#!/bin/bash
# apply-enhancements.sh
# Apply enhancements to remaining VM files using sed

set -euo pipefail

apply_enhancements() {
    local file=$1
    
    if grep -q "chrony" "$file"; then
        echo "  ⚠️  Already enhanced, skipping"
        return 0
    fi
    
    # Create backup
    cp "$file" "${file}.backup3"
    
    # Add packages after lsb-release
    sed -i '/- lsb-release$/a\        - chrony\n        - unattended-upgrades\n        - apt-listchanges' "$file"
    
    # Add NTP configuration after package_upgrade
    sed -i '/package_upgrade: true/a\      \n      # Time synchronization (NTP)\n      ntp:\n        enabled: true\n        ntp_client: chrony\n        servers:\n          - 0.pool.ntp.org\n          - 1.pool.ntp.org\n          - 2.pool.ntp.org\n          - 3.pool.ntp.org' "$file"
    
    # Update package verification
    sed -i 's/for pkg in qemu-guest-agent curl wget net-tools; do/for pkg in qemu-guest-agent curl wget net-tools chrony unattended-upgrades; do/' "$file"
    
    # Add security config before final_message (complex, will do manually for key files)
    # This requires careful insertion
    
    echo "  ✅ Enhanced (partial - manual final_message update needed)"
}

echo "Applying enhancements to remaining files..."
echo ""

# Process remaining SMOM-DBIS-138 files
for file in examples/production/smom-dbis-138/{sentry-{02,03,04},rpc-node-{01,02,03,04},services,blockscout,monitoring,management}.yaml; do
    if [ -f "$file" ]; then
        echo "Processing $(basename $file)..."
        apply_enhancements "$file"
    fi
done

echo ""
echo "Note: final_message and security configs need manual update"
echo "Use sentry-01.yaml as template"