#!/usr/bin/env bash
set -euo pipefail

SCRIPT_NAME="$(basename "$0")"
SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
SKILL_ROOT="$(dirname "$(dirname "$SCRIPT_DIR")")"

: "${OUTPUT_DIR:=$SKILL_ROOT/outputs}"
: "${BACKUP_DIR:=$OUTPUT_DIR/backups}"

log_info()  { echo "[INFO]  $(date -Iseconds) $*"; }
log_warn()  { echo "[WARN]  $(date -Iseconds) $*" >&2; }
log_error() { echo "[ERROR] $(date -Iseconds) $*" >&2; }

die() { log_error "$@"; exit 1; }

reload_service() {
  if systemctl list-units --type=service | grep -qE '^sshd\.service'; then
    sudo systemctl restart sshd
  elif systemctl list-units --type=service | grep -qE '^ssh\.service'; then
    sudo systemctl restart ssh
  else
    die "Could not find ssh/sshd service under systemctl"
  fi
}

main() {
  mkdir -p "$OUTPUT_DIR" "$BACKUP_DIR"
  log_warn "EMERGENCY RESTORE: intended to be run from console if you are locked out"

  if command -v ufw &>/dev/null; then
    log_warn "Disabling UFW"
    sudo ufw --force disable || true
  fi

  if [[ -f "$BACKUP_DIR/sshd_config.before" ]]; then
    log_warn "Restoring sshd_config backup"
    sudo cp -a "$BACKUP_DIR/sshd_config.before" /etc/ssh/sshd_config
    reload_service
  else
    log_warn "No sshd_config backup found; skipping SSH restore"
  fi

  log_info "Emergency restore complete"
}

[[ "${BASH_SOURCE[0]}" == "$0" ]] && main "$@"