#!/usr/bin/env bash
# Run all deployment/verification commands on the Proxmox host via SSH.
# When using SSH + pct, root is not needed: use non-root PROXMOX_USER with pct permissions
# and set PROXMOX_VMID to run commands inside an LXC container.
#
# Usage:
#   ./scripts/run-on-proxmox-via-ssh.sh
#   PROXMOX_USER=deploy PROXMOX_VMID=5700 ./scripts/run-on-proxmox-via-ssh.sh   # run in container via pct exec
#   ./scripts/run-on-proxmox-via-ssh.sh --sync
#
# Optional: PROXMOX_SSH_OPTS, PROXMOX_REPO_PATH. Repo at PROXMOX_REPO_PATH or use --sync.

set -euo pipefail

SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
PROJECT_ROOT="$(cd "$SCRIPT_DIR/.." && pwd)"

# Load IP config (same as config/ip-addresses.conf)
source "${PROJECT_ROOT}/config/ip-addresses.conf" 2>/dev/null || true

PROXMOX_HOST="${PROXMOX_HOST:-${PROXMOX_HOST_R630_01:-192.168.11.11}}"
# Non-root user with SSH and (if using pct) pct exec permissions — root not required
PROXMOX_USER="${PROXMOX_USER:-$USER}"
# When set, run commands inside LXC via pct exec (no root needed on host)
PROXMOX_VMID="${PROXMOX_VMID:-}"
# Path to the repo on the host or inside the container (when PROXMOX_VMID is set)
PROXMOX_REPO_PATH="${PROXMOX_REPO_PATH:-~/projects/proxmox}"
PROXMOX_SSH_OPTS="${PROXMOX_SSH_OPTS:--o ConnectTimeout=10 -o StrictHostKeyChecking=accept-new}"
RPC_URL="${RPC_URL_138:-http://192.168.11.211:8545}"
DO_SYNC=""

for arg in "$@"; do
  case "$arg" in
    --sync) DO_SYNC=1 ;;
  esac
done

export LC_ALL=C LANG=C

# Run a command on the host or inside the container (when PROXMOX_VMID is set, via pct exec)
run_remote() {
  local cmd="export LC_ALL=C LANG=C; $*"
  if [ -n "$PROXMOX_VMID" ]; then
    local q
    q=$(printf '%q ' "$cmd")
    ssh $PROXMOX_SSH_OPTS "$PROXMOX_USER@$PROXMOX_HOST" "pct exec $PROXMOX_VMID -- bash -c $q"
  else
    ssh $PROXMOX_SSH_OPTS "$PROXMOX_USER@$PROXMOX_HOST" "$cmd"
  fi
}

echo "=============================================="
echo "Proxmox host: $PROXMOX_USER@$PROXMOX_HOST"
[ -n "$PROXMOX_VMID" ] && echo "Container (pct): $PROXMOX_VMID"
echo "Repo path: $PROXMOX_REPO_PATH"
echo "RPC: $RPC_URL"
echo "=============================================="
echo ""

# 0) Optional: rsync repo to host (or into container: rsync to host then pct push, or use path inside container)
if [ -n "$DO_SYNC" ]; then
  echo "[0] Syncing repo to $PROXMOX_USER@$PROXMOX_HOST:$PROXMOX_REPO_PATH ..."
  if [ -n "$PROXMOX_VMID" ]; then
    ssh $PROXMOX_SSH_OPTS "$PROXMOX_USER@$PROXMOX_HOST" "pct exec $PROXMOX_VMID -- mkdir -p \"$PROXMOX_REPO_PATH\""
    rsync -az --delete \
      --exclude '.git' --exclude 'node_modules' --exclude 'venv' --exclude '__pycache__' \
      -e "ssh $PROXMOX_SSH_OPTS" \
      "$PROJECT_ROOT/" "$PROXMOX_USER@$PROXMOX_HOST:/tmp/proxmox-sync/" || { echo "WARN: rsync to host failed."; exit 1; }
    ssh $PROXMOX_SSH_OPTS "$PROXMOX_USER@$PROXMOX_HOST" "pct push $PROXMOX_VMID /tmp/proxmox-sync $PROXMOX_REPO_PATH --recursive 2>/dev/null || rsync -az /tmp/proxmox-sync/ \$(pct exec $PROXMOX_VMID -- printenv HOME)/proxmox-repo/ 2>/dev/null || true"
    echo "Note: When using VMID, ensure repo is at $PROXMOX_REPO_PATH inside the container (e.g. pct push or mount)."
  else
    run_remote "mkdir -p \"$PROXMOX_REPO_PATH\""
    rsync -az --delete \
      --exclude '.git' --exclude 'node_modules' --exclude 'venv' --exclude '__pycache__' \
      -e "ssh $PROXMOX_SSH_OPTS" \
      "$PROJECT_ROOT/" "$PROXMOX_USER@$PROXMOX_HOST:$PROXMOX_REPO_PATH/" || { echo "WARN: rsync failed."; exit 1; }
  fi
  echo ""
fi

# 1) On-chain contract check (Chain 138)
echo "[1/4] On-chain contract check (Chain 138)..."
run_remote "cd \"$PROXMOX_REPO_PATH\" && ./scripts/verify/check-contracts-on-chain-138.sh \"$RPC_URL\"" || {
  echo "WARN: check-contracts failed (RPC unreachable or repo path wrong?). Continuing."
}
echo ""

# 2) Phased deployment (smom-dbis-138) — skips phases when env set
echo "[2/4] Phased deployment (smom-dbis-138)..."
run_remote "cd \"$PROXMOX_REPO_PATH/smom-dbis-138\" && [ -f .env ] && source .env 2>/dev/null; ./scripts/deployment/deploy-all-phases.sh" || {
  echo "WARN: deploy-all-phases failed. Continuing."
}
echo ""

# 3) Phoenix Deploy API — install to /opt and enable systemd
echo "[3/4] Phoenix Deploy API (install systemd)..."
run_remote "cd \"$PROXMOX_REPO_PATH/phoenix-deploy-api\" && [ -f scripts/install-systemd.sh ] && ./scripts/install-systemd.sh" || {
  echo "WARN: phoenix-deploy-api install failed or script not found. Continuing."
}
echo ""

# 4) Blockscout verification (optional; from host that can reach Blockscout)
echo "[4/4] Blockscout contract verification..."
run_remote "cd \"$PROXMOX_REPO_PATH\" && source smom-dbis-138/.env 2>/dev/null; ./scripts/verify/run-contract-verification-with-proxy.sh" || {
  echo "WARN: Blockscout verification failed or skipped (Blockscout may be unreachable). Continuing."
}
echo ""

echo "=============================================="
echo "All commands completed on Proxmox."
echo "=============================================="