#!/usr/bin/env bash
# Install HTTPS watchdog + systemd timer on the 4NK proxy (192.168.1.100).
# Does not modify Nginx. Run from ia_dev root: ./deploy/scripts/install-lpldf-https-watch-on-proxy.sh
set -euo pipefail

IA_DEV_ROOT="$(cd "$(dirname "${BASH_SOURCE[0]}")/../.." && pwd)"
if [[ -f "${IA_DEV_ROOT}/lib/smart_ide_logs.sh" ]]; then
	# shellcheck source=../../lib/smart_ide_logs.sh
	source "${IA_DEV_ROOT}/lib/smart_ide_logs.sh"
	smart_ide_logs_begin "$IA_DEV_ROOT" "$0" "$*"
	smart_ide_logs_register_exit_trap
fi
# shellcheck source=deploy/_lib/ssh.sh
source "${IA_DEV_ROOT}/deploy/_lib/ssh.sh"

readonly SSH_KEY="${DEPLOY_SSH_KEY:-${HOME}/.ssh/id_ed25519}"
readonly SSH_USER="${DEPLOY_SSH_USER:-ncantu}"
readonly PROXY_HOST="${DEPLOY_PROXY_HOST:-192.168.1.100}"
export DEPLOY_SSH_PROXY_HOST="${DEPLOY_SSH_PROXY_HOST:-4nk.myftp.biz}"

readonly REMOTE_SCRIPT="/opt/proxy-config/scripts/watch-https-lpldf.sh"
readonly REMOTE_ENV_DIR="/opt/proxy-config/scripts/env"
readonly REMOTE_ENV="${REMOTE_ENV_DIR}/watch-https-lpldf.env"
readonly SERVICE_NAME="lpldf-https-watch"

scp_copy "$SSH_KEY" "${IA_DEV_ROOT}/tools/proxy-https-watch-lpldf.sh" "$SSH_USER" "$PROXY_HOST" "/tmp/watch-https-lpldf.sh" "false"
scp_copy "$SSH_KEY" "${IA_DEV_ROOT}/deploy/proxy-units/${SERVICE_NAME}.service" "$SSH_USER" "$PROXY_HOST" "/tmp/${SERVICE_NAME}.service" "false"
scp_copy "$SSH_KEY" "${IA_DEV_ROOT}/deploy/proxy-units/${SERVICE_NAME}.timer" "$SSH_USER" "$PROXY_HOST" "/tmp/${SERVICE_NAME}.timer" "false"

ssh_run "$SSH_KEY" "$SSH_USER" "$PROXY_HOST" \
	"sudo install -d -m 755 /opt/proxy-config/scripts && \
	sudo install -d -m 700 ${REMOTE_ENV_DIR} && \
	sudo install -m 755 /tmp/watch-https-lpldf.sh ${REMOTE_SCRIPT} && \
	sudo rm -f /tmp/watch-https-lpldf.sh && \
	sudo install -d -m 755 /var/lib/lpldf-https-watch && \
	sudo install -m 644 /tmp/${SERVICE_NAME}.service /etc/systemd/system/${SERVICE_NAME}.service && \
	sudo install -m 644 /tmp/${SERVICE_NAME}.timer /etc/systemd/system/${SERVICE_NAME}.timer && \
	sudo rm -f /tmp/${SERVICE_NAME}.service /tmp/${SERVICE_NAME}.timer && \
	sudo systemctl daemon-reload && \
	sudo systemctl enable --now ${SERVICE_NAME}.timer && \
	sudo systemctl start ${SERVICE_NAME}.service || true && \
	systemctl --no-pager --full status ${SERVICE_NAME}.timer"

echo "[install-lpldf-https-watch] Installed ${REMOTE_SCRIPT} and ${SERVICE_NAME}.timer on ${PROXY_HOST}"
echo "[install-lpldf-https-watch] Optional: create ${REMOTE_ENV} (chmod 600); see tools/proxy-https-watch-lpldf.env.example"