#!/usr/bin/env bash
set -euo pipefail

COMPOSE_FILE="/usr/share/csl-setup/docker-compose.yml"
PROJECT_DIR="/usr/share/csl-setup"

# Refuse to start before initialization
INIT_MARKER="/etc/csl/initialized"
RUNTIME_ENV="/etc/csl/runtime.env"
if [ -f "$RUNTIME_ENV" ]; then
  . "$RUNTIME_ENV"
fi
if [ ! -f "$INIT_MARKER" ]; then
  echo "CSL is not initialized. Run: sudo csl-setup --cli init --profile <appliance|managed> --docker-mode <rootless|rootful|auto>" >&2
  exit 1
fi

# Must mirror csl-setupd env conventions
export CSL_HOME="${CSL_HOME:-/var/lib/csl}"
# Name of the running instance (usefusl for multi-instance setups)
export CSL_INSTANCE="${CSL_INSTANCE:-prod}"
# Workspace for the current instance - holds configs, backups, volumes, etc.
export CSL_WS="${CSL_WS:-$CSL_HOME/instances/$CSL_INSTANCE}"
export GLOBAL_CONFIG_DIR="${GLOBAL_CONFIG_DIR:-${CONFIG_DIR:-$CSL_HOME/config}}"
export WS_CONFIG_DIR="${WS_CONFIG_DIR:-$CSL_WS/config}"
export CONFIG_DIR="$GLOBAL_CONFIG_DIR"
export CSