#!/bin/bash
set -euo pipefail

# Check for root privileges
if [ "$(id -u)" -ne 0 ]; then
    echo "[✗] Dieses Skript muss als root oder via sudo ausgeführt werden." >&2
    exit 1
fi

USERNAME="skulladmin"
SSH_KEY_URL="https://skulldev.de/Skull-IT/trusted-ssh-keys/raw/branch/main/trusted-ssh-keys"
SSH_DIR="/home/$USERNAME/.ssh"

echo "[+] Updating package list and installing essential packages..."
apt-get update -y
apt-get install -y sudo curl wget gnupg lsb-release software-properties-common

echo "[+] Setting up SSH directory..."
mkdir -p "$SSH_DIR"
curl -fsSL "$SSH_KEY_URL" -o "$SSH_DIR/authorized_keys"
chown -R "$USERNAME:$USERNAME" "$SSH_DIR"
chmod 700 "$SSH_DIR"
chmod 600 "$SSH_DIR/authorized_keys"

echo "[+] Adding user to sudo group..."
usermod -aG sudo "$USERNAME"

echo "[+] Configuring passwordless sudo for $USERNAME..."
mkdir -p /etc/sudoers.d
echo "$USERNAME ALL=(ALL) NOPASSWD:ALL" > "/etc/sudoers.d/$USERNAME"
chmod 440 "/etc/sudoers.d/$USERNAME"

echo "[+] Setting timezone to Europe/Berlin..."
timedatectl set-timezone Europe/Berlin

echo "[+] Waiting for dpkg lock to be released..."
while fuser /var/lib/dpkg/lock-frontend >/dev/null 2>&1; do
    sleep 3
done

echo "[✓] Bootstrap complete."