#!/bin/bash
set -e

# Netdata Zulip Bot Setup Script

DOMAIN=""
EMAIL=""
USER="netdata-bot"
INSTALL_DIR="/opt/netdata-zulip-bot"

usage() {
    echo "Usage: $0 --domain DOMAIN --email EMAIL [OPTIONS]"
    echo ""
    echo "Required:"
    echo "  --domain DOMAIN     Public domain for webhook endpoint"
    echo "  --email EMAIL       Email for Let's Encrypt certificate"
    echo ""
    echo "Options:"
    echo "  --user USER         System user to run service (default: netdata-bot)"
    echo "  --install-dir DIR   Installation directory (default: /opt/netdata-zulip-bot)"
    echo "  --port PORT         HTTPS port (default: 8443)"
    echo "  --help              Show this help"
    exit 1
}

# Parse command line arguments
while [[ $# -gt 0 ]]; do
    case $1 in
        --domain)
            DOMAIN="$2"
            shift 2
            ;;
        --email)
            EMAIL="$2"
            shift 2
            ;;
        --user)
            USER="$2"
            shift 2
            ;;
        --install-dir)
            INSTALL_DIR="$2"
            shift 2
            ;;
        --port)
            PORT="$2"
            shift 2
            ;;
        --help)
            usage
            ;;
        *)
            echo "Unknown option: $1"
            usage
            ;;
    esac
done

# Validate required arguments
if [[ -z "$DOMAIN" ]] || [[ -z "$EMAIL" ]]; then
    echo "Error: --domain and --email are required"
    usage
fi

echo "Setting up Netdata Zulip Bot..."
echo "Domain: $DOMAIN"
echo "Email: $EMAIL"
echo "User: $USER"
echo "Install Directory: $INSTALL_DIR"

# Check if running as root
if [[ $EUID -ne 0 ]]; then
    echo "This script must be run as root (use sudo)"
    exit 1
fi

# Install system dependencies
echo "Installing system dependencies..."
apt-get update
apt-get install -y python3 python3-pip python3-venv certbot curl

# Create system user
if ! id "$USER" &>/dev/null; then
    echo "Creating user $USER..."
    useradd --system --home-dir "$INSTALL_DIR" --shell /bin/bash "$USER"
fi

# Create installation directory
echo "Setting up installation directory..."
mkdir -p "$INSTALL_DIR"
chown "$USER:$USER" "$INSTALL_DIR"

# Install uv for Python package management
echo "Installing uv package manager..."
curl -LsSf https://astral.sh/uv/install.sh | sh
export PATH="$HOME/.local/bin:$PATH"

# Copy application files
echo "Installing application..."
cp -r . "$INSTALL_DIR/"
chown -R "$USER:$USER" "$INSTALL_DIR"

# Install Python dependencies as the service user
echo "Installing Python dependencies..."
sudo -u "$USER" bash -c "cd '$INSTALL_DIR' && ~/.local/bin/uv sync"

# Obtain Let's Encrypt certificate
echo "Obtaining Let's Encrypt certificate..."
certbot certonly --standalone \
    --non-interactive \
    --agree-tos \
    --email "$EMAIL" \
    -d "$DOMAIN"

# Set certificate permissions
echo "Setting certificate permissions..."
chown -R "$USER:$USER" "/etc/letsencrypt/live/$DOMAIN/"

# Create systemd service
echo "Creating systemd service..."
cat > /etc/systemd/system/netdata-zulip-bot.service << EOF
[Unit]
Description=Netdata Zulip Bot
After=network.target

[Service]
Type=simple
User=$USER
Group=$USER
WorkingDirectory=$INSTALL_DIR
Environment=PATH=$INSTALL_DIR/.venv/bin:/usr/local/bin:/usr/bin:/bin
Environment=SERVER_DOMAIN=$DOMAIN
Environment=SERVER_PORT=${PORT:-8443}
Environment=SERVER_ENABLE_MTLS=true
ExecStart=$INSTALL_DIR/.venv/bin/netdata-zulip-bot
Restart=always
RestartSec=5
StandardOutput=journal
StandardError=journal

[Install]
WantedBy=multi-user.target
EOF

# Setup log rotation
echo "Setting up log rotation..."
cat > /etc/logrotate.d/netdata-zulip-bot << EOF
/var/log/netdata-zulip-bot/*.log {
    daily
    missingok
    rotate 30
    compress
    delaycompress
    notifempty
    sharedscripts
    postrotate
        systemctl reload netdata-zulip-bot
    endscript
}
EOF

# Create configuration template
echo "Creating configuration template..."
sudo -u "$USER" bash -c "cd '$INSTALL_DIR' && ./.venv/bin/netdata-zulip-bot --create-config"

# Enable and start service
echo "Enabling and starting service..."
systemctl daemon-reload
systemctl enable netdata-zulip-bot

# Setup firewall (if UFW is available)
if command -v ufw &> /dev/null; then
    echo "Configuring firewall..."
    ufw allow ${PORT:-8443}/tcp
fi

echo ""
echo "✅ Installation complete!"
echo ""
echo "Next steps:"
echo "1. Configure Zulip settings:"
echo "   sudo -u $USER nano $INSTALL_DIR/.zuliprc.sample"
echo "   sudo -u $USER cp $INSTALL_DIR/.zuliprc.sample /home/$USER/.zuliprc"
echo ""
echo "2. Start the service:"
echo "   sudo systemctl start netdata-zulip-bot"
echo ""
echo "3. Check service status:"
echo "   sudo systemctl status netdata-zulip-bot"
echo ""
echo "4. View logs:"
echo "   sudo journalctl -u netdata-zulip-bot -f"
echo ""
echo "5. Test the webhook endpoint:"
echo "   curl -k https://$DOMAIN:${PORT:-8443}/health"
echo ""
echo "6. Configure Netdata Cloud webhook URL:"
echo "   https://$DOMAIN:${PORT:-8443}/webhook/netdata"