proxmox/scripts/update-oracle-publisher-coingecko-key.sh

#!/usr/bin/env bash
# Update Oracle Publisher Service with CoinGecko API Key
# Location: VMID 3500, /opt/oracle-publisher/.env

set -euo pipefail

SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
PROJECT_ROOT="$(cd "$SCRIPT_DIR/.." && pwd)"
# shellcheck source=/dev/null
source "${PROJECT_ROOT}/config/ip-addresses.conf" 2>/dev/null || true

# Colors
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
BLUE='\033[0;34m'
NC='\033[0m'

log_info() { echo -e "${BLUE}[INFO]${NC} $1"; }
log_success() { echo -e "${GREEN}[✓]${NC} $1"; }
log_warn() { echo -e "${YELLOW}[⚠]${NC} $1"; }
log_error() { echo -e "${RED}[✗]${NC} $1"; }

# Oracle Publisher LXC 3500 is on r630-02 (2026-03-28+)
PROXMOX_HOST="${PROXMOX_ORACLE_PUBLISHER_HOST:-${PROXMOX_HOST_R630_02:-192.168.11.12}}"
ORACLE_VMID="${ORACLE_VMID:-3500}"
COINGECKO_API_KEY="${COINGECKO_API_KEY:?COINGECKO_API_KEY must be set. Export from .env or use: export COINGECKO_API_KEY=your-key}"

echo ""
echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
echo "🔑 Update Oracle Publisher with CoinGecko API Key"
echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
echo ""

# Check if VMID exists
log_info "Checking if Oracle Publisher container (VMID $ORACLE_VMID) exists..."
if ! ssh "root@$PROXMOX_HOST" "pct list | grep -q $ORACLE_VMID"; then
    log_error "Container VMID $ORACLE_VMID not found on $PROXMOX_HOST"
    log_info "Please verify the Oracle Publisher service is deployed"
    exit 1
fi
log_success "Container found"

# Check if .env file exists
log_info "Checking for .env file..."
if ! ssh "root@$PROXMOX_HOST" "pct exec $ORACLE_VMID -- test -f /opt/oracle-publisher/.env"; then
    log_warn ".env file not found, creating it..."
    ssh "root@$PROXMOX_HOST" "pct exec $ORACLE_VMID -- bash -c 'mkdir -p /opt/oracle-publisher && touch /opt/oracle-publisher/.env && chown oracle:oracle /opt/oracle-publisher/.env && chmod 600 /opt/oracle-publisher/.env'"
fi
log_success ".env file ready"

# Update .env file
log_info "Updating .env file with CoinGecko API key..."

# Read current .env to preserve other settings
CURRENT_ENV=$(ssh "root@$PROXMOX_HOST" "pct exec $ORACLE_VMID -- cat /opt/oracle-publisher/.env" 2>/dev/null || echo "")

# Update or add COINGECKO_API_KEY
if echo "$CURRENT_ENV" | grep -q "^COINGECKO_API_KEY="; then
    # Update existing key
    ssh "root@$PROXMOX_HOST" "pct exec $ORACLE_VMID -- bash -c 'sed -i \"s|^COINGECKO_API_KEY=.*|COINGECKO_API_KEY=$COINGECKO_API_KEY|\" /opt/oracle-publisher/.env'"
    log_success "Updated COINGECKO_API_KEY"
else
    # Add new key
    ssh "root@$PROXMOX_HOST" "pct exec $ORACLE_VMID -- bash -c 'echo \"COINGECKO_API_KEY=$COINGECKO_API_KEY\" >> /opt/oracle-publisher/.env'"
    log_success "Added COINGECKO_API_KEY"
fi

