM_USER \
  --ssh-key-value "$SSH_KEY.pub" \
  --public-ip-sku Standard \
  --output none

az vm open-port --resource-group $RG --name $VM_NAME --port 80 --priority 1001 --output none
az vm open-port --resource-group $RG --name $VM_NAME --port 443 --priority 1002 --output none

VM_IP=$(az vm show -d -g $RG -n $VM_NAME --query publicIps -o tsv)
echo "     ✅ VM ready — IP: $VM_IP"

# ---------- POSTGRESQL ----------
echo ""
echo "3/6 — Creating PostgreSQL Flexible Server..."
az postgres flexible-server create \
  --resource-group $RG \
  --name $DB_SERVER \
  --location $DB_LOCATION \
  --admin-user $DB_USER \
  --admin-password "$DB_PASS" \
  --sku-name Standard_B1ms \
  --tier Burstable \
  --storage-size 32 \
  --version 15 \
  --yes \
  --output none

az postgres flexible-server db create \
  --resource-group $RG \
  --server-name $DB_SERVER \
  --database-name $DB_NAME \
  --output none

az postgres flexible-server firewall-rule create \
  --resource-group $RG \
  --name $DB_SERVER \
  --rule-name allow-vm \
  --start-ip-address $VM_IP \
  --end-ip-address $VM_IP \
  --output none

echo "     ✅ PostgreSQL ready — $DB_SERVER.postgres.database.azure.com"

# ---------- STORAGE ----------
echo ""
echo "4/6 — Creating storage account for backups..."
az storage account create \
  --name $STORAGE_ACCOUNT \
  --resource-group $RG \
  --location $DB_LOCATION \
  --sku Standard_LRS \
  --kind StorageV2 \
  --output none

az storage container create \
  --name backups \
  --account-name $STORAGE_ACCOUNT \
  --output none

echo "     ✅ Storage account ready"

# ---------- INSTALL DOCKER ON VM ----------
echo ""
echo "5/6 — Installing Docker on VM..."
ssh -i $SSH_KEY -o StrictHostKeyChecking=no $VM_USER@$VM_IP << 'ENDSSH'
sudo apt-get update -y -qq
sudo apt-get install -y -qq ca-certificates curl gnupg
sudo install -m 0755 -d /etc/apt/keyrings
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg
sudo chmod a+r /etc/apt/keyrings/docker.gpg
echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu $(. /etc/os-release && echo "$VERSION_CODENAME") stable" \
  | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
sudo apt-get update -y -qq
sudo apt-get install -y -qq docker-ce docker-ce-cli containerd.io docker-compose-plugin
sudo usermod -aG docker azureuser
ENDSSH
echo "     ✅ Docker installed"

# ---------- DEPLOY APP ----------
echo ""
echo "6/6 — Deploying PasteVault containers..."
ssh -i $SSH_KEY -o StrictHostKeyChecking=no $VM_USER@$VM_IP "mkdir -p ~/pastevault"

scp -i $SSH_KEY -o StrictHostKeyChecking=no -r \
  backend frontend docker-compose.yml .env \
  $VM_USER@$VM_IP:~/pastevault/

ssh -i $SSH_KEY -o StrictHostKeyChecking=no $VM_USER@$VM_IP << 'ENDSSH'
cd ~/pastevault
sudo docker compose build --no-cache
sudo docker compose up -d
sleep 8
sudo docker compose ps
ENDSSH

echo ""
echo "✅ ====================================================="
echo "   PasteVault is live!"
echo "   URL: http://$VM_IP"
echo ""
echo "   Next: Point your Cloudflare DNS A record to $VM_IP"
echo "   Then access via HTTPS at your domain."
echo "======================================================="