#!/bin/bash
set -e


. /usr/share/debconf/confmodule

## Load configuration does not matter if we are installing or upgrading
db_get opengnsys/oglog_opensearchInitialPassword
OPENSEARCH_INITIAL_ADMIN_PASSWORD="$RET"
db_get opengnsys/oglog_ogCoreIp
OGCORE_SERVER="$RET"
db_get opengnsys/oglog_ogLogIp
OGLOG_SERVER="$RET"     
db_get opengnsys/oglog_subdomain
SUBDOMAIN="$RET"
db_get opengnsys/oglog_certificateAltNames
CERT_ALT_NAMES="$RET"
db_get opengnsys/oglog_nodeExporterTargets
NODE_EXPORTER_TARGETS="$RET"

export OGCORE_SERVER
export OGLOG_SERVER
export SUBDOMAIN
export OPENSEARCH_INITIAL_ADMIN_PASSWORD

## Global variables
SSL_DIR="/opt/opengnsys/oglog/etc/certs"

backup_file() {
    local FILE="$1"
    if [ -f "$FILE" ]; then
        local BACKUP_FILE="${FILE}.bak"
        echo "Backing up $FILE to $BACKUP_FILE"
        cp "$FILE" "$BACKUP_FILE"
    else
        echo "File $FILE does not exist, skipping backup."
    fi
}

generate_demo_cert() {
  local ALTNAMES="$1"
  local KEY="$SSL_DIR/server.key"
  local CERT="$SSL_DIR/server.crt"
  local CN=oglog.local

  mkdir -p "$SSL_DIR"

  # Crear archivo san.cnf para OpenSSL
  cat > "$SSL_DIR/san.cnf" <<EOF
[req]
distinguished_name=req_distinguished_name
x509_extensions=v3_req
prompt=no

[req_distinguished_name]
CN=$CN

[v3_req]
subjectAltName=@alt_names

[alt_names]
EOF

  # Inicializar contadores
  local dns_i=1
  local ip_i=1

  IFS=',' read -ra SAN_ENTRIES <<< "$ALTNAMES"
  for entry in "${SAN_ENTRIES[@]}"; do
    if [[ $entry =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
      echo "IP.$ip_i = $entry" >> "$SSL_DIR/san.cnf"
      ((ip_i++))
    elif [[ $entry =~ ^[a-zA-Z0-9.-]+$ ]]; then
      echo "DNS.$dns_i = $entry" >> "$SSL_DIR/san.cnf"
      ((dns_i++))
    else
      echo "Ignorado (formato inválido): $entry"
    fi
  done

  # Generar certificado
  openssl req -x509 -new -nodes -newkey rsa:2048 \
    -keyout "$KEY" \
    -out "$CERT" \
    -days 365 \
    -config "$SSL_DIR/san.cnf" \
    -extensions v3_req

  chmod 0644 "$KEY"
  chmod 0644 "$CERT"

  echo "Certificado generado con:"
  echo "  - CN=$CN"
  echo "  - SANs: $ALTNAMES"
}

update_etc_hosts() {

    local CN="oglog.local"
    local HOSTS_FILE="/etc/hosts"

    # Si CN ya está en /etc/hosts, no hacemos nada

    if grep -q "$CN" "$HOSTS_FILE"; then
        echo "El CN '$CN' ya está en $HOSTS_FILE, no se requiere actualización."
        return
    fi
    echo "Actualizando $HOSTS_FILE para incluir el CN '$CN'."
    # Agregar CN a la entrada de localhost en /etc/hosts
    sed -i "/127.0.0.1/s/$/ $CN/" /etc/hosts 
}

### Main script execution starts here ### 

configure_file() {
    SRC_PATH=$1
    DEST_PATH=$2 

    if [ -f "$SRC_PATH" ]; then
        DEST_DIR=$(dirname "$DEST_PATH")
        mkdir -p "$DEST_DIR"
        echo "Configuring $DEST_PATH from $SRC_PATH"
        envsubst < "$SRC_PATH" > "$DEST_PATH"
        chmod 644 "$DEST_PATH"
        chown "$USER":"$GROUP" "$DEST_PATH"
    else
        echo "Source file $SRC_PATH does not exist, skipping configuration."
    fi
}

configure_journal_remote() {
    OVERRIDE_DIR="/etc/systemd/system/systemd-journal-remote.service.d"
    OVERRIDE_FILE="${OVERRIDE_DIR}/override.conf"
    EXPECTED_CMD="/usr/lib/systemd/systemd-journal-remote --listen-http=-3 --seal=no --output=/var/log/journal/remote/"

