#!/bin/bash

# Setup rootless Docker for tinsnip user

set -euo pipefail

log() {
    echo "[Docker Setup] $*"
}

install_docker_rootless() {
    local username="tinsnip"
    
    log "Installing rootless Docker for $username..."
    
    # Check if Docker is already installed for the user
    if sudo -u "$username" -i bash -c "command -v docker &>/dev/null"; then
        log "Docker already installed for $username"
        return 0
    fi
    
    # Install dependencies
    log "Installing Docker dependencies..."
    sudo apt-get update -qq
    sudo apt-get install -y \
        uidmap \
        dbus-user-session \
        systemd-container \
        fuse-overlayfs \
        slirp4netns
    
    # Install Docker rootless as tinsnip user
    log "Installing Docker rootless mode..."
    sudo -u "$username" -i bash << 'EOF'
# Set up environment
export XDG_RUNTIME_DIR=/run/user/$(id -u)

# Download and run rootless installer
curl -fsSL https://get.docker.com/rootless | sh

# Add Docker binaries to PATH and set up environment
echo 'export PATH=$HOME/bin:$PATH' >> ~/.bashrc
echo 'export DOCKER_HOST=unix:///run/user/$(id -u)/docker.sock' >> ~/.bashrc
echo 'export XDG_RUNTIME_DIR=/run/user/$(id -u)' >> ~/.bashrc

# Also create a systemd environment file
mkdir -p ~/.config/systemd/user
cat > ~/.config/systemd/user/docker.conf << 'ENVEOF'
[Manager]
DefaultEnvironment="PATH=/home/tinsnip/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
DefaultEnvironment="DOCKER_HOST=unix:///run/user/1010/docker.sock"
DefaultEnvironment="XDG_RUNTIME_DIR=/run/user/1010"
ENVEOF

# Source the new PATH
source ~/.bashrc

# Ensure systemd user session is running
if ! systemctl --user status >/dev/null 2>&1; then
    echo "Starting systemd user session..."
    # This creates the user session if it doesn't exist
    loginctl enable-linger tinsnip
fi

# Enable Docker service
systemctl --user enable docker.service
systemctl --user start docker.service

# Wait for Docker to start
sleep 5

# Test Docker
if docker version &>/dev/null; then
    echo "Docker rootless installation successful"
else
    echo "Docker installation may have issues"
    exit 1
fi
EOF
    
    if [[ $? -eq 0 ]]; then
        log "Docker rootless installation completed successfully"
    else
        log "Warning: Docker installation may have issues"
    fi
}

configure_docker() {
    local username="tinsnip"
    
    log "Configuring Docker for $username..."
    
    # Check if Docker service exists first
    if ! sudo -u "$username" -i bash -c 'export XDG_RUNTIME_DIR=/run/user/$(id -u); systemctl --user list-unit-files | grep -q docker.service'; then
        log "Docker service not found for $username, skipping configuration"
        return 0
    fi
    
    # Create Docker config directory
    sudo -u "$username" mkdir -p /home/"$username"/.docker
    
    # Create daemon.json with useful defaults
    sudo -u "$username" tee /home/"$username"/.docker/daemon.json > /dev/null << 'EOF'
{
  "log-driver": "json-file",
  "log-opts": {
    "max-size": "10m",
    "max-file": "3"
  },
  "storage-driver": "overlay2"
}
EOF
    
    # Restart Docker to apply config if service exists
    log "Restarting Docker service to apply configuration..."
    sudo -u "$username" -i bash -c 'export XDG_RUNTIME_DIR=/run/user/$(id -u); systemctl --user restart docker.service'
    
    log "Docker configuration complete"
}

enable_privileged_ports() {
    local username="tinsnip"
    
    log "Enabling privileged port binding for rootless Docker..."
    
    # Find rootlesskit binary
    local rootlesskit_path
    rootlesskit_path=$(sudo -u "$username" -i bash -c 'which rootlesskit 2>/dev/null')
    
    if [[ -z "$rootlesskit_path" ]]; then
        log "WARNING: rootlesskit not found, skipping privileged port configuration"
        return 0
    fi
    
    # Set capability to allow binding to privileged ports
    log "Setting CAP_NET_BIND_SERVICE on rootlesskit..."
    sudo setcap cap_net_bind_service=ep "$rootlesskit_path"
    
    if [[ $? -eq 0 ]]; then
        log "Privileged port binding enabled for rootless Docker"
        log "Restarting Docker to apply changes..."
        sudo -u "$username" -i bash -c 'export XDG_RUNTIME_DIR=/run/user/$(id -u); systemctl --user restart docker.service'
    else
        log "WARNING: Failed to set capability on rootlesskit"
    fi
}

main() {
    log "Setting up rootless Docker for tinsnip..."
    
    # Check if tinsnip user exists
    if ! id "tinsnip" &>/dev/null; then
        log "ERROR: tinsnip user does not exist. Run create_tinsnip_user.sh first."
        exit 1
    fi
    
    install_docker_rootless
    
    # Verify Docker installation before configuring
    log "Verifying Docker installation..."
    if sudo -u "tinsnip" -i bash -c 'command -v docker &>/dev/null'; then
        log "Docker binary found, proceeding with configuration..."
        configure_docker
        enable_privileged_ports
    else
        log "ERROR: Docker binary not found for tinsnip user"
        exit 1
    fi
    
    # Final verification
    log "Performing final Docker verification..."
    if sudo -u "tinsnip" -i bash -c 'docker version &>/dev/null'; then
        log "Rootless Docker setup complete!"
        log ""
        log "Docker is now running for user 'tinsnip'"
        log "To verify: sudo -u tinsnip docker version"
    else
        log "WARNING: Docker may not be working correctly"
        log "Try: sudo -u tinsnip docker version"
    fi
}

main "$@"