#!/bin/bash
# Deployment Script for aliveawakeandrelativelyalert.com
# Features:
#  - Downloads JPG as default site
#  - Adds top caption, scrolling text, bottom-right footer
#  - Configures Apache for HTTP + HTTPS
#  - Adds .htaccess-based authentication + redirect fallback
#  - Installs Let's Encrypt SSL
#  - Forces HTTP -> HTTPS redirection

DOMAIN="aliveawakeandrelativelyalert.com"
WWW_DOMAIN="www.$DOMAIN"
WEBROOT="/var/www/html"
ADMIN_EMAIL="admin@$DOMAIN"

# Ensure root
if [ "$EUID" -ne 0 ]; then
  echo "Please run as root"
  exit 1
fi

echo "=== Step 1: Updating system and installing packages ==="
apt update && apt upgrade -y
apt install apache2 wget certbot python3-certbot-apache dnsutils curl apache2-utils fonts-liberation -y

echo "=== Step 2: Downloading default image ==="
wget -O "$WEBROOT/index.jpg" "http://165.227.213.169/david-dibert-z-gL7br3MTk-unsplash.jpg"

echo "=== Step 3: Creating HTML pages ==="
cat <<EOF > "$WEBROOT/index.html"
<html>
  <head>
    <title>$DOMAIN</title>
    <style>
      body { margin:0; padding:0; background:#000; color:#fff; font-family: 'Liberation Sans', Arial, sans-serif; }
      .caption { text-align:center; font-weight:bold; font-size:28pt; padding-top:72px; }
      .container { position:relative; width:100%; height:auto; }
      img.bg { width:100%; height:auto; display:block; }
      .scrolling { position:absolute; top:50%; left:0; width:100%; white-space:nowrap; overflow:hidden; }
      .scrolling span { display:inline-block; padding-left:100%; animation:scroll 12s linear infinite; font-size:20pt; font-weight:bold; color:yellow; }
      @keyframes scroll { from { transform:translateX(0); } to { transform:translateX(-100%);} }
      .footer { position:absolute; bottom:15px; right:15px; font-size:12pt; background:rgba(0,0,0,0.6); padding:6px 10px; border-radius:6px; }
      .journey { position:absolute; bottom:50px; right:15px; font-size:12pt; background:rgba(0,0,0,0.6); padding:6px 10px; border-radius:6px; }
      .journey a { color:#00ccff; text-decoration:none; font-weight:bold; }
      .journey a:hover { text-decoration:underline; }
    </style>
  </head>
  <body>
    <div class="caption">Aliveawakeandrelativelyalert!</div>
    <div class="container">
      <img src="index.jpg" class="bg">
      <div class="scrolling"><span>BitcoinPirates live!</span></div>
      <div class="journey"><a href="our-journey.html">Our Journey</a></div>
      <div class="footer">Affiliated with "Homesforcoin, LLC"</div>
    </div>
  </body>
</html>
EOF

cat <<EOF > "$WEBROOT/our-journey.html"
<html>
  <head><title>Our Journey - $DOMAIN</title></head>
  <body style="background:#111; color:#fff; font-family:'Liberation Sans',Arial,sans-serif; padding:40px;">
    <h1 style="text-align:center;font-size:32pt;">Our Journey</h1>
    <p style="text-align:center; font-size:14pt; max-width:800px; margin:auto;">
      Welcome to the journey of Aliveawakeandrelativelyalert!<br>
      July 10, 2025 was a “Day of Infamy”. More updates coming soon.
    </p>
    <div style="text-align:center;margin-top:40px;"><a href="index.html" style="color:#00ccff;font-weight:bold;">Back to Home</a></div>
  </body>
</html>
EOF

echo "=== Step 4: Creating Apache vhost ==="
cat <<EOF > /etc/apache2/sites-available/$DOMAIN.conf
<VirtualHost *:80>
    ServerName $DOMAIN
    ServerAlias $WWW_DOMAIN
    DocumentRoot $WEBROOT
</VirtualHost>
EOF

a2ensite $DOMAIN.conf
a2dissite 000-default.conf
systemctl reload apache2

echo "=== Step 5: Setting up .htaccess authentication + HTTPS redirect ==="
# Enable .htaccess overrides
cat <<EOF > /etc/apache2/conf-available/allow-htaccess.conf
<Directory $WEBROOT>
    AllowOverride All
</Directory>
EOF
a2enconf allow-htaccess
systemctl reload apache2

# Create .htpasswd
htpasswd -bc "$WEBROOT/.htpasswd" Charlesweinert GetLost26!

# Create .htaccess
cat <<EOF > "$WEBROOT/.htaccess"
# Force HTTPS
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

# Protect our-journey.html
<Files "our-journey.html">
AuthType Basic
AuthName "Restricted Area"
AuthUserFile $WEBROOT/.htpasswd
Require valid-user
</Files>

# Protect info.php and info.php/data (if added later)
<Files "info.php">
AuthType Basic
AuthName "Restricted Area"
AuthUserFile $WEBROOT/.htpasswd
Require valid-user
</Files>

<Files "data">
AuthType Basic
AuthName "Restricted Area"
AuthUserFile $WEBROOT/.htpasswd
Require valid-user
</Files>
EOF

echo "=== Step 6: Obtaining SSL certificate ==="
certbot --apache -d $DOMAIN -d $WWW_DOMAIN --non-interactive --agree-tos -m $ADMIN_EMAIL

echo "=== Step 7: Deployment Complete ==="
echo "HTTP:  http://$DOMAIN (will redirect)"
echo "HTTPS: https://$DOMAIN"