#!/bin/bash

set -euo pipefail

USERNAME="skulladmin"
SSH_KEY_URL="https://skulldev.de/kevinheyer/trusted-ssh-keys/raw/branch/main/trusted_ssh_keys"
SSH_DIR="/home/$USERNAME/.ssh"

echo "[+] Creating user '$USERNAME' if it doesn't exist..."
if ! id "$USERNAME" &>/dev/null; then
    useradd -m -s /bin/bash "$USERNAME"
fi

echo "[+] Setting up SSH directory..."
mkdir -p "$SSH_DIR"
curl -fsSL "$SSH_KEY_URL" -o "$SSH_DIR/authorized_keys"
chown -R "$USERNAME:$USERNAME" "$SSH_DIR"
chmod 700 "$SSH_DIR"
chmod 600 "$SSH_DIR/authorized_keys"

echo "[+] Adding user to sudo group..."
usermod -aG sudo "$USERNAME"

echo "[+] Configuring passwordless sudo for $USERNAME..."
echo "$USERNAME ALL=(ALL) NOPASSWD:ALL" > "/etc/sudoers.d/$USERNAME"
chmod 440 "/etc/sudoers.d/$USERNAME"

echo "[+] Disabling SSH root login..."
sed -i 's/^#*PermitRootLogin.*/PermitRootLogin no/' /etc/ssh/sshd_config
systemctl restart sshd

echo "[+] Setting timezone to Europe/Berlin..."
timedatectl set-timezone Europe/Berlin

echo "[+] Waiting for dpkg lock to be released..."
while fuser /var/lib/dpkg/lock-frontend >/dev/null 2>&1; do
    sleep 3
done

echo "[+] Updating package list and installing essential packages..."
apt-get update -y
apt-get install -y sudo curl wget gnupg lsb-release software-properties-common

echo "[✓] Bootstrap complete."