#!/bin/bash
# User Data para instancia EC2 SACC v4
# =====================================
# Este script se ejecuta al inicio de la instancia

set -e

# Actualizar sistema
echo "Actualizando sistema..."
apt-get update -y
apt-get upgrade -y

# Instalar dependencias base
echo "Instalando dependencias..."
apt-get install -y \
  openjdk-21-jdk \
  nginx \
  unzip \
  jq \
  net-tools \
  htop \
  logrotate \
  curl \
  wget \
  git \
  python3 \
  python3-pip \
  ansible \
  awscli

# Crear usuarios y grupos
echo "Configurando usuarios..."
groupadd -g 1006 duat || true
useradd -u 997 -g duat -s /bin/bash -m osiris || true
useradd -u 1001 -g duat -s /bin/bash -m thoth || true

# Crear directorios
echo "Creando directorios..."
mkdir -p /opt/sacc4
mkdir -p /var/log/sacc4
mkdir -p /etc/sacc4
mkdir -p /var/www/html

# Configurar permisos
chown -R thoth:duat /opt/sacc4
chmod 2775 /opt/sacc4

# Configurar SSH
echo "Configurando SSH..."
sed -i 's/#PasswordAuthentication yes/PasswordAuthentication no/' /etc/ssh/sshd_config
sed -i 's/#PubkeyAuthentication yes/PubkeyAuthentication yes/' /etc/ssh/sshd_config
systemctl restart sshd

# Configurar UFW
echo "Configurando firewall..."
ufw default deny incoming
ufw default allow outgoing
ufw allow 22/tcp
ufw allow 80/tcp
ufw allow 443/tcp
ufw allow 8080:8085/tcp
ufw --force enable

# Instalar CloudWatch agent
echo "Instalando CloudWatch agent..."
wget https://s3.amazonaws.com/amazoncloudwatch-agent/ubuntu/amd64/latest/amazon-cloudwatch-agent.deb
dpkg -i amazon-cloudwatch-agent.deb
rm amazon-cloudwatch-agent.deb

# Crear configuración de CloudWatch
cat > /opt/aws/amazon-cloudwatch-agent/etc/amazon-cloudwatch-agent.json <<'EOF'
{
  "metrics": {
    "namespace": "SACC4",
    "metrics_collected": {
      "cpu": { "measurement": ["cpu_usage_idle", "cpu_usage_user"], "metrics_collection_interval": 60 },
      "mem": { "measurement": ["mem_used_percent"], "metrics_collection_interval": 60 },
      "disk": { "measurement": ["disk_used_percent"], "resources": ["/"], "metrics_collection_interval": 60 }
    }
  },
  "logs": {
    "logs_collected": {
      "files": {
        "collect_list": [
          { "file_path": "/var/log/sacc4/*/*.log", "log_group_name": "sacc4-application-logs", "log_stream_name": "{instance_id}" }
        ]
      }
    }
  }
}
EOF

# Iniciar CloudWatch agent
/opt/aws/amazon-cloudwatch-agent/bin/amazon-cloudwatch-agent-ctl -a fetch-config -m ec2 -s -c file:/opt/aws/amazon-cloudwatch-agent/etc/amazon-cloudwatch-agent.json

echo "Configuración base completada!"
echo "IP privada: $(hostname -I | awk '{print $1}')"
echo "Esperando despliegue de aplicación..."