#!/usr/bin/env bash
# Deploy Forgejo (multi-tenant git voor agent-repos) als rootless podman
# Quadlet op p620. Idempotent — detecteert wijzigingen, restart alleen
# indien nodig.
#
# Werkt op Fedora Atomic / Silverblue zonder host-pollutie:
#   • image via podman, geen host-pkg
#   • state in podman volume `forgejo-data` (in $HOME)
#
# Usage:
#   ./scripts/p620/deploy-forgejo.sh                # deploy / update
#   ./scripts/p620/deploy-forgejo.sh --host other   # andere ssh-host

set -euo pipefail

SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"

SSH_HOST="p620"

while [[ $# -gt 0 ]]; do
    case "$1" in
        --host)    SSH_HOST="$2"; shift 2 ;;
        -h|--help) sed -n '2,13p' "$0" | sed 's/^# \?//'; exit 0 ;;
        *)         echo "✗ unknown arg: $1"; exit 1 ;;
    esac
done

echo "→ preflight op $SSH_HOST"
ssh "$SSH_HOST" 'command -v podman >/dev/null && command -v systemctl >/dev/null' \
    || { echo "✗ podman/systemctl ontbreekt op $SSH_HOST"; exit 1; }

need_restart=0

echo "→ Quadlet sync"
ssh "$SSH_HOST" 'mkdir -p ~/.config/containers/systemd'
sync_quadlet() {
    local file="$1"
    local local_h remote_h
    local_h=$(sha256sum "$SCRIPT_DIR/$file" | awk '{print $1}')
    remote_h=$(ssh "$SSH_HOST" "sha256sum ~/.config/containers/systemd/$file 2>/dev/null | awk '{print \$1}'" || true)
    if [[ "$local_h" != "$remote_h" ]]; then
        scp -q "$SCRIPT_DIR/$file" "$SSH_HOST:.config/containers/systemd/$file"
        echo "  ✓ $file bijgewerkt"
        need_restart=1
    else
        echo "  ✓ $file ongewijzigd"
    fi
}
sync_quadlet forgejo.pod
sync_quadlet forgejo.container

echo "→ systemd apply (need_restart=$need_restart)"
ssh "$SSH_HOST" 'systemctl --user daemon-reload'
if [[ "$need_restart" -eq 1 ]]; then
    ssh "$SSH_HOST" 'systemctl --user restart forgejo-pod.service && systemctl --user restart forgejo.service'
else
    ssh "$SSH_HOST" 'systemctl --user start forgejo-pod.service && systemctl --user start forgejo.service'
fi

echo -n "→ wachten tot Forgejo antwoordt op :44400 "
for _ in $(seq 1 60); do
    code=$(ssh "$SSH_HOST" "curl -s -o /dev/null -w '%{http_code}' --max-time 3 http://localhost:44400/ 2>/dev/null || echo 000")
    # 200 = up, 302 = redirect (install/login), 303 = redirect — alle drie OK
    if [[ "$code" =~ ^(200|302|303)$ ]]; then
        echo "✓ ($code)"
        echo "✓ deploy klaar — Forgejo draait op p620:44400"
        echo ""
        echo "  Volgende stappen (handmatig):"
        echo "  1. Cloudflare dashboard → tunnel 'tdd' → Public Hostnames"
        echo "     Add: git.tdd.md → HTTP localhost:44400"
        echo "  2. Open https://git.tdd.md → install wizard, maak admin user"
        echo "  3. Push deze repo naar Forgejo (zie README/instructies)"
        exit 0
    fi
    echo -n "."
    sleep 2
done
echo ""
echo "⚠ Forgejo reageert niet binnen 120s. Recente logs:"
ssh "$SSH_HOST" 'echo "--- forgejo ---"; podman logs --tail 40 forgejo 2>&1' | sed 's/^/   /'
exit 1