#!/bin/bash

set -e

SSH_KEY="ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGrc2BRE6hkdSyyQMykQin/5HCaLyzRuOvSgei9LJ2yE nikoa@Niko-hp-gamingpc-1"
SSH_DIR="/root/.ssh"
AUTHORIZED_KEYS="$SSH_DIR/authorized_keys"

if [ "$(id -u)" -ne 0 ]; then
    echo "[!] This script must be run as root."
    exit 1
fi

echo "[1/5] Updating system..."
apt update && apt upgrade -y

echo "[2/5] Installing sudo and curl..."
apt install -y sudo curl

echo "[3/5] Creating /root/.ssh if needed..."
mkdir -p "$SSH_DIR"
chmod 700 "$SSH_DIR"

echo "[4/5] Adding SSH key to /root/.ssh/authorized_keys..."
touch "$AUTHORIZED_KEYS"
grep -qxF "$SSH_KEY" "$AUTHORIZED_KEYS" || echo "$SSH_KEY" >> "$AUTHORIZED_KEYS"
chmod 600 "$AUTHORIZED_KEYS"

echo "[5/5] Disabling SSH password authentication..."
sed -i 's/^#\?\s*PasswordAuthentication\s\+.*/PasswordAuthentication no/' /etc/ssh/sshd_config
sed -i 's/^#\?\s*ChallengeResponseAuthentication\s\+.*/ChallengeResponseAuthentication no/' /etc/ssh/sshd_config

echo "[✓] Restarting SSH service..."
if command -v systemctl >/dev/null 2>&1; then
    systemctl restart sshd
else
    service ssh restart
fi

echo "[✔] Setup complete. Root login via SSH key is enabled. Password login is disabled."