#!/bin/bash
# CT150 Privacy Gateway Deployment Script
# Ausführen auf Proxmox Host: bash deploy-ct150.sh

set -e

CTID=150
HOSTNAME="privacy-gateway"
IP="192.168.0.150/22"
GW="192.168.0.1"

echo "=== CT150 Privacy Gateway Deployment ==="

# Prüfe ob CT existiert
if pct status $CTID >/dev/null 2>&1; then
    echo "CT $CTID existiert bereits. Lösche..."
    pct stop $CTID 2>/dev/null || true
    pct destroy $CTID
fi

# Lade Debian 12 Template falls nicht vorhanden
TEMPLATE="local:vztmpl/debian-12-standard_12.7-1_amd64.tar.zst"
if ! pveam list local | grep -q "debian-12"; then
    echo "Lade Debian 12 Template..."
    pveam download local debian-12-standard_12.7-1_amd64.tar.zst
fi

# Erstelle CT
echo "Erstelle Container $CTID..."
pct create $CTID $TEMPLATE \
    --hostname $HOSTNAME \
    --storage local-zfs \
    --rootfs 32G \
    --memory 8192 \
    --cores 4 \
    --net0 name=eth0,bridge=vmbr0,ip=$IP,gw=$GW \
    --unprivileged 1 \
    --features nesting=1 \
    --onboot 1

# Starte CT
echo "Starte Container..."
pct start $CTID
sleep 5

# Warte auf Netzwerk
until pct exec $CTID -- ping -c 1 192.168.0.1 >/dev/null 2>&1; do
    echo "Warte auf Netzwerk..."
    sleep 2
done

# Installiere Basis-Pakete
echo "Installiere Pakete..."
pct exec $CTID -- bash -c "
    apt-get update
    apt-get install -y curl wget git nginx ca-certificates gnupg
    
    # Docker installieren
    install -m 0755 -d /etc/apt/keyrings
    curl -fsSL https://download.docker.com/linux/debian/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg
    chmod a+r /etc/apt/keyrings/docker.gpg
    
    echo \"deb [arch=amd64 signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/debian bookworm stable\" > /etc/apt/sources.list.d/docker.list
    
    apt-get update
    apt-get install -y docker-ce docker-ce-cli containerd.io docker-compose-plugin
    
    # Docker Compose (Plugin)
    apt-get install -y docker-compose-plugin
"

# Erstelle Verzeichnis
echo "Erstelle Projekt-Verzeichnis..."
pct exec $CTID -- mkdir -p /opt/privacy-gateway
echo "Container $CTID bereit. Kopiere jetzt das Projekt:"
echo "  scp -r privacy-gateway/* root@192.168.0.150:/opt/privacy-gateway/"
echo ""
echo "Dann starte mit:"
echo "  ssh root@192.168.0.150 'cd /opt/privacy-gateway && docker compose up -d'"