#!/bin/bash

. ./env.sh

set -e

services=("$CONTAINER_PREFIX-$CONTAINER_GITEA.service"
    "$CONTAINER_PREFIX-$CONTAINER_DB.service",
)

for service in "${services[@]}"; do
    if systemctl --user list-units --full --all | grep -q "$service"; then
        echo "Stopping $service..."
        systemctl --user stop $service
        echo "$service stopped."
    fi
done

containers=(
    "$CONTAINER_GITEA"
    "$CONTAINER_DB"
)

for container in "${containers[@]}"; do
    if podman container exists "$container"; then
      echo "Stop and delete existing container $container"
    if podman inspect -f '{{.State.Running}}' "$container" | grep -q true; then
      podman stop "$container"
    fi
    podman rm "$container"
fi
done

if ! podman network exists $NETWORK; then
  podman network create $NETWORK
fi

mkdir -p $DATA_FOLDER
mkdir -p $DB_FOLDER
mkdir -p $USER_SYSTEMD

podman create \
  --name $CONTAINER_DB \
  --network $NETWORK \
  --restart=always \
  -p $PORT_DB:5432 \
  -e POSTGRES_USER=$DB_USER \
  -e POSTGRES_PASSWORD=$DB_PASSWORD \
  -e POSTGRES_DB=$DB_NAME \
  -e POSTGRES_HOST_AUTH_METHOD=trust \
  -v "$DB_FOLDER:/var/lib/postgresql/data:Z" \
  docker.io/library/postgres:16

podman generate systemd \
  --new \
  --name $CONTAINER_DB \
  --files --restart-policy always --container-prefix=$CONTAINER_PREFIX > /dev/null

mv $CONTAINER_PREFIX-$CONTAINER_DB.service $USER_SYSTEMD
systemctl --user daemon-reload
systemctl --user enable --now $CONTAINER_PREFIX-$CONTAINER_DB.service
echo "Wait for PostgreSQL..."
until podman exec $CONTAINER_DB pg_isready -U "$DB_USER" -d "$DB_NAME" > /dev/null 2>&1; do
  sleep 2
done
echo "PostgreSQL ready"

podman create \
    --name $CONTAINER_GITEA \
    --network $NETWORK \
    --restart=always \
    -p $PORT_WEB:3000 \
    -p $PORT_SSH:22 \
    -v $DATA_FOLDER:/data \
    -e GITEA__database__DB_TYPE=postgres \
    -e GITEA__database__HOST=$HOST_DB:$PORT_DB \
    -e GITEA__database__NAME=$DB_NAME \
    -e GITEA__database__USER=$DB_USER \
    -e GITEA__database__PASSWD=$DB_PASSWORD \
    -v /etc/timezone:/etc/timezone:ro \
    -v /etc/localtime:/etc/localtime:ro \
    docker.gitea.com/gitea:latest

podman generate systemd \
    --new \
    --name $CONTAINER_GITEA \
    --files \
    --container-prefix=$CONTAINER_PREFIX \
    --restart-policy=always

sed -i "/^\[Unit\]/a After=$CONTAINER_PREFIX-$CONTAINER_DB.service \nRequires=$CONTAINER_PREFIX-$CONTAINER_DB.service" $CONTAINER_PREFIX-$CONTAINER_GITEA.service

mv $CONTAINER_PREFIX-$CONTAINER_GITEA.service $USER_SYSTEMD
systemctl --user daemon-reload
systemctl --user enable --now $CONTAINER_PREFIX-$CONTAINER_GITEA.service

sudo loginctl enable-linger $USER

# generate haproxy blocks
sudo mkdir -p $SERVICE_DIR
echo "crt $SSL_PATH/fullchain.pem" | sudo tee $SERVICE_DIR/cert.block > /dev/null
ACL_CFG=$(cat <<EOF
acl is_gitee hdr(host) -i $DOMAIN
use_backend gitee_backend if is_gitee
EOF
)
echo "$ACL_CFG" | sudo tee $SERVICE_DIR/acl.block > /dev/null
BACKEND_CFG=$(cat <<EOF
backend gitee_backend
    mode http
    option httpchk GET /
    option forwardfor
    # Set the Source IP in the X-Real-IP header
    http-request set-header X-Real-IP %[src]
    server vwhttp 127.0.0.1:$PORT_WEB alpn http/1.1 check
EOF
)
echo "$BACKEND_CFG" | sudo tee $SERVICE_DIR/backend.block > /dev/null

echo "Deploy completed, manually run haproxy to generate new config."

# on local, allow ufw port from wireguard
echo "Manually config backup remote."