#!/usr/bin/env bash
# KAWA OS - Installation automatique
# Usage: git clone https://git.du-senegal.com/kawa_bot/kawa.git && cd kawa && ./setup

set -e

HEADSCALE_URL="https://headscale.du-senegal.com"
HEADSCALE_FALLBACK="http://141.94.23.212"
HEADSCALE_AUTHKEY="<HEADSCALE_AUTHKEY>"

# Paramètres NATS
NATS_SERVER="100.64.0.1:4222"
NATS_CLUSTER="KAWA"
NATS_USER="kawa"
NATS_PASS="kawa123"

# Paramètres Syncthing
SYNCTHING_DEVICE_ID=""  # Sera généré
SYNCTHING_FOLDERS="kawa-memory,kawa-workspace,kawa-forge"
SYNCTHING_VPS_ID="AHF53QZ-ZYCQ2K7-556QBZ2-2UAYZL4-QNEQOGZ-PHZQIAG-4ZRXI3P-QLLJNA6"

echo "🜄 KAWA OS - Installation"
echo ""

# Détection du type de système
detect_system() {
    # NixOS
    if [ -f /etc/NIXOS ]; then
        echo "nixos"
        return
    fi
    
    # Debian/Ubuntu
    if [ -f /etc/debian_version ]; then
        echo "debian"
        return
    fi
    
    # Fedora/RHEL
    if [ -f /etc/redhat-release ]; then
        echo "redhat"
        return
    fi
    
    # Arch Linux
    if [ -f /etc/arch-release ]; then
        echo "arch"
        return
    fi
    
    # Docker/Container
    if [ -f /.dockerenv ]; then
        echo "docker"
        return
    fi
    
    # Container générique
    if grep -q "docker\|lxc\|container" /proc/1/cgroup 2>/dev/null; then
        echo "container"
        return
    fi
    
    # Machine physique
    if [ -f /sys/class/dmi/id/product_name ]; then
        echo "physical"
        return
    fi
    
    echo "unknown"
}

# Installation spécifique NixOS
install_nixos() {
    echo "📦 Installation NixOS détectée"
    echo ""
    
    # Demander le hostname
    read -p "Hostname pour ce nœud (ex: kawa-node-01): " HOSTNAME_INPUT
    HOSTNAME="${HOSTNAME_INPUT:-kawa-node-$(head -c 4 /dev/urandom | xxd -p 2>/dev/null || echo "$(date +%s | tail -c 4)")}"
    
    # Créer la configuration NixOS
    echo "Création de la configuration NixOS..."
    
    NIXOS_CONFIG="/etc/nixos/kawa-configuration.nix"
    
    cat > "$NIXOS_CONFIG" << NIXOS_EOF
# KAWA Node - Configuration NixOS
# Généré automatiquement par kawa-setup

{ config, lib, pkgs, ... }:

{
  imports = [
    ./hardware-configuration.nix
    ./kawa.nix
  ];
  
  # Configuration réseau
  networking.hostName = "$HOSTNAME";
  networking.firewall = {
    allowedTCPPorts = [ 22 4222 22000 ];
    allowedUDPPorts = [ 41641 22000 ];
    trustedInterfaces = [ "tailscale0" ];
  };
  
  # Tailscale/Headscale
  services.tailscale = {
    enable = true;
    extraUpFlags = [
      "--login-server=$HEADSCALE_URL"
      "--authkey=$HEADSCALE_AUTHKEY"
      "--hostname=$HOSTNAME"
      "--force-reauth"
    ];
  };
  
  # NATS Client
  services.nats = {
    enable = true;
    server = "$NATS_SERVER";
  };
  
  # Syncthing
  services.syncthing = {
    enable = true;
    user = "kawa";
    group = "kawa";
    config = {
      devices = {
        "vps-7ed4abb0" = { id = "$SYNCTHING_VPS_ID"; };
      };
      folders = {
        "kawa-memory" = {
          path = "/home/kawa/.local/share/kawa/memory";
          devices = [ "vps-7ed4abb0" ];
        };
        "kawa-workspace" = {
          path = "/home/kawa/.local/share/kawa/workspace";
          devices = [ "vps-7ed4abb0" ];
        };
        "kawa-forge" = {
          path = "/home/kawa/.local/share/kawa/forge";
          devices = [ "vps-7ed4abb0" ];
        };
      };
    };
  };
  
