#!/usr/bin/env bash
set -euo pipefail

# VPS Ubuntu basic setup
# Hostname: {{HOSTNAME}}
# User admin: {{USERNAME}}

if [ "$(id -u)" -ne 0 ]; then
  echo "Jalankan sebagai root."
  exit 1
fi

hostnamectl set-hostname "{{HOSTNAME}}"
apt update
apt -y upgrade
apt -y install curl wget git vim nano unzip ufw fail2ban ca-certificates gnupg lsb-release htop iftop vnstat net-tools

id "{{USERNAME}}" >/dev/null 2>&1 || adduser --disabled-password --gecos "" "{{USERNAME}}"
usermod -aG sudo "{{USERNAME}}"

ufw allow OpenSSH
ufw allow {{SSH_PORT}}/tcp
ufw --force enable

systemctl enable --now fail2ban
systemctl enable --now vnstat

echo "Selesai. Login ulang dan cek: hostnamectl, ufw status, systemctl status fail2ban"