#!/usr/bin/env bash
# proxmox-install.sh — one-shot fetch + build + install for a fresh
# Proxmox LXC (or any Debian/Ubuntu host). Designed to be piped
# straight from the repo:
#
#   curl -fsSL https://gitea.thewrightserver.net/josh/Vetting/raw/branch/main/deploy/proxmox-install.sh | sudo bash
#
# What it does:
#   1. apt-installs build prereqs (git, curl, build-essential).
#   2. Drops Go into /usr/local/go if a recent enough toolchain isn't
#      already present.
#   3. Clones the repo to /opt/vetting-src (or pulls latest if already
#      there), then `make orchestrator-linux`.
#   4. Hands off to deploy/install.sh to lay down the binary, the
#      systemd unit, the example config, and the vetting user.
#
# Override via env: GO_VERSION, TEMPL_VERSION, SRC_DIR, BRANCH, REPO_URL.
set -euo pipefail

GO_VERSION="${GO_VERSION:-1.23.4}"
TEMPL_VERSION="${TEMPL_VERSION:-v0.3.1001}"
SRC_DIR="${SRC_DIR:-/opt/vetting-src}"
BRANCH="${BRANCH:-main}"
REPO_URL="${REPO_URL:-https://gitea.thewrightserver.net/josh/Vetting.git}"

if [[ $EUID -ne 0 ]]; then
    echo "proxmox-install.sh must be run as root (try: sudo bash)" >&2
    exit 1
fi

echo "==> installing build prerequisites"
export DEBIAN_FRONTEND=noninteractive
apt-get update -qq
apt-get install -y --no-install-recommends \
    git curl ca-certificates build-essential

need_go=1
if command -v go >/dev/null 2>&1; then
    have="$(go env GOVERSION 2>/dev/null || true)"
    # Accept any go1.23+ toolchain already on the host.
    if [[ "${have}" =~ ^go1\.(2[3-9]|[3-9][0-9]) ]]; then
        echo "==> using existing ${have}"
        need_go=0
    fi
fi
if [[ ${need_go} -eq 1 ]]; then
    echo "==> installing Go ${GO_VERSION} into /usr/local/go"
    tmp="$(mktemp -d)"
    curl -fsSL "https://go.dev/dl/go${GO_VERSION}.linux-amd64.tar.gz" -o "${tmp}/go.tgz"
    rm -rf /usr/local/go
    tar -C /usr/local -xzf "${tmp}/go.tgz"
    rm -rf "${tmp}"
    ln -sf /usr/local/go/bin/go /usr/local/bin/go
fi

echo "==> fetching source into ${SRC_DIR}"
if [[ -d "${SRC_DIR}/.git" ]]; then
    git -C "${SRC_DIR}" fetch --depth=1 origin "${BRANCH}"
    git -C "${SRC_DIR}" checkout -B "${BRANCH}" "origin/${BRANCH}"
else
    install -d -m 0755 "$(dirname "${SRC_DIR}")"
    git clone --depth=1 --branch "${BRANCH}" "${REPO_URL}" "${SRC_DIR}"
fi

echo "==> installing templ ${TEMPL_VERSION}"
GOBIN=/usr/local/bin go install "github.com/a-h/templ/cmd/templ@${TEMPL_VERSION}"

echo "==> building orchestrator (make orchestrator-linux)"
cd "${SRC_DIR}"
make orchestrator-linux

echo "==> running deploy/install.sh"
bash deploy/install.sh --binary "bin/vetting-linux-amd64"

cat <<EOF

vetting source is at ${SRC_DIR}.

To upgrade later, rerun this one-liner, or from the source dir:
    cd ${SRC_DIR} && git pull && make orchestrator-linux \\
        && sudo ./deploy/install.sh --binary bin/vetting-linux-amd64 \\
        && sudo systemctl restart vetting

EOF