# Update DATA_SOURCE_1_URL to include API key
# NOTE: Do not use sed with the URL in the replacement string — query params contain "&", which sed treats as "matched text".
log_info "Updating DATA_SOURCE_1_URL with API key..."
NEW_URL="https://api.coingecko.com/api/v3/simple/price?ids=ethereum&vs_currencies=usd&x_cg_demo_api_key=$COINGECKO_API_KEY"
# Double-quote value for systemd EnvironmentFile (ampersands in URL).
ssh "root@$PROXMOX_HOST" "pct exec $ORACLE_VMID -- bash -c 'grep -v \"^DATA_SOURCE_1_URL=\" /opt/oracle-publisher/.env > /tmp/op.env.$$ && mv /tmp/op.env.$$ /opt/oracle-publisher/.env && printf \"%s\\n\" \"DATA_SOURCE_1_URL=\\\"$NEW_URL\\\"\" >> /opt/oracle-publisher/.env'"
log_success "DATA_SOURCE_1_URL set (grep+append, quoted for systemd)"

# Ensure DATA_SOURCE_1_PARSER is set correctly
log_info "Ensuring DATA_SOURCE_1_PARSER is set..."
if echo "$CURRENT_ENV" | grep -q "^DATA_SOURCE_1_PARSER="; then
    ssh "root@$PROXMOX_HOST" "pct exec $ORACLE_VMID -- bash -c 'sed -i \"s|^DATA_SOURCE_1_PARSER=.*|DATA_SOURCE_1_PARSER=ethereum.usd|\" /opt/oracle-publisher/.env'"
else
    ssh "root@$PROXMOX_HOST" "pct exec $ORACLE_VMID -- bash -c 'echo \"DATA_SOURCE_1_PARSER=ethereum.usd\" >> /opt/oracle-publisher/.env'"
fi
log_success "DATA_SOURCE_1_PARSER configured"

# Set proper permissions
log_info "Setting file permissions..."
ssh "root@$PROXMOX_HOST" "pct exec $ORACLE_VMID -- bash -c 'chown oracle:oracle /opt/oracle-publisher/.env && chmod 600 /opt/oracle-publisher/.env'"
log_success "Permissions set"

# Verify configuration
log_info "Verifying configuration..."
VERIFIED_KEY=$(ssh "root@$PROXMOX_HOST" "pct exec $ORACLE_VMID -- grep '^COINGECKO_API_KEY=' /opt/oracle-publisher/.env | cut -d= -f2" || echo "")
VERIFIED_URL=$(ssh "root@$PROXMOX_HOST" "pct exec $ORACLE_VMID -- grep '^DATA_SOURCE_1_URL=' /opt/oracle-publisher/.env | cut -d= -f2-" || echo "")

if [ "$VERIFIED_KEY" = "$COINGECKO_API_KEY" ]; then
    log_success "CoinGecko API key verified (length ${#VERIFIED_KEY} chars; value not logged)"
else
    log_error "API key verification failed"
    exit 1
fi

if echo "$VERIFIED_URL" | grep -q "x_cg_demo_api_key=$COINGECKO_API_KEY"; then
    log_success "DATA_SOURCE_1_URL includes API key"
else
    log_warn "DATA_SOURCE_1_URL may not include API key correctly"
fi

# Restart service if it exists
log_info "Checking if oracle-publisher service exists..."
if ssh "root@$PROXMOX_HOST" "pct exec $ORACLE_VMID -- systemctl list-units --type=service | grep -q oracle-publisher"; then
    log_info "Restarting oracle-publisher service..."
    ssh "root@$PROXMOX_HOST" "pct exec $ORACLE_VMID -- systemctl restart oracle-publisher" || {
        log_warn "Service restart failed (may not be running)"
    }
    sleep 2
    if ssh "root@$PROXMOX_HOST" "pct exec $ORACLE_VMID -- systemctl is-active --quiet oracle-publisher"; then
        log_success "Service restarted successfully"
    else
        log_warn "Service may not be active (check status manually)"
    fi
else
    log_warn "oracle-publisher service not found (may need to be created)"
fi

echo ""
log_success "Oracle Publisher CoinGecko API key update complete!"
echo ""
log_info "Next steps:"
echo "  1. Verify service is running: ssh root@$PROXMOX_HOST \"pct exec $ORACLE_VMID -- systemctl status oracle-publisher\""
echo "  2. Check service logs: ssh root@$PROXMOX_HOST \"pct exec $ORACLE_VMID -- journalctl -u oracle-publisher -n 50\""
echo "  3. Verify price updates: Check oracle contract for recent price updates"
echo ""