#!/usr/bin/env bash
set -euo pipefail

# ─────────────────────────────────────────────────────────────
#  Gitea Git Server — Fresh Server Install Script
# ─────────────────────────────────────────────────────────────
#  Run as root on a fresh Ubuntu/Debian server:
#    chmod +x install.sh && sudo ./install.sh
# ─────────────────────────────────────────────────────────────

# ── Configurable variables ──────────────────────────────────
GITEA_VERSION="${GITEA_VERSION:-1.25.5}"
HTTP_PORT="${HTTP_PORT:-3001}"
SSH_PORT="${SSH_PORT:-2222}"
ADMIN_USER="${ADMIN_USER:-developer}"
ADMIN_EMAIL="${ADMIN_EMAIL:-developer@localhost}"
MIN_RSA_KEY_SIZE="${MIN_RSA_KEY_SIZE:-2048}"

# ── Detect server IP ────────────────────────────────────────
SERVER_IP="${SERVER_IP:-$(hostname -I | awk '{print $1}')}"

# ── Preflight checks ────────────────────────────────────────
if [[ $EUID -ne 0 ]]; then
  echo "Error: This script must be run as root." >&2
  exit 1
fi

echo "============================================"
echo "  Gitea Git Server Installer"
echo "============================================"
echo "  Server IP:    ${SERVER_IP}"
echo "  HTTP Port:    ${HTTP_PORT}"
echo "  SSH Port:     ${SSH_PORT}"
echo "  Admin User:   ${ADMIN_USER}"
echo "  Gitea Ver:    ${GITEA_VERSION}"
echo "============================================"
echo ""

# ── 1. Install dependencies ─────────────────────────────────
echo "[1/7] Installing dependencies..."
apt-get update -qq
apt-get install -y -qq git wget openssh-server > /dev/null

# ── 2. Generate admin password ───────────────────────────────
echo "[2/7] Creating system user '${ADMIN_USER}'..."
ADMIN_PASS=$(openssl rand -base64 24)

if id "${ADMIN_USER}" &>/dev/null; then
  echo "  User '${ADMIN_USER}' already exists, updating password."
else
  useradd -m -s /bin/bash "${ADMIN_USER}"
fi
echo "${ADMIN_USER}:${ADMIN_PASS}" | chpasswd

# Save credentials
CRED_FILE="/home/${ADMIN_USER}/.password"
cat > "${CRED_FILE}" <<EOF
${ADMIN_USER}:${ADMIN_PASS}
EOF
chmod 600 "${CRED_FILE}"
chown "${ADMIN_USER}:${ADMIN_USER}" "${CRED_FILE}"

# Configure git for the user
su - "${ADMIN_USER}" -c "
  git config --global user.name '${ADMIN_USER}'
  git config --global user.email '${ADMIN_EMAIL}'
  git config --global init.defaultBranch main
"

# ── 3. Download Gitea ────────────────────────────────────────
echo "[3/7] Downloading Gitea v${GITEA_VERSION}..."
ARCH=$(uname -m)
case "${ARCH}" in
  x86_64)  GITEA_ARCH="linux-amd64" ;;
  aarch64) GITEA_ARCH="linux-arm64" ;;
  armv7l)  GITEA_ARCH="linux-armv6" ;;
  *)       echo "Unsupported architecture: ${ARCH}" >&2; exit 1 ;;
esac

wget -q -O /usr/local/bin/gitea \
  "https://dl.gitea.com/gitea/${GITEA_VERSION}/gitea-${GITEA_VERSION}-${GITEA_ARCH}"
chmod +x /usr/local/bin/gitea

# ── 4. Create Gitea system user & directories ────────────────
echo "[4/7] Setting up Gitea directories..."
if ! id gitea &>/dev/null; then
  adduser --system --shell /bin/bash --group --disabled-password --home /home/gitea gitea
fi

mkdir -p /var/lib/gitea/{custom,data,log}
mkdir -p /etc/gitea
chown -R gitea:gitea /var/lib/gitea
chown root:gitea /etc/gitea
chmod 770 /etc/gitea

