#!/usr/bin/env bash
# Run once on a fresh server to prepare it for Catalyst deployments.
# Usage: bash setup.sh <deploy-public-key>
# Example: bash setup.sh "ssh-ed25519 AAAA... gitea-actions"
set -euo pipefail

DEPLOY_KEY="${1:?usage: setup.sh <deploy-public-key>}"

echo "==> Installing Node.js"
curl -fsSL https://deb.nodesource.com/setup_lts.x | bash -
apt-get install -y nodejs

echo "==> Installing PM2"
npm install -g pm2
pm2 startup systemd -u deploy --hp /home/deploy | tail -1 | bash

echo "==> Creating app directory"
mkdir -p /srv/catalyst
chown -R deploy:deploy /srv/catalyst

echo "==> Creating deploy user"
if ! id -u deploy &>/dev/null; then
    useradd -m -s /bin/bash deploy
fi

DEPLOY_SSH_DIR="/home/deploy/.ssh"
mkdir -p "$DEPLOY_SSH_DIR"
echo "$DEPLOY_KEY" >> "$DEPLOY_SSH_DIR/authorized_keys"
chmod 700 "$DEPLOY_SSH_DIR"
chmod 600 "$DEPLOY_SSH_DIR/authorized_keys"
chown -R deploy:deploy "$DEPLOY_SSH_DIR"

echo ""
echo "Done. Add these secrets to your Gitea repo:"
echo "  DEPLOY_HOST    → (your Tailscale IP or hostname)"
echo "  DEPLOY_USER    → deploy"
echo "  DEPLOY_SSH_KEY → (the private key paired with the public key you provided)"
echo "  DEPLOY_SSH_PORT → 22"
echo ""
echo "Catalyst will be served on port 3000."