#!/usr/bin/env bash
# Convert Database Containers to Privileged Mode
# Recreates PostgreSQL and Redis containers as privileged to enable service startup

set -uo pipefail

# Load IP configuration
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
PROJECT_ROOT="$(cd "$SCRIPT_DIR/.." && pwd)"
source "${PROJECT_ROOT}/config/ip-addresses.conf" 2>/dev/null || true

NODE_IP="${PROXMOX_HOST_R630_01:-192.168.11.11}"
BACKUP_DIR="/tmp/container-backups-$(date +%Y%m%d-%H%M%S)"
TEMPLATE="ubuntu-22.04-standard_22.04-1_amd64.tar.zst"

log_info() { echo -e "\033[0;32m[INFO]\033[0m $1"; }
log_success() { echo -e "\033[0;32m[✓]\033[0m $1"; }
log_error() { echo -e "\033[0;31m[ERROR]\033[0m $1"; }
log_warn() { echo -e "\033[0;33m[WARN]\033[0m $1"; }

# Container configurations
declare -A CONTAINER_CONFIGS
# PostgreSQL containers
CONTAINER_CONFIGS[10000]="order-postgres:${ORDER_POSTGRES_PRIMARY:-${ORDER_POSTGRES_PRIMARY:-192.168.11.44}}/24:${NETWORK_GATEWAY:-192.168.11.1}:2:2048:8"
CONTAINER_CONFIGS[10001]="order-postgres-replica:${ORDER_POSTGRES_REPLICA:-${ORDER_POSTGRES_REPLICA:-192.168.11.45}}/24:${NETWORK_GATEWAY:-192.168.11.1}:2:2048:8"
CONTAINER_CONFIGS[10100]="dbis-postgres:${DBIS_POSTGRES_PRIMARY:-192.168.11.105}/24:${NETWORK_GATEWAY:-192.168.11.1}:2:2048:8"
CONTAINER_CONFIGS[10101]="dbis-postgres-replica:${DBIS_POSTGRES_REPLICA:-192.168.11.106}/24:${NETWORK_GATEWAY:-192.168.11.1}:2:2048:8"
# Redis containers
CONTAINER_CONFIGS[10020]="order-redis:${ORDER_REDIS_REPLICA:-${ORDER_REDIS_REPLICA:-${ORDER_REDIS_REPLICA:-192.168.11.46}}}/24:${NETWORK_GATEWAY:-192.168.11.1}:1:1024:4"
CONTAINER_CONFIGS[10120]="dbis-redis:${DBIS_REDIS_IP:-192.168.11.125}/24:${NETWORK_GATEWAY:-192.168.11.1}:1:1024:4"

backup_container() {
    local vmid="$1"
    log_info "Backing up CT $vmid..."
    
    mkdir -p "$BACKUP_DIR/$vmid"
    
    # Backup config
    ssh -o ConnectTimeout=10 -o StrictHostKeyChecking=no root@${NODE_IP} "
        pct config $vmid > $BACKUP_DIR/$vmid/config.conf 2>&1
        echo 'Config backed up'
    " && log_success "CT $vmid config backed up" || log_error "Failed to backup CT $vmid config"
}

recreate_container_privileged() {
    local vmid="$1"
    local config_line="${CONTAINER_CONFIGS[$vmid]}"
    IFS=':' read -r hostname ip gateway cores memory storage <<< "$config_line"
    
    log_info "Recreating CT $vmid as privileged..."
    
    # Stop and destroy existing container
    ssh -o ConnectTimeout=10 -o StrictHostKeyChecking=no root@${NODE_IP} "
        pct stop $vmid 2>/dev/null || true
        sleep 2
        pct destroy $vmid 2>/dev/null || true
        sleep 2
    "
    
    # Create new privileged container
    ssh -o ConnectTimeout=20 -o StrictHostKeyChecking=no root@${NODE_IP} "
        # Get storage pool name (use data as it's the lvmthin storage)
        STORAGE=\$(pvesm status | grep lvmthin | head -1 | awk '{print \$1}')
        if [ -z \"\$STORAGE\" ]; then
            STORAGE=\"data\"
        fi
        
        pct create $vmid local:vztmpl/$TEMPLATE \\
            --hostname $hostname \\
            --net0 name=eth0,bridge=vmbr0,gw=$gateway,ip=$ip,type=veth \\
            --cores $cores \\
            --memory $memory \\
            --rootfs \$STORAGE:${storage} \\
            --unprivileged 0 \\
            --features nesting=1 \\
            --ostype ubuntu \\
            --arch amd64
        
        sleep 3
        
        # Verify container exists
        if pct config $vmid >/dev/null 2>&1; then
            # Start container
            pct start $vmid
            sleep 5
            echo 'Container created and started'
        else
            echo 'Container creation failed'
            exit 1
        fi
    " && log_success "CT $vmid recreated as privileged" || log_error "Failed to recreate CT $vmid"
}

install_postgresql_privileged() {
    local vmid="$1"
    log_info "Installing PostgreSQL on privileged CT $vmid..."
    
    ssh -o ConnectTimeout=30 -o StrictHostKeyChecking=no root@${NODE_IP} "
        pct exec $vmid -- bash -c '
            export DEBIAN_FRONTEND=noninteractive
            apt-get update -qq
            apt-get install -y -qq wget ca-certificates gnupg lsb-release
            wget --quiet -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | apt-key add -
            echo \"deb http://apt.postgresql.org/pub/repos/apt \$(lsb_release -cs)-pgdg main\" > /etc/apt/sources.list.d/pgdg.list
            apt-get update -qq
            apt-get install -y -qq postgresql-15 postgresql-contrib-15
            
