#!/usr/bin/env bash
#
# VCS Akademia — Level 1 / CH 1: System update & first survey
# https://vcs-akademia.net/kurz/level-1/system-update
#
# Idempotentný skript pre prvú aktualizáciu nového servera.
# Identifikuje systém, urobí baseline survey, aktualizuje balíky,
# vyčistí cache, vytvorí /root/server-baseline.txt
#
# Podporované distribúcie: Ubuntu (20.04+), Debian (11+)
#
# Spustenie:
#   curl -sL https://vcs-akademia.net/script/level-1/system-update/setup-system-update.sh | bash

set -euo pipefail

# ----- farbenie výstupu -----
RED='\033[0;31m'
GRN='\033[0;32m'
YLW='\033[0;33m'
BLU='\033[0;34m'
NC='\033[0m' # no color

step()  { echo -e "\n${BLU}==>${NC} $*"; }
ok()    { echo -e "${GRN}✓${NC} $*"; }
warn()  { echo -e "${YLW}!${NC} $*"; }
err()   { echo -e "${RED}✗${NC} $*" >&2; }

# ----- pre-flight checks -----

if [[ $EUID -ne 0 ]]; then
    err "Tento skript musí bežať ako root."
    err "Skús: sudo bash <(curl -sL ...)"
    exit 1
fi

if [[ ! -f /etc/os-release ]]; then
    err "Súbor /etc/os-release neexistuje."
    err "Tento skript funguje iba na Ubuntu/Debian."
    exit 1
fi

# shellcheck source=/dev/null
. /etc/os-release

case "${ID:-}" in
    ubuntu|debian)
        ok "Detekovaná distribúcia: ${PRETTY_NAME:-$ID}"
        ;;
    *)
        err "Distribúcia '${ID:-unknown}' nie je podporovaná."
        err "Tento skript funguje iba na Ubuntu/Debian."
        exit 1
        ;;
esac

# ----- baseline file -----

BASELINE="/root/server-baseline.txt"
TIMESTAMP=$(date -u +"%Y-%m-%d %H:%M:%S UTC")

step "Vytváram baseline survey: $BASELINE"

{
    echo "==============================================="
    echo "  VCS Akademia — Server baseline"
    echo "  Vygenerované: $TIMESTAMP"
    echo "==============================================="
    echo ""
    echo "## Systém"
    echo "Distribúcia:  ${PRETTY_NAME:-unknown}"
    echo "Verzia:       ${VERSION:-unknown}"
    echo "Codename:     ${VERSION_CODENAME:-unknown}"
    echo "Architektúra: $(uname -m)"
    echo "Kernel:       $(uname -r)"
    echo "Hostname:     $(hostname)"
    echo ""
    echo "## Hardware"
    echo "CPU:          $(nproc) jadier"
    echo "CPU model:    $(grep -m1 'model name' /proc/cpuinfo | sed 's/.*: //' || echo unknown)"
    echo "RAM:          $(free -h | awk '/^Mem:/ {print $2}')"
    echo "Disk /:       $(df -h / | awk 'NR==2 {print $2 " total, " $3 " used, " $4 " free"}')"
    echo ""
    echo "## Sieť"
    ip -brief address show | grep -v "^lo" || echo "(žiadne sieťové rozhrania)"
    echo ""
    echo "## Uptime a posledné prihlásenia"
    echo "Uptime:       $(uptime -p)"
    echo ""
    echo "Posledné prihlásenia:"
    last -n 5 -F | head -n 6 || echo "(žiadne záznamy)"
    echo ""
} > "$BASELINE"

ok "Baseline uložený do $BASELINE"

# ----- apt update -----

step "Aktualizujem zoznam balíkov (apt update)..."
DEBIAN_FRONTEND=noninteractive apt-get update -qq

UPGRADABLE=$(apt list --upgradable 2>/dev/null | grep -c upgradable || true)
ok "Zoznam aktualizovaný. Dostupných updates: $UPGRADABLE"

# ----- apt upgrade -----

if [[ $UPGRADABLE -gt 0 ]]; then
    step "Inštalujem $UPGRADABLE updates (apt upgrade)..."
    DEBIAN_FRONTEND=noninteractive apt-get upgrade -y \
        -o Dpkg::Options::="--force-confdef" \
        -o Dpkg::Options::="--force-confold"
    ok "Updates nainštalované."
else
    ok "Systém je aktuálny, žiadne updates."
fi

# ----- detekcia rebootu -----

REBOOT_NEEDED=0
if [[ -f /var/run/reboot-required ]]; then
    REBOOT_NEEDED=1
    warn "Systém vyžaduje reboot (kernel alebo kritická knižnica updatovaná)."
    if [[ -f /var/run/reboot-required.pkgs ]]; then
        echo "  Balíky vyžadujúce reboot:"
        sed 's/^/    /' /var/run/reboot-required.pkgs
    fi
fi

# ----- cleanup -----

step "Vyčistenie systému (autoremove + autoclean)..."
DEBIAN_FRONTEND=noninteractive apt-get autoremove -y -qq
DEBIAN_FRONTEND=noninteractive apt-get autoclean -qq
ok "Cache a nepotrebné balíky odstránené."

# ----- baseline append: post-update state -----

{
    echo "## Stav po update — $TIMESTAMP"
    echo "Updates aplikované: $UPGRADABLE"
    echo "Reboot potrebný:    $([ $REBOOT_NEEDED -eq 1 ] && echo ÁNO || echo nie)"
    echo ""
    echo "==============================================="
} >> "$BASELINE"

# ----- final summary -----

echo ""
echo "==============================================="
echo "  Hotovo — CH 1 dokončená"
echo "==============================================="
echo ""
ok "Baseline:   $BASELINE"
ok "Updates:    $UPGRADABLE aplikované"

if [[ $REBOOT_NEEDED -eq 1 ]]; then
    echo ""
    warn "DÔLEŽITÉ: Systém potrebuje reboot."
    warn "Spusti: reboot"
    warn ""
    warn "Po reboote sa prihlás znova a pokračuj na CH 2."
else
    echo ""
    ok "Reboot nie je potrebný."
    ok "Pokračuj na CH 2 — Hostname, timezone, locale:"
    echo "    https://vcs-akademia.net/kurz/level-1/hostname-locale"
fi

echo ""