#!/bin/bash
source ~/.bashrc
# Enable SSH via Proxmox API
# Attempts to enable SSH service and configure root login via API

set -e

SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
PROJECT_ROOT="$(cd "$SCRIPT_DIR/../.." && pwd)"

# Load environment variables
if [ -f "$PROJECT_ROOT/.env" ]; then
    set -a
    source <(grep -v '^#' "$PROJECT_ROOT/.env" | grep -v '^$' | sed 's/#.*$//' | grep '=')
    set +a
fi

# Colors
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
BLUE='\033[0;34m'
NC='\033[0m'

log_info() {
    echo -e "${GREEN}[INFO]${NC} $1"
}

log_warn() {
    echo -e "${YELLOW}[WARN]${NC} $1"
}

log_error() {
    echo -e "${RED}[ERROR]${NC} $1"
}

PVE_USERNAME="${PVE_USERNAME:-root@pam}"
PVE_PASSWORD="${PVE_ROOT_PASS:-}"
PROXMOX_URL="${PROXMOX_ML110_URL:-https://192.168.1.206:8006}"
PROXMOX_NODE="${PROXMOX_NODE:-pve}"

get_api_token() {
    local response=$(curl -s -k --connect-timeout 10 --max-time 15 \
        -d "username=$PVE_USERNAME&password=$PVE_PASSWORD" \
        "$PROXMOX_URL/api2/json/access/ticket" 2>&1)
    
    if echo "$response" | grep -q '"data"'; then
        local ticket=$(echo "$response" | grep -o '"ticket":"[^"]*' | cut -d'"' -f4)
        local csrf_token=$(echo "$response" | grep -o '"CSRFPreventionToken":"[^"]*' | cut -d'"' -f4)
        echo "$ticket|$csrf_token"
    else
        echo ""
    fi
}

check_ssh_service() {
    local tokens=$(get_api_token)
    local ticket=$(echo "$tokens" | cut -d'|' -f1)
    local csrf_token=$(echo "$tokens" | cut -d'|' -f2)
    
    log_info "Checking SSH service status..."
    
    local services=$(curl -s -k -H "Cookie: PVEAuthCookie=$ticket" \
        -H "CSRFPreventionToken: $csrf_token" \
        "$PROXMOX_URL/api2/json/nodes/$PROXMOX_NODE/services" 2>&1)
    
    if echo "$services" | grep -q '"data"'; then
        local ssh_status=$(echo "$services" | python3 -c "
import sys, json
r = json.load(sys.stdin)
services = r.get('data', [])
ssh = [s for s in services if 'ssh' in s.get('name', '').lower()]
if ssh:
    s = ssh[0]
    print(f\"{s.get('name', 'N/A')}|{s.get('state', 'N/A')}|{s.get('enabled', 'N/A')}\")
" 2>/dev/null)
        
        if [ -n "$ssh_status" ]; then
            local name=$(echo "$ssh_status" | cut -d'|' -f1)
            local state=$(echo "$ssh_status" | cut -d'|' -f2)
            local enabled=$(echo "$ssh_status" | cut -d'|' -f3)
            
            echo "  Service: $name"
            echo "  State: $state"
            echo "  Enabled: $enabled"
            
            if [ "$state" = "running" ] && [ "$enabled" = "1" ]; then
                log_info "✓ SSH service is running and enabled"
                return 0
            else
                log_warn "SSH service needs to be started/enabled"
                return 1
            fi
        else
            log_warn "SSH service not found in services list"
            return 1
        fi
    else
        log_error "Could not query services via API"
        return 1
    fi
}

enable_ssh_service() {
    local tokens=$(get_api_token)
    local ticket=$(echo "$tokens" | cut -d'|' -f1)
    local csrf_token=$(echo "$tokens" | cut -d'|' -f2)
    
    log_info "Attempting to enable SSH service via API..."
    
    # Try to start SSH service
    local start_result=$(curl -s -k -X POST -H "Cookie: PVEAuthCookie=$ticket" \
        -H "CSRFPreventionToken: $csrf_token" \
        "$PROXMOX_URL/api2/json/nodes/$PROXMOX_NODE/services/ssh/start" 2>&1)
    
    if echo "$start_result" | grep -q '"data"'; then
        log_info "✓ SSH service started"
    else
        log_warn "Could not start SSH via API: $start_result"
    fi
    
    # Try to enable SSH service
    local enable_result=$(curl -s -k -X POST -H "Cookie: PVEAuthCookie=$ticket" \
        -H "CSRFPreventionToken: $csrf_token" \
        "$PROXMOX_URL/api2/json/nodes/$PROXMOX_NODE/services/ssh/start" 2>&1)
    
    if echo "$enable_result" | grep -q '"data"'; then
        log_info "✓ SSH service enabled"
    else
        log_warn "Could not enable SSH via API: $enable_result"
    fi
}

main() {
    echo "========================================="
    echo "Enable SSH via Proxmox API"
    echo "========================================="
    echo ""
    
    log_warn "Note: SSH configuration changes typically require shell access"
    log_warn "This script will attempt to enable SSH service, but root login"
    log_warn "configuration may need to be done via Web UI or console"
    echo ""
    
    # Check current status
    check_ssh_service
    
    echo ""
    
    # Try to enable
    enable_ssh_service
    
    echo ""
    log_info "Summary:"
    log_warn "SSH service management via API is limited"
    log_info "Recommended: Enable SSH via Proxmox Web UI:"
    log_info "  1. Node → System → Services → ssh → Start & Enable"
    log_info "  2. Node → System → Shell → Enable root login"
    log_info ""
    log_info "Or use console/physical access to run:"
    log_info "  systemctl enable ssh && systemctl start ssh"
    log_info "  sed -i 's/#PermitRootLogin.*/PermitRootLogin yes/' /etc/ssh/sshd_config"
    log_info "  systemctl restart sshd"
}

main "$@"