    if ! grep -qF "$EXPECTED_CMD" "$OVERRIDE_FILE" 2>/dev/null; then    
        mkdir -p "$OVERRIDE_DIR"
        cat > "$OVERRIDE_FILE" <<EOF
[Service]
ExecStart=
ExecStart=$EXPECTED_CMD
EOF

        systemctl daemon-reload
        systemctl enable systemd-journal-remote.service
        systemctl restart systemd-journal-remote.service
    fi
}

configure_opensearch_certificates() {
    local DEST_CERTS_DIR="/etc/opensearch/certs"
    mkdir -p "$DEST_CERTS_DIR"
    cp "$SSL_DIR/server.crt" "$DEST_CERTS_DIR/server.crt"
    cp "$SSL_DIR/server.key" "$DEST_CERTS_DIR/server.key"
    chown opensearch:opensearch "$DEST_CERTS_DIR/server.crt"
    chown opensearch:opensearch "$DEST_CERTS_DIR/server.key"
    chmod 644 "$DEST_CERTS_DIR/server.crt"
    chmod 600 "$DEST_CERTS_DIR/server.key"

}


configure_journalbeat_certificates() {
    local DEST_CERTS_DIR="/etc/journalbeat/certs"
    mkdir -p "$DEST_CERTS_DIR"
    cp "$SSL_DIR/server.crt" "$DEST_CERTS_DIR/server.crt"
    cp "$SSL_DIR/server.key" "$DEST_CERTS_DIR/server.key"
    chown root:root "$DEST_CERTS_DIR/server.crt"
    chown root:root "$DEST_CERTS_DIR/server.key"
    chmod 644 "$DEST_CERTS_DIR/server.crt"
    chmod 600 "$DEST_CERTS_DIR/server.key"
}   

configure_grafana(){
    local BASE_DIR="/etc/grafana"
    local TMPLATE_BASE_DIR="/opt/opengnsys/oglog/etc/grafana"
    local OPENSEARCH_TMPL_FILE="$TMPLATE_BASE_DIR/provisioning/datasources/opensearch.yaml"
    local OPENSEARCH_FILE="$BASE_DIR/provisioning/datasources/opensearch.yaml"
    local MYSQL_TMPL_FILE="$TMPLATE_BASE_DIR/provisioning/datasources/mysql.yaml"
    local MYSQL_FILE="$BASE_DIR/provisioning/datasources/mysql.yaml"

    # Install OpenSearch datasource plugin if not already installed
    if ! grafana-cli plugins ls | grep -q "grafana-opensearch-datasource"; then
        echo "Installing OpenSearch datasource plugin for Grafana..."
        grafana-cli plugins install grafana-opensearch-datasource
    fi
    
    envsubst < "$OPENSEARCH_TMPL_FILE" > "$OPENSEARCH_FILE"
    chown grafana:grafana "$OPENSEARCH_FILE"
    chmod 644 "$OPENSEARCH_FILE"
    echo "Configuring Grafana with OpenSearch datasource at $OPENSEARCH_FILE"

    # Install MySQL datasource plugin if not already installed
    if ! grafana-cli plugins ls | grep -q "grafana-mysql-datasource"; then
        echo "Installing MySQL datasource plugin for Grafana..."
        grafana-cli plugins install grafana-mysql-datasource
    fi  
    envsubst < "$MYSQL_TMPL_FILE" > "$MYSQL_FILE"
    chown grafana:grafana "$MYSQL_FILE"
    chmod 644 "$MYSQL_FILE"
    echo "Configuring Grafana with MySQL datasource at $MYSQL_FILE"

    # Copy dashboards 
    install -d /etc/grafana/dashboards
    cp -a /opt/opengnsys/oglog/etc/grafana/resources/dashboards/*.json /etc/grafana/dashboards/
    chown -R grafana:grafana /etc/grafana/dashboards
    systemctl restart grafana-server || true 

}

create_opensearch_index() {


    echo "Creating OpenSearch index patterns and initial index..."
    echo "Creating OpenSearch index pattern filebeat-*"
    curl --insecure -X POST "https://${OGLOG_SERVER}:9200/.kibana/_doc/index-pattern:filebeat-*" \
        --user "admin:$OPENSEARCH_INITIAL_ADMIN_PASSWORD" \
        --header 'Content-Type: application/json' \
        --data '{
            "type": "index-pattern",
            "index-pattern": {
            "title": "filebeat-*",
            "timeFieldName": "@timestamp"
        }
    }'
    echo $?
    echo "Creating OpenSearch index pattern for journalbeat-*"
    curl --insecure -X POST "https://${OGLOG_SERVER}:9200/.kibana/_doc/index-pattern:journalbeat-*" \
        --user "admin:$OPENSEARCH_INITIAL_ADMIN_PASSWORD" \
        --header 'Content-Type: application/json' \
        --data '{
            "type": "index-pattern",
            "index-pattern": {
            "title": "journalbeat-*",
            "timeFieldName": "@timestamp"
        }
    }'
    echo $?
    echo "Creating OpenSearch index filebeat-000001"
    curl --insecure -X PUT "https://${OGLOG_SERVER}:9200/filebeat-000001" \
        --user "admin:$OPENSEARCH_INITIAL_ADMIN_PASSWORD" \
        --header 'Content-Type: application/json' \
        --data '{
            "mappings": {
            "properties": {
                "@timestamp": { "type": "date" },
                "message": { "type": "text" }
                }
            }
        }'
    echo $?
    echo

