#!/bin/bash

# CONFIGURA TU DOMINIO
DOMAIN="deployment.abasmart.net"
EMAIL="admin@abasmart.net"  # Email para Let's Encrypt (cambia por uno válido)

# Paso 1: Instalar Java y Jenkins
sudo apt update
sudo apt install -y openjdk-11-jdk
wget -q -O - https://pkg.jenkins.io/debian-stable/jenkins.io.key | sudo tee /usr/share/keyrings/jenkins-keyring.asc > /dev/null
echo deb [signed-by=/usr/share/keyrings/jenkins-keyring.asc] https://pkg.jenkins.io/debian-stable binary/ | sudo tee /etc/apt/sources.list.d/jenkins.list > /dev/null
sudo apt update
sudo apt install -y jenkins

# Habilitar y arrancar Jenkins
sudo systemctl enable jenkins
sudo systemctl start jenkins

# Paso 2: Instalar NGINX y configurar proxy
sudo apt install -y nginx

sudo tee /etc/nginx/sites-available/jenkins > /dev/null <<EOF
server {
    listen 80;
    server_name $DOMAIN;

    location / {
        proxy_pass         http://localhost:8080;
        proxy_set_header   Host \$host;
        proxy_set_header   X-Real-IP \$remote_addr;
        proxy_set_header   X-Forwarded-For \$proxy_add_x_forwarded_for;
        proxy_set_header   X-Forwarded-Proto \$scheme;
    }
}
EOF

sudo ln -s /etc/nginx/sites-available/jenkins /etc/nginx/sites-enabled/
sudo nginx -t && sudo systemctl reload nginx

# Paso 3: Certbot (HTTPS)
sudo apt install -y certbot python3-certbot-nginx
sudo certbot --nginx -d "$DOMAIN" --non-interactive --agree-tos -m "$EMAIL"

# Mostrar el password inicial
echo "🔐 Jenkins instalado. El password de admin es:"
sudo cat /var/lib/jenkins/secrets/initialAdminPassword

echo "🌐 Accede en: https://$DOMAIN"