#!/bin/bash
set -e

INTERFACE_NAME="internal0"
PRIVATE_IP="10.94.195.1/24"
NETDEV_FILE="/etc/systemd/network/${INTERFACE_NAME}.netdev"
NETWORK_FILE="/etc/systemd/network/${INTERFACE_NAME}.network"
DOCKER_DAEMON_FILE="/etc/docker/daemon.json"
FIREWALLD_ZONE="trusted"
USER_NEW="username"
LOCALE_FILE="/etc/default/locale"

echo Adding new user with sudo privileges: $USER_NEW
sudo useradd -m $USER_NEW
sudo usermod -aG sudo $USER_NEW
sudo chsh -s /bin/sh $USER_NEW

sudo apt update && sudo apt install -y firewalld jq git net-tools

sudo tee $LOCALE_FILE > /dev/null <<EOF
LANG=en_US.UTF-8
LANGUAGE=en_US.UTF-8
LC_ALL=en_US.UTF-8
EOF
sudo locale-gen en_US.UTF-8
sudo update-locale LANG=en_US.UTF-8 LANGUAGE=en_US.UTF-8 LC_ALL=en_US.UTF-8


echo "Setting up firewall rules..."
sudo firewall-cmd --zone=public --add-port=80/tcp --permanent > /dev/null
sudo firewall-cmd --zone=public --add-port=443/tcp --permanent > /dev/null
sudo firewall-cmd --zone=public --add-port=25/tcp --permanent > /dev/null
sudo firewall-cmd --zone=public --add-port=465/tcp --permanent > /dev/null
sudo firewall-cmd --zone=public --add-port=587/tcp --permanent > /dev/null
sudo firewall-cmd --zone=public --add-port=8000/tcp --permanent > /dev/null
sudo firewall-cmd --zone=public --add-port=5000/tcp --permanent > /dev/null

sudo firewall-cmd --zone=public --add-port=500/udp --permanent > /dev/null
sudo firewall-cmd --zone=public --add-port=4500/udp --permanent > /dev/null

sudo firewall-cmd --zone=public --change-interface=ens6 --permanent
sudo firewall-cmd --permanent --zone=public --add-masquerade  > /dev/null
sudo firewall-cmd --set-default-zone=trusted

sudo firewall-cmd --reload
sudo firewall-cmd --get-default-zone

echo "Creating dummy interface: $INTERFACE_NAME"

# Create .netdev file
cat <<EOF | sudo tee "$NETDEV_FILE"
[NetDev]
Name=$INTERFACE_NAME
Kind=dummy
EOF

# Create .network file
cat <<EOF | sudo tee "$NETWORK_FILE"
[Match]
Name=$INTERFACE_NAME

[Network]
Address=$PRIVATE_IP
EOF

echo "Reloading systemd-networkd configuration..."

sudo systemctl restart systemd-networkd

# Wait for interface to be created
sleep 2

# Add interface to firewalld trusted zone
echo "Assigning interface to firewalld trusted zone..."
sudo firewall-cmd --zone=trusted --add-interface=$INTERFACE_NAME --permanent
sudo firewall-cmd --reload

echo "Done. Verifying..."

ip a show "$INTERFACE_NAME"
sudo firewall-cmd --get-active-zones

sudo update-alternatives --set iptables /usr/sbin/iptables-legacy
sudo update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy
sudo update-alternatives --set arptables /usr/sbin/arptables-legacy
sudo update-alternatives --set ebtables /usr/sbin/ebtables-legacy
sudo systemctl restart firewalld

echo "Installing Docker..."

sudo apt-get install ca-certificates curl
sudo install -m 0755 -d /etc/apt/keyrings
sudo curl -fsSL https://download.docker.com/linux/debian/gpg -o /etc/apt/keyrings/docker.asc
sudo chmod a+r /etc/apt/keyrings/docker.asc
echo \
  "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/debian \
  $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \
  sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
sudo apt-get update
sudo apt-get install -y docker-ce docker-ce-cli containerd.io \
    docker-buildx-plugin docker-compose-plugin docker-compose

sudo usermod -aG docker $USER_NEW

sudo mkdir -p /etc/docker
if [[ -f "$DOCKER_DAEMON_FILE" ]]; then
    if grep -q '"iptables": false' "$DOCKER_DAEMON_FILE"; then
        echo "Docker already configured to not use iptables."
    else
        echo "Adding iptables=false to existing daemon.json..."
        sudo jq '. + {iptables: false}' "$DOCKER_DAEMON_FILE" | sudo tee "$DOCKER_DAEMON_FILE" > /dev/null
    fi
else
    echo '{ "iptables": false }' | sudo tee "$DOCKER_DAEMON_FILE" > /dev/null
fi

docker network create \
  --driver=bridge \
  --subnet=172.32.97.0/24 \
  --gateway=172.32.97.1 \
  --attachable=true \
  --opt com.docker.network.bridge.name=backend \
  backend

sudo systemctl restart docker

echo "Creating symlink for python... if necessary"
command -v python >/dev/null 2>&1 || (PY3=$(command -v python3) && sudo ln -s "$PY3" /usr/bin/python && echo "Linked python -> $PY3") || echo "python3 not found"

sudo firewall-cmd --get-active-zones