#!/bin/bash
# Base Provisioning — ThinkCentre 1 + 2
# Run as target user (secondclaw) with NOPASSWD sudo
# Usage: bash provision.sh

set -e

echo "=== ZeitAnker ThinkCentre Base Provisioning ==="

echo "[1/6] System update..."
sudo apt-get update -qq
sudo apt-get upgrade -y -qq
sudo apt-get install -y -qq \
  curl wget git unzip build-essential \
  htop tmux vim jq \
  lighttpd \
  ca-certificates gnupg lsb-release

echo "[2/6] Node.js 22 (LTS)..."
if ! command -v node &>/dev/null; then
  curl -fsSL https://deb.nodesource.com/setup_22.x | sudo -E bash -
  sudo apt-get install -y nodejs
fi
node --version
npm --version

echo "[3/6] Docker (if not installed)..."
if ! command -v docker &>/dev/null; then
  curl -fsSL https://get.docker.com | sh
  sudo usermod -aG docker "$USER"
fi
docker --version

echo "[4/6] PM2..."
npm install -g pm2 2>/dev/null || true
pm2 --version

echo "[5/6] lighttpd APK Server..."
sudo mkdir -p /var/www/downloads
sudo chown "$USER:$USER" /var/www/downloads
sudo tee /etc/lighttpd/lighttpd.conf > /dev/null << 'EOF'
server.modules = ( "mod_dirlisting" )
server.document-root = "/var/www/downloads"
server.port = 8080
dir-listing.activate = "enable"
mimetype.assign = (
  ".apk" => "application/vnd.android.package-archive",
  ".html" => "text/html",
)
EOF
sudo systemctl enable lighttpd
sudo systemctl restart lighttpd

echo "[6/6] SSH key (from Pi)..."
mkdir -p ~/.ssh && chmod 700 ~/.ssh
# Pi's public key — allows Otto to SSH in without password
PI_KEY="ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP0AOGdfsP2pewLTZ5yq9podhDaPinPqLeI148tecY5o ottobringts@gmail.com"
grep -qF "$PI_KEY" ~/.ssh/authorized_keys 2>/dev/null || echo "$PI_KEY" >> ~/.ssh/authorized_keys
chmod 600 ~/.ssh/authorized_keys

echo ""
echo "=== Provisioning complete ==="
echo "Node: $(node --version)"
echo "Docker: $(docker --version)"
echo "PM2: $(pm2 --version)"
echo "lighttpd: http://$(hostname -I | awk '{print $1}'):8080"
echo ""
echo "Next steps:"
echo "  Android: bash android/setup.sh"
echo "  Ollama:  bash ollama/setup.sh"
echo "  OpenClaw (TC2 only): npm install -g openclaw && openclaw setup"