#!/usr/bin/env bash
# scripts/post-install.sh
# Runs inside the installed system after base Ubuntu install.
# Called by autoinstall late-commands as: curtin in-target -- bash /post-install.sh

set -euo pipefail

GREEN='\033[0;32m'
YELLOW='\033[1;33m'
RED='\033[0;31m'
NC='\033[0m'
info() { echo -e "${GREEN}[+]${NC} $*"; }
warn() { echo -e "${YELLOW}[!]${NC} $*"; }
error() {
  echo -e "${RED}[✗]${NC} $*"
  exit 1
}

# ─── DOCKER ──────────────────────────────────────────────────────────────────
info "Installing Docker..."
install -m 0755 -d /etc/apt/keyrings
curl -fsSL https://download.docker.com/linux/ubuntu/gpg |
  gpg --dearmor -o /etc/apt/keyrings/docker.gpg
chmod a+r /etc/apt/keyrings/docker.gpg

echo \
  "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] \
  https://download.docker.com/linux/ubuntu \
  $(. /etc/os-release && echo "$VERSION_CODENAME") stable" \
  >/etc/apt/sources.list.d/docker.list

apt-get update -qq
apt-get install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin

usermod -aG docker alfoldi
systemctl enable docker
info "Docker installed."

# ─── HIMMELBLAU (Azure Entra ID) ─────────────────────────────────────────────
info "Installing Himmelblau..."
curl -fsSL https://packages.himmelblau-idm.org/stable/himmelblau.list |
  tee /etc/apt/sources.list.d/himmelblau.list
apt-get update -qq
apt-get install -y himmelblau himmelblau-sshd-config
info "Himmelblau installed."

# ─── NIX + HOME-MANAGER ──────────────────────────────────────────────────────
info "Installing Nix (single-user) for alfoldi..."
sudo -u alfoldi bash -c \
  "curl -L https://nixos.org/nix/install | sh -s -- --no-daemon"

info "Adding home-manager channel..."
sudo -u alfoldi bash -c "
  source /home/alfoldi/.nix-profile/etc/profile.d/nix.sh
  nix-channel --add https://github.com/nix-community/home-manager/archive/release-24.05.tar.gz home-manager
  nix-channel --update
"

info "Installing home-manager..."
sudo -u alfoldi bash -c "
  source /home/alfoldi/.nix-profile/etc/profile.d/nix.sh
  nix-shell '<home-manager>' -A install
"
info "Nix + home-manager installed."

# ─── SSH ─────────────────────────────────────────────────────────────────────
info "Enabling SSH..."
systemctl enable ssh

# ─── SUDO (passwordless for alfoldi) ─────────────────────────────────────────
info "Configuring sudoers..."
echo 'alfoldi ALL=(ALL) NOPASSWD:ALL' >/etc/sudoers.d/alfoldi
chmod 440 /etc/sudoers.d/alfoldi

info "Post-install complete ✓"