#!/usr/bin/env bash
set -euo pipefail

if [ "$(id -u)" -ne 0 ]; then
  echo "Jalankan sebagai root."
  exit 1
fi

read -rp "Port SSH yang ingin dibuka [22]: " SSH_PORT
read -rp "Buka port HTTP 80? [Y/n]: " OPEN_HTTP
read -rp "Buka port HTTPS 443? [Y/n]: " OPEN_HTTPS
SSH_PORT="${SSH_PORT:-22}"
OPEN_HTTP="${OPEN_HTTP:-Y}"
OPEN_HTTPS="${OPEN_HTTPS:-Y}"

apt update
apt -y install ufw
ufw default deny incoming
ufw default allow outgoing
ufw allow "$SSH_PORT/tcp"
[[ "$OPEN_HTTP" =~ ^[Yy]$ ]] && ufw allow 80/tcp
[[ "$OPEN_HTTPS" =~ ^[Yy]$ ]] && ufw allow 443/tcp
ufw --force enable
ufw status verbose