#!/bin/bash

set -euo pipefail

SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
LOG_FILE="/tmp/tinsnip-setup-$(date +%Y%m%d-%H%M%S).log"

# Sheet configuration
SHEET_FILE="/etc/tinsnip-sheet"

log() {
    echo "[$(date '+%Y-%m-%d %H:%M:%S')] $*" | tee -a "$LOG_FILE"
}

error() {
    log "ERROR: $*" >&2
    exit 1
}

setup_sheet() {
    # Check if TIN_SHEET is already set in environment
    if [[ -z "${TIN_SHEET:-}" ]]; then
        # Check if sheet file exists
        if [[ -f "$SHEET_FILE" ]]; then
            TIN_SHEET=$(cat "$SHEET_FILE")
            log "Found existing sheet: $TIN_SHEET"
        else
            # Prompt user for sheet name
            echo
            read -p "Enter sheet [topsheet]: " sheet_input
            TIN_SHEET="${sheet_input:-topsheet}"
            
            # Save sheet system-wide
            log "Setting sheet to: $TIN_SHEET"
            echo "$TIN_SHEET" | sudo tee "$SHEET_FILE" > /dev/null
            sudo chmod 644 "$SHEET_FILE"
        fi
    else
        log "Using TIN_SHEET from environment: $TIN_SHEET"
        # Ensure it's saved system-wide
        if [[ ! -f "$SHEET_FILE" ]] || [[ "$(cat "$SHEET_FILE")" != "$TIN_SHEET" ]]; then
            echo "$TIN_SHEET" | sudo tee "$SHEET_FILE" > /dev/null
            sudo chmod 644 "$SHEET_FILE"
        fi
    fi
    
    # Export for use by other scripts
    export TIN_SHEET
    
    # Create profile script to load sheet for all users
    local profile_script="/etc/profile.d/tinsnip-sheet.sh"
    if [[ ! -f "$profile_script" ]]; then
        log "Creating system-wide sheet profile script..."
        sudo tee "$profile_script" > /dev/null << EOF
#!/bin/bash
# tinsnip sheet configuration
if [[ -f "$SHEET_FILE" ]]; then
    export TIN_SHEET=\$(cat "$SHEET_FILE")
fi
EOF
        sudo chmod 644 "$profile_script"
    fi
}

check_ubuntu() {
    if [[ ! -f /etc/os-release ]] || ! grep -q "Ubuntu" /etc/os-release; then
        error "This script requires Ubuntu"
    fi
}

check_current_user() {
    if [[ "$USER" == "tinsnip" ]]; then
        error "Do not run this script as the tinsnip user. Run as a regular admin user."
    fi
    
    if [[ $EUID -eq 0 ]]; then
        error "Do not run this script as root. Run as a regular user with sudo access."
    fi
    
    if ! groups | grep -q sudo; then
        error "Current user must have sudo access"
    fi
}

main() {
    log "tinsnip Infrastructure Setup"
    log "============================"
    log "Log file: $LOG_FILE"
    
    check_ubuntu
    check_current_user
    
    # Setup sheet first
    setup_sheet
    log "Using sheet: $TIN_SHEET"
    
    log "This will set up tinsnip infrastructure services on this host."
    log "A dedicated 'tinsnip' user will be created to run all services."
    echo
    read -p "Continue? (y/N): " response
    if [[ ! "$response" =~ ^[Yy]$ ]]; then
        log "Setup cancelled by user"
        exit 0
    fi
    
    log ""
    log "DEPRECATED: This legacy setup.sh is deprecated."
    log "Use the modern CLI instead:"
    log ""
    log "  # Set up topsheet (required first):"
    log "  TIN_SHEET=topsheet tin machine station prod <nas-server>"
    log ""
    log "  # Create machine environments:"
    log "  tin machine <service> <environment>"
    log ""  
    log "  # Deploy services:"
    log "  tin service deploy <machine-env> <service-name>"
    log ""
    log "For detailed instructions, see the README.md"
    
    log ""
    log "Setup completed successfully!"
    log ""
    log "Services deployed:"
    log "  - LLDAP: http://$(hostname):17170 (Web UI)"
    log "  - LLDAP: ldap://$(hostname):3890 (LDAP endpoint)"
    log ""
    log "Default credentials:"
    log "  - Username: admin"
    log "  - Password: (set during LLDAP setup)"
    log ""
    log "To manage services:"
    log "  sudo -u tinsnip -i"
    log "  cd ~/service/lldap && docker compose ps"
}

main "$@"