#!/bin/bash
set -e
echo "=== Gigafibre Infrastructure Setup ==="

# 1. Docker
if ! command -v docker &>/dev/null; then
  echo "Installing Docker..."
  apt-get update && apt-get install -y ca-certificates curl gnupg
  install -m 0755 -d /etc/apt/keyrings
  curl -fsSL https://download.docker.com/linux/debian/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg
  echo "deb [arch=amd64 signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/debian bookworm stable" > /etc/apt/sources.list.d/docker.list
  apt-get update && apt-get install -y docker-ce docker-ce-cli containerd.io docker-compose-plugin
fi

# 2. Security
apt-get install -y ufw fail2ban
cp system/jail.local /etc/fail2ban/jail.local 2>/dev/null
systemctl enable --now fail2ban
ufw default deny incoming && ufw default allow outgoing
ufw allow 22/tcp && ufw allow 80/tcp && ufw allow 443/tcp
ufw allow 1883/tcp && ufw allow 9292/tcp
echo "y" | ufw enable

# 3. Network
cp system/*.network /etc/systemd/network/
systemctl restart systemd-networkd

# 4. Docker network
docker network create proxy 2>/dev/null || true

# 5. Traefik
cd /opt/infra && docker compose -f traefik/docker-compose.yml up -d

# 6. Apps
docker compose -f apps/docker-compose.yml up -d

# 7. Oktopus
docker compose -f oktopus/docker-compose.yml up -d

# 8. Traefik Hub
cd traefik-hub && docker build -t traefik-hub:latest . && cd ..
docker compose -f traefik-hub/docker-compose.yml up -d

echo "=== Setup complete ==="
echo "Hub: https://hub.gigafibre.ca"
echo "OSS: https://oss.gigafibre.ca"
echo "Git: https://git.gigafibre.ca"