#!/usr/bin/env bash
set -euo pipefail

# Deploy later-phase DBIS RTGS sidecars when artifacts are available.
# Usage:
#   ./scripts/deployment/deploy-dbis-rtgs-later-phase-sidecars.sh [--dry-run]

HOST="${PROXMOX_HOST_R630_02:-192.168.11.12}"
SSH_OPTS="-o BatchMode=yes -o ConnectTimeout=15 -o StrictHostKeyChecking=accept-new"

SECT_VMID="${RTGS_SECURITIES_VMID:-5808}"
CARD_VMID="${RTGS_CARDNET_VMID:-5809}"
MT103_VMID="${RTGS_MT103_VMID:-5810}"

SECT_JAR="${RTGS_SECURITIES_JAR:-/home/intlc/projects/HYBX_Sidecars/securities-sidecar/securities-app/target/securities-app-1.0.0-SNAPSHOT.jar}"
CARD_JAR="${RTGS_CARDNET_JAR:-/home/intlc/projects/HYBX_Sidecars/card-networks-sidecar/cardnet-app/target/cardnet-app-1.0.0-SNAPSHOT.jar}"
MT103_BIN="${RTGS_MT103_BIN:-/home/intlc/projects/HYBX_Sidecars/mt103-hardcopy-sidecar/server}"

OMNL_BASE_URL="${OMNL_FINERACT_BASE_URL:-http://192.168.11.85:8080/fineract-provider/api/v1}"
OMNL_TENANT="${OMNL_FINERACT_TENANT:-omnl}"
OMNL_USER="${OMNL_FINERACT_USER:-}"
OMNL_PASSWORD="${OMNL_FINERACT_PASSWORD:-}"
MT103_DATABASE_URL="${MT103_DATABASE_URL:-postgres://localhost/mt103_sidecar?sslmode=disable}"

DRY_RUN=false
if [[ "${1:-}" == "--dry-run" ]]; then
  DRY_RUN=true
fi

run_remote() {
  local vmid="$1"
  local cmd="$2"
  if $DRY_RUN; then
    echo "[DRY-RUN][CT $vmid] $cmd"
  else
    ssh $SSH_OPTS "root@$HOST" "pct exec $vmid -- bash -lc $(printf '%q' "$cmd")"
  fi
}

push_file() {
  local vmid="$1"
  local src="$2"
  local dest="$3"
  if $DRY_RUN; then
    echo "[DRY-RUN][CT $vmid] copy $src -> $dest"
  else
    ssh $SSH_OPTS "root@$HOST" "pct exec $vmid -- mkdir -p $(dirname "$dest")"
    ssh $SSH_OPTS "root@$HOST" "cat > /tmp/$(basename "$dest")" < "$src"
    ssh $SSH_OPTS "root@$HOST" "pct push $vmid /tmp/$(basename "$dest") $dest >/dev/null && rm -f /tmp/$(basename "$dest")"
  fi
}

require_file() {
  local path="$1"
  if [[ ! -f "$path" ]]; then
    echo "Missing required artifact: $path" >&2
    exit 1
  fi
}

setup_java_runtime() {
  local vmid="$1"
  run_remote "$vmid" "export DEBIAN_FRONTEND=noninteractive && apt-get update && apt-get install -y openjdk-21-jre-headless redis-server curl ca-certificates"
  run_remote "$vmid" "systemctl enable redis-server --now"
}

setup_go_runtime() {
  local vmid="$1"
  run_remote "$vmid" "export DEBIAN_FRONTEND=noninteractive && apt-get update && apt-get install -y curl ca-certificates"
}

deploy_java_sidecar() {
  local vmid="$1"
  local svc="$2"
  local jar="$3"
  local env_content="$4"
  require_file "$jar"
  setup_java_runtime "$vmid"
  push_file "$vmid" "$jar" "/opt/dbis-rtgs/${svc}/${svc}.jar"

  local envfile unit
  envfile="$(mktemp)"
  cat > "$envfile" <<<"$env_content"
  push_file "$vmid" "$envfile" "/etc/dbis-rtgs/${svc}.env"
  rm -f "$envfile"

  unit="$(mktemp)"
  cat > "$unit" <<EOF
[Unit]
Description=DBIS RTGS ${svc}
After=network-online.target redis-server.service
Wants=network-online.target

