#!/bin/bash

# Retrieve environment variables
PRIVATE_KEY="${PRIVATE_KEY}" 
SSH_PORT="${SSH_PORT}"
REMOTE_USER="${REMOTE_USER}"
SERVER_IP="${SERVER_IP}"
BACKUP_DIR="/home/$REMOTE_USER/system_config_backup"

set -e  # Exit on error

# Create the backup directory remotely
ssh -i $PRIVATE_KEY -p $SSH_PORT $REMOTE_USER@$SERVER_IP "mkdir -p $BACKUP_DIR"

# Backup UFW configurations
ssh -i $PRIVATE_KEY -p $SSH_PORT $REMOTE_USER@$SERVER_IP "sudo cp -r /etc/ufw/* $BACKUP_DIR/ufw/"

# Backup Fail2Ban configurations
ssh -i $PRIVATE_KEY -p $SSH_PORT $REMOTE_USER@$SERVER_IP "mkdir -p $BACKUP_DIR/fail2ban && sudo cp -r /etc/fail2ban/* $BACKUP_DIR/fail2ban/"

# Backup SSH configurations
ssh -i $PRIVATE_KEY -p $SSH_PORT $REMOTE_USER@$SERVER_IP "sudo cp /etc/ssh/sshd_config $BACKUP_DIR/"

# Backup Systemd configurations
ssh -i $PRIVATE_KEY -p $SSH_PORT $REMOTE_USER@$SERVER_IP "mkdir -p $BACKUP_DIR/systemd && sudo cp -r /etc/systemd/system/* $BACKUP_DIR/systemd/"

ssh -i $PRIVATE_KEY -p $SSH_PORT $REMOTE_USER@$SERVER_IP "mkdir -p $BACKUP_DIR/caddy && sudo cp -r /var/lib/caddy/.local/share/caddy/ $BACKUP_DIR/"

# Tar the backup directory
ssh -i $PRIVATE_KEY -p $SSH_PORT $REMOTE_USER@$SERVER_IP "sudo tar czvf ~/system_config_backup.tar.gz -C ~ system_config_backup/"

# Optionally fetch the backup to local computer
scp -i $PRIVATE_KEY -P $SSH_PORT $REMOTE_USER@$SERVER_IP:~/system_config_backup.tar.gz .

echo "Backup process completed and fetched to local machine!"