#!/usr/bin/env bash
set -euo pipefail

echo "=== Updating system ==="
sudo apt update -y
sudo apt upgrade -y

echo "=== Installing base packages ==="
sudo apt install -y curl git ufw ca-certificates gnupg lsb-release

echo "=== Installing Docker ==="
if ! command -v docker >/dev/null 2>&1; then
  curl -fsSL https://get.docker.com | sh
  sudo usermod -aG docker "$USER"
fi

echo "=== Installing Docker Compose plugin ==="
sudo apt install -y docker-compose-plugin

echo "=== Installing Hermes Agent ==="
curl -fsSL https://hermes-agent.nousresearch.com/install.sh | bash

echo "=== Creating n8n folder ==="
mkdir -p "$HOME/n8n"
cd "$HOME/n8n"

echo "=== Creating .env ==="
cat > .env << 'EOF'
N8N_BASIC_AUTH_USER=admin
N8N_BASIC_AUTH_PASSWORD=CHANGE_ME_STRONG_PASSWORD
N8N_HOST=0.0.0.0
N8N_PORT=5678
N8N_PROTOCOL=http
N8N_ENCRYPTION_KEY=CHANGE_ME_32_PLUS_RANDOM_CHARS
GENERIC_TIMEZONE=America/Toronto
TZ=America/Toronto
EOF

echo "=== Creating docker-compose.yml ==="
cat > docker-compose.yml << 'EOF'
services:
  n8n:
    image: n8nio/n8n:latest
    container_name: n8n
    restart: unless-stopped
    ports:
      - "5678:5678"
    env_file:
      - .env
    volumes:
      - n8n_data:/home/node/.n8n

volumes:
  n8n_data:
EOF

echo "=== Starting n8n ==="
docker compose up -d

echo "=== Configuring firewall ==="
sudo ufw allow OpenSSH
sudo ufw allow 5678/tcp
sudo ufw --force enable

echo "=== Done ==="
echo "IMPORTANT:"
echo "1. Edit ~/n8n/.env and replace passwords/keys."
echo "2. Run: cd ~/n8n && docker compose restart"
echo "3. Run Hermes setup: hermes setup"
echo "4. Open n8n: http://YOUR_OCI_PUBLIC_IP:5678"
echo "5. You may need to log out/in for docker group permissions."