            # Configure PostgreSQL
            sed -i \"s/#listen_addresses = .*/listen_addresses = '\''*'\''/\" /etc/postgresql/15/main/postgresql.conf
            echo \"host all all 0.0.0.0/0 md5\" >> /etc/postgresql/15/main/pg_hba.conf
            
            # Start PostgreSQL
            systemctl start postgresql@15-main
            systemctl enable postgresql@15-main
            sleep 3
            
            systemctl is-active postgresql@15-main && echo \"PostgreSQL installed and started\" || echo \"PostgreSQL start failed\"
        '
    " && log_success "PostgreSQL installed on CT $vmid" || log_error "Failed to install PostgreSQL on CT $vmid"
}

install_redis_privileged() {
    local vmid="$1"
    log_info "Installing Redis on privileged CT $vmid..."
    
    ssh -o ConnectTimeout=20 -o StrictHostKeyChecking=no root@${NODE_IP} "
        pct exec $vmid -- bash -c '
            export DEBIAN_FRONTEND=noninteractive
            apt-get update -qq
            apt-get install -y -qq redis-server
            
            # Configure Redis
            sed -i \"s/^bind .*/bind 0.0.0.0/\" /etc/redis/redis.conf
            sed -i \"s/^protected-mode yes/protected-mode no/\" /etc/redis/redis.conf
            
            # Start Redis
            systemctl start redis-server
            systemctl enable redis-server
            sleep 2
            
            systemctl is-active redis-server && echo \"Redis installed and started\" || echo \"Redis start failed\"
        '
    " && log_success "Redis installed on CT $vmid" || log_error "Failed to install Redis on CT $vmid"
}

configure_order_databases() {
    local vmid="$1"
    log_info "Configuring Order database on CT $vmid..."
    
    ssh -o ConnectTimeout=15 -o StrictHostKeyChecking=no root@${NODE_IP} "
        pct exec $vmid -- su - postgres -c \"
            psql << 'SQL_EOF'
CREATE DATABASE order_db;
CREATE USER order_user WITH PASSWORD 'order_password';
GRANT ALL PRIVILEGES ON DATABASE order_db TO order_user;
ALTER DATABASE order_db OWNER TO order_user;
\\l order_db
SQL_EOF
        \" 2>&1
    " && log_success "Order DB configured on CT $vmid" || log_error "Failed to configure Order DB on CT $vmid"
}

configure_dbis_databases() {
    local vmid="$1"
    log_info "Configuring DBIS database on CT $vmid..."
    
    ssh -o ConnectTimeout=15 -o StrictHostKeyChecking=no root@${NODE_IP} "
        pct exec $vmid -- su - postgres -c \"
            psql << 'SQL_EOF'
CREATE DATABASE dbis_core;
CREATE USER dbis WITH PASSWORD '8cba649443f97436db43b34ab2c0e75b5cf15611bef9c099cee6fb22cc3d7771';
GRANT ALL PRIVILEGES ON DATABASE dbis_core TO dbis;
ALTER DATABASE dbis_core OWNER TO dbis;
\\l dbis_core
SQL_EOF
        \" 2>&1
    " && log_success "DBIS DB configured on CT $vmid" || log_error "Failed to configure DBIS DB on CT $vmid"
}

echo "═══════════════════════════════════════════════════════════"
echo "Convert Database Containers to Privileged Mode"
echo "═══════════════════════════════════════════════════════════"
echo ""

# Create backup directory
mkdir -p "$BACKUP_DIR"
log_info "Backup directory: $BACKUP_DIR"

# Backup all containers
log_info "Backing up container configurations..."
for vmid in 10000 10001 10100 10101 10020 10120; do
    backup_container "$vmid"
done

# Recreate PostgreSQL containers as privileged
log_info "Recreating PostgreSQL containers as privileged..."
for vmid in 10000 10001 10100 10101; do
    recreate_container_privileged "$vmid"
    sleep 3
done

# Install PostgreSQL on privileged containers
log_info "Installing PostgreSQL on privileged containers..."
for vmid in 10000 10001 10100 10101; do
    install_postgresql_privileged "$vmid"
    sleep 3
done

# Configure databases
log_info "Configuring databases..."
for vmid in 10000 10001; do
    configure_order_databases "$vmid"
    sleep 2
done

for vmid in 10100 10101; do
    configure_dbis_databases "$vmid"
    sleep 2
done

# Recreate Redis containers as privileged
log_info "Recreating Redis containers as privileged..."
for vmid in 10020 10120; do
    recreate_container_privileged "$vmid"
    sleep 3
done

# Install Redis on privileged containers
log_info "Installing Redis on privileged containers..."
for vmid in 10020 10120; do
    install_redis_privileged "$vmid"
    sleep 3
done

# Final verification
echo ""
log_info "Final Service Status:"
echo "PostgreSQL:"
for vmid in 10000 10001 10100 10101; do
    status=$(ssh -o ConnectTimeout=5 -o StrictHostKeyChecking=no root@${NODE_IP} \
        "pct exec $vmid -- systemctl is-active postgresql@15-main 2>&1 || echo 'inactive'")
    echo "  CT $vmid: $status"
done

echo "Redis:"
for vmid in 10020 10120; do
    status=$(ssh -o ConnectTimeout=5 -o StrictHostKeyChecking=no root@${NODE_IP} \
        "pct exec $vmid -- systemctl is-active redis-server 2>&1 || echo 'inactive'")
    echo "  CT $vmid: $status"
done

echo ""
log_success "Database container conversion complete!"
log_info "Backups saved to: $BACKUP_DIR"