  # Utilisateur KAWA
  users.users.kawa = {
    isNormalUser = true;
    extraGroups = [ "wheel" "networkmanager" "tailscale" "syncthing" ];
  };
  
  # Packages système
  environment.systemPackages = with pkgs; [
    tailscale
    natscli
    syncthing
    git
    curl
    wget
    htop
  ];
}
NIXOS_EOF

    # Copier le module kawa.nix
    cp ./nixos/kawa.nix /etc/nixos/ 2>/dev/null || true
    
    echo ""
    echo "✓ Configuration NixOS créée: $NIXOS_CONFIG"
    echo ""
    echo "Pour appliquer:"
    echo "  sudo nixos-rebuild switch"
    echo ""
    echo "Ou ajouter à votre configuration existante:"
    echo "  imports = [ ./kawa.nix ];"
    echo "  services.kawa.enable = true;"
    
    return 0
}

# Installation standard (Debian/Ubuntu/Fedora/etc.)
install_standard() {
    echo "📦 Installation standard ($1)"
    
    HOSTNAME="${2:-kawa-$SYSTEM_TYPE-$(head -c 4 /dev/urandom | xxd -p 2>/dev/null || echo "$(date +%s | tail -c 4)")}"
    echo "Hostname: $HOSTNAME"
    echo ""
    
    # Vérifier connexion existante
    check_existing
    
    # Installer Tailscale si nécessaire
    if ! command -v tailscale &> /dev/null; then
        echo "Installation de Tailscale..."
        curl -fsSL https://tailscale.com/install.sh | sh
    fi
    
    # Démarrer tailscaled
    echo "Démarrage de tailscaled..."
    tailscaled 2>/dev/null &
    sleep 3
    
    # Connexion au mesh
    echo "Connexion au mesh KAWA..."
    
    tailscale down 2>/dev/null || true
    sleep 1
    
    if tailscale up --login-server="$HEADSCALE_URL" --authkey="$HEADSCALE_AUTHKEY" --hostname="$HOSTNAME" --force-reauth 2>/dev/null; then
        echo "✓ Connecté via $HEADSCALE_URL"
    elif tailscale up --login-server="$HEADSCALE_FALLBACK" --authkey="$HEADSCALE_AUTHKEY" --hostname="$HOSTNAME" --force-reauth 2>/dev/null; then
        echo "✓ Connecté via $HEADSCALE_FALLBACK"
    else
        echo "✗ Échec de connexion"
        exit 1
    fi
    
    sleep 2
    
    # Afficher les infos
    echo ""
    echo "🜄 Nœud KAWA configuré!"
    echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
    echo "Hostname: $HOSTNAME"
    echo "IP Mesh:  $(tailscale ip 2>/dev/null || echo 'en attente...')"
    echo "NATS:     $NATS_SERVER"
    echo ""
    echo "Commandes utiles:"
    echo "  tailscale status    # Voir le mesh"
    echo "  tailscale ip        # Voir l'IP"
    echo "  tailscale ping NODE # Ping un nœud"
    echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
}

# Vérifier si déjà connecté
check_existing() {
    if command -v tailscale &> /dev/null && tailscale status &>/dev/null; then
        local CURRENT_IP=$(tailscale ip 2>/dev/null || echo "")
        if [ -n "$CURRENT_IP" ]; then
            echo "⚠️  Ce nœud est déjà connecté au mesh: $CURRENT_IP"
            echo "   Hostname actuel: $(tailscale status | head -1 | awk '{print $2}')"
            echo ""
            read -p "Voulez-vous le reconnecter avec un nouveau nom? (y/N): " confirm
            if [[ ! "$confirm" =~ ^[Yy]$ ]]; then
                echo "Connexion annulée."
                exit 0
            fi
            echo "Reconnexion avec un nouveau hostname..."
        fi
    fi
}

# Programme principal
echo "Détection du système..."
SYSTEM_TYPE=$(detect_system)
echo "Type détecté: $SYSTEM_TYPE"
echo ""

case "$SYSTEM_TYPE" in
    nixos)
        install_nixos
        ;;
    debian|redhat|arch|physical)
        install_standard "$SYSTEM_TYPE"
        ;;
    docker|container)
        install_standard "container"
        ;;
    *)
        echo "Type de système non reconnu: $SYSTEM_TYPE"
        echo "Tentative d'installation standard..."
        install_standard "unknown"
        ;;
esac