# ── 5. Write configuration ───────────────────────────────────
echo "[5/7] Writing Gitea configuration..."
cat > /etc/gitea/app.ini <<EOF
WORK_PATH = /var/lib/gitea

[server]
DOMAIN             = ${SERVER_IP}
HTTP_PORT          = ${HTTP_PORT}
ROOT_URL           = http://${SERVER_IP}:${HTTP_PORT}/
SSH_DOMAIN         = ${SERVER_IP}
DISABLE_SSH        = false
SSH_PORT           = ${SSH_PORT}
START_SSH_SERVER   = true
LFS_START_SERVER   = true

[database]
DB_TYPE  = sqlite3
PATH     = /var/lib/gitea/data/gitea.db

[repository]
ROOT = /var/lib/gitea/data/gitea-repositories

[security]
INSTALL_LOCK = true

[service]
DISABLE_REGISTRATION = false

[log]
MODE  = console
LEVEL = Info

[ssh.minimum_key_sizes]
RSA = ${MIN_RSA_KEY_SIZE}

[migrations]
ALLOW_LOCAL_NETWORKS = true
EOF

chown gitea:gitea /etc/gitea/app.ini
chmod 660 /etc/gitea/app.ini

# ── 6. Create systemd service ────────────────────────────────
echo "[6/7] Creating systemd service..."
cat > /etc/systemd/system/gitea.service <<'EOF'
[Unit]
Description=Gitea (Git with a cup of tea)
After=syslog.target
After=network.target

[Service]
RestartSec=2s
Type=simple
User=gitea
Group=gitea
WorkingDirectory=/var/lib/gitea/
ExecStart=/usr/local/bin/gitea web --config /etc/gitea/app.ini
Restart=always
Environment=USER=gitea HOME=/home/gitea GITEA_WORK_DIR=/var/lib/gitea

[Install]
WantedBy=multi-user.target
EOF

systemctl daemon-reload
systemctl enable --now gitea
sleep 3

if ! systemctl is-active --quiet gitea; then
  echo "Error: Gitea failed to start. Check: journalctl -u gitea" >&2
  exit 1
fi

# ── 7. Create admin user ─────────────────────────────────────
echo "[7/7] Creating Gitea admin user..."
su -s /bin/bash gitea -c "
  GITEA_WORK_DIR=/var/lib/gitea gitea admin user create \
    --admin \
    --username '${ADMIN_USER}' \
    --password '${ADMIN_PASS}' \
    --email '${ADMIN_EMAIL}' \
    --config /etc/gitea/app.ini
" 2>&1

su -s /bin/bash gitea -c "
  GITEA_WORK_DIR=/var/lib/gitea gitea admin user must-change-password \
    --all --unset --config /etc/gitea/app.ini
" 2>&1

# ── Done ──────────────────────────────────────────────────────
echo ""
echo "============================================"
echo "  Gitea installed successfully!"
echo "============================================"
echo ""
echo "  Web UI:       http://${SERVER_IP}:${HTTP_PORT}"
echo "  SSH Clone:    ssh://gitea@${SERVER_IP}:${SSH_PORT}/<user>/<repo>.git"
echo "  HTTP Clone:   http://${SERVER_IP}:${HTTP_PORT}/<user>/<repo>.git"
echo ""
echo "  Admin User:   ${ADMIN_USER}"
echo "  Password:     ${ADMIN_PASS}"
echo "  Credentials:  ${CRED_FILE}"
echo ""
echo "  Config:       /etc/gitea/app.ini"
echo "  Service:      systemctl {start|stop|restart} gitea"
echo "  Logs:         journalctl -u gitea -f"
echo ""
echo "  Make sure ports ${HTTP_PORT} and ${SSH_PORT} are open in your firewall."
echo "============================================"