    ## Import ingestion pipelines for  opensearch 
    echo "Importing OpenSearch ingestion pipelines..."
    jq -c 'to_entries[]' "/opt/opengnsys/oglog/etc/opensearch/pipelines.json" | while read -r entry
	do
		name=$(echo "$entry" | jq -r '.key')
	    body=$(echo "$entry" | jq -c '.value')
        echo "Importing pipeline: $name"
        curl --insecure -X PUT "https://${OGLOG_SERVER}:9200/_ingest/pipeline/$name" \
            --user "admin:$OPENSEARCH_INITIAL_ADMIN_PASSWORD" \
            --header "Content-Type: application/json" \
            --data "$body"
        echo
    done
}


configure_prometheus() {
    local PROMETHEUS_CONFIG="/etc/prometheus/prometheus.yml"
    IFS=',' read -r -a HOST_ARRAY <<< "$NODE_EXPORTER_TARGETS"

    # Configurar Prometheus para monitorear OpenSearch y OpenSearch Dashboards
    echo "Configuring Prometheus with OpenSearch and OpenSearch Dashboards targets..."
    cat > "$PROMETHEUS_CONFIG" <<EOF
global:
  scrape_interval: 15s
  evaluation_interval: 15s
scrape_configs:
  - job_name: 'node_exporter'
    static_configs:
      - targets:
EOF
    for HOST in "${HOST_ARRAY[@]}"; do
        echo "        - $HOST:9100" >> "$PROMETHEUS_CONFIG"
    done
}

restart_services() {
    echo "Restarting services..."
    systemctl daemon-reload
    systemctl restart opensearch
    systemctl restart grafana-server
    systemctl restart journalbeat
    systemctl restart prometheus
    systemctl restart systemd-journal-remote
}

case $1 in
    configure)
        PREV_VERSION="$2"
        if [ -z "$PREV_VERSION" ]; then
            # Instalación inicial
            echo "No previous version found, running initial configuration."
            backup_file "$SSL_DIR/server.key"
            backup_file "$SSL_DIR/server.crt"
            generate_demo_cert "$CERT_ALT_NAMES"
            update_etc_hosts
            configure_file "/opt/opengnsys/oglog/etc/grafana/grafana.ini" "/etc/grafana/grafana.ini" grafana grafana
            configure_file "/opt/opengnsys/oglog/etc/grafana/provisioning/datasources/prometheus.yaml" "/etc/grafana/provisioning/datasources/prometheus.yaml" grafana grafana
            configure_file "/opt/opengnsys/oglog/etc/grafana/provisioning/dashboards/dashboard.yaml" "/etc/grafana/provisioning/dashboards/dashboard.yaml" grafana grafana
            configure_file "/opt/opengnsys/oglog/etc/grafana/provisioning/alerting/alerts.yaml" "/etc/grafana/provisioning/alerting/alerts.yaml"    grafana grafana
            configure_file "/opt/opengnsys/oglog/etc/grafana/provisioning/alerting/contactpoint.yaml" "/etc/grafana/provisioning/alerting/contactpoint.yaml"    grafana grafana
            configure_file "/opt/opengnsys/oglog/etc/journalbeat/journalbeat.yml" "/etc/journalbeat/journalbeat.yml" root root
            configure_file "/opt/opengnsys/oglog/etc/opensearch/opensearch.yml" "/etc/opensearch/opensearch.yml" opensearch opensearch
            configure_file "/opt/opengenys/oglog/etc/prometheus/prometheus.yml" "/etc/prometheus/prometheus.yml" root root
            configure_file "/opt/opengnsys/oglog/etc/prometheus/web-config.yml" "/etc/prometheus/web-config.yml" root root 
            configure_journal_remote
            configure_opensearch_certificates
            configure_journalbeat_certificates
            configure_grafana
            configure_prometheus
            restart_services
            sleep 5
            echo "Creating OpenSearch index patterns and initial index..."
            create_opensearch_index 
        else
            echo "Upgrading from version $PREV_VERSION."
            # Perform upgrade actions here if needed
        fi
        ;;
    *)
        echo "Unknown action: $1"
        exit 1
        ;;
esac