[Service]
User=root
WorkingDirectory=/opt/dbis-rtgs/${svc}
EnvironmentFile=/etc/dbis-rtgs/${svc}.env
ExecStart=/usr/bin/java -jar /opt/dbis-rtgs/${svc}/${svc}.jar
Restart=always
RestartSec=5

[Install]
WantedBy=multi-user.target
EOF
  push_file "$vmid" "$unit" "/etc/systemd/system/dbis-rtgs-${svc}.service"
  rm -f "$unit"
  run_remote "$vmid" "mkdir -p /opt/dbis-rtgs/${svc} /etc/dbis-rtgs /var/lib/dbis-rtgs/${svc} && systemctl daemon-reload && systemctl enable dbis-rtgs-${svc} && systemctl restart dbis-rtgs-${svc}"
}

deploy_mt103() {
  require_file "$MT103_BIN"
  setup_go_runtime "$MT103_VMID"
  push_file "$MT103_VMID" "$MT103_BIN" "/opt/dbis-rtgs/mt103/server"
  run_remote "$MT103_VMID" "chmod +x /opt/dbis-rtgs/mt103/server"

  local envfile unit
  envfile="$(mktemp)"
  cat > "$envfile" <<EOF
HTTP_PORT=8080
DATABASE_URL=${MT103_DATABASE_URL}
STORAGE_BASE_PATH=/var/lib/dbis-rtgs/mt103/storage
AUTH_MODE=none
EOF
  push_file "$MT103_VMID" "$envfile" "/etc/dbis-rtgs/mt103.env"
  rm -f "$envfile"

  unit="$(mktemp)"
  cat > "$unit" <<'EOF'
[Unit]
Description=DBIS RTGS mt103-hardcopy-sidecar
After=network-online.target
Wants=network-online.target

[Service]
User=root
WorkingDirectory=/opt/dbis-rtgs/mt103
EnvironmentFile=/etc/dbis-rtgs/mt103.env
ExecStart=/opt/dbis-rtgs/mt103/server
Restart=always
RestartSec=5

[Install]
WantedBy=multi-user.target
EOF
  push_file "$MT103_VMID" "$unit" "/etc/systemd/system/dbis-rtgs-mt103.service"
  rm -f "$unit"
  run_remote "$MT103_VMID" "mkdir -p /opt/dbis-rtgs/mt103 /etc/dbis-rtgs /var/lib/dbis-rtgs/mt103/storage && systemctl daemon-reload && systemctl enable dbis-rtgs-mt103 && systemctl restart dbis-rtgs-mt103"
}

deploy_java_sidecar "$SECT_VMID" "securities" "$SECT_JAR" "$(cat <<EOF
SERVER_PORT=8080
DB_URL=jdbc:h2:file:/var/lib/dbis-rtgs/securities/securities;DB_CLOSE_ON_EXIT=FALSE
REDIS_HOST=127.0.0.1
REDIS_PORT=6379
KAFKA_BOOTSTRAP_SERVERS=
FINERACT_BASE_URL=${OMNL_BASE_URL}
FINERACT_TENANT=${OMNL_TENANT}
FINERACT_USERNAME=${OMNL_USER}
FINERACT_PASSWORD=${OMNL_PASSWORD}
EOF
)"

deploy_java_sidecar "$CARD_VMID" "cardnet" "$CARD_JAR" "$(cat <<EOF
SERVER_PORT=8080
DB_URL=jdbc:h2:file:/var/lib/dbis-rtgs/cardnet/cardnet;DB_CLOSE_ON_EXIT=FALSE
REDIS_HOST=127.0.0.1
REDIS_PORT=6379
KAFKA_BOOTSTRAP_SERVERS=
FINERACT_BASE_URL=${OMNL_BASE_URL}
FINERACT_TENANT=${OMNL_TENANT}
FINERACT_USERNAME=${OMNL_USER}
FINERACT_PASSWORD=${OMNL_PASSWORD}
EOF
)"

deploy_mt103

echo "DBIS RTGS later-phase sidecar deployment complete."