class Kitsune::Kit::Commands::SetupFirewall

def perform_setup(ssh, filled_options)
  ssh_port = filled_options[:ssh_port]
  output = ssh.exec! <<~EOH
    set -e
    echo "✍🏻 Updating repositories and ensuring UFW is installed…"
    if ! dpkg -l | grep -q ufw; then
      sudo apt-get update -y
      sudo apt-get install -y ufw && echo "   - ufw installed"
    else
      echo "   - ufw is already installed"
    fi
    echo "✍🏻 Configuring UFW rules…"
    add_rule() {
      local rule="$1"
      if ! sudo ufw status | grep -q "$rule"; then
        sudo ufw allow "$rule" >/dev/null 2>&1 && echo "   - rule '$rule' added"
      else
        echo "   - rule '$rule' already exists"
      fi
    }
    add_rule "#{ssh_port}/tcp"
    add_rule "80/tcp"
    add_rule "443/tcp"
    echo "✍🏻 Enabling UFW logging…"
    if ! sudo ufw status verbose | grep -q "Logging: on"; then
      sudo ufw logging on >/dev/null 2>&1 && echo "   - logging enabled"
    else
      echo "   - logging was already enabled"
    fi
    echo "✍🏻 Enabling UFW…"
    if sudo ufw status | grep -q "Status: inactive"; then
      sudo ufw --force enable >/dev/null 2>&1 && echo "   - UFW enabled"
    else
      echo "   - UFW is already enabled"
    fi
  EOH
  say output
  say "✅ Firewall setup completed", :green
end