#!/usr/bin/env bash
set -euo pipefail

repo_url="${RIZOMA_ROUTER_REPO_URL:-https://repo.rizomasec.ru/router}"
channel="${RIZOMA_ROUTER_CHANNEL:-stable}"
package_name="${RIZOMA_ROUTER_PACKAGE:-rizoma-router}"
run_setup="${RIZOMA_ROUTER_RUN_SETUP:-1}"

while [ "$#" -gt 0 ]; do
  case "$1" in
    --repo-url)
      repo_url="${2:?missing value for --repo-url}"
      shift 2
      ;;
    --channel)
      channel="${2:?missing value for --channel}"
      shift 2
      ;;
    --package)
      package_name="${2:?missing value for --package}"
      shift 2
      ;;
    --skip-setup|--no-setup)
      run_setup=0
      shift
      ;;
    *)
      echo "install.sh: unknown argument: $1" >&2
      exit 1
      ;;
  esac
done

fail() {
  echo "install.sh: $*" >&2
  exit 1
}

require_root() {
  if [ "$(id -u)" -ne 0 ]; then
    fail "run as root"
  fi
}

install_apt() {
  command -v apt-get >/dev/null 2>&1 || fail "apt-get not found"
  if ! command -v curl >/dev/null 2>&1; then
    apt-get update
    apt-get install -y curl ca-certificates
  fi

  install -d -m 0755 /usr/share/keyrings /etc/apt/sources.list.d
  curl -fsSL "$repo_url/keys/rizoma-router-archive-keyring.gpg" \
    -o /usr/share/keyrings/rizoma-router-archive-keyring.gpg
  chmod 0644 /usr/share/keyrings/rizoma-router-archive-keyring.gpg

  printf 'deb [signed-by=/usr/share/keyrings/rizoma-router-archive-keyring.gpg] %s/apt/%s ./\n' \
    "$repo_url" "$channel" > /etc/apt/sources.list.d/rizoma-router.list

  apt-get update
  apt-get install -y --no-install-recommends "$package_name"
  if ! command -v caddy >/dev/null 2>&1; then
    apt-get install -y caddy || echo "install.sh: caddy was not installed; routerctl setup will report this if LAN UI is enabled" >&2
  fi
}

install_dnf() {
  command -v dnf >/dev/null 2>&1 || fail "dnf not found"
  if ! command -v curl >/dev/null 2>&1; then
    dnf install -y curl ca-certificates
  fi

  install -d -m 0755 /etc/yum.repos.d
  rpm --import "$repo_url/keys/RPM-GPG-KEY-rizoma-router"

  cat > /etc/yum.repos.d/rizoma-router.repo <<EOF
[rizoma-router-$channel]
name=Rizoma Router $channel
baseurl=$repo_url/dnf/$channel/
enabled=1
gpgcheck=1
gpgkey=$repo_url/keys/RPM-GPG-KEY-rizoma-router
EOF

  dnf install -y --setopt=install_weak_deps=False "$package_name"
  if ! command -v caddy >/dev/null 2>&1; then
    dnf install -y caddy || echo "install.sh: caddy was not installed; routerctl setup will report this if LAN UI is enabled" >&2
  fi
}

run_first_boot_setup() {
  [ "$run_setup" = "1" ] || return 0
  command -v routerctl >/dev/null 2>&1 || fail "routerctl was not installed"
  if [ -r /dev/tty ] && [ -w /dev/tty ]; then
    echo "Starting Rizoma Router first-boot setup on /dev/tty." >/dev/tty
    routerctl setup </dev/tty >/dev/tty
  else
    echo "Rizoma Router package installed. Run first-boot setup from the router console:" >&2
    echo "  sudo routerctl setup" >&2
  fi
}

require_root
case "$channel" in
  stable|beta|canary) ;;
  *) fail "unsupported channel $channel; supported: stable, beta, canary" ;;
esac

if command -v apt-get >/dev/null 2>&1; then
  install_apt
elif command -v dnf >/dev/null 2>&1; then
  install_dnf
else
  fail "unsupported OS: apt-get or dnf is required"
fi

echo "Rizoma Router package installed from $repo_url ($channel)."
run_first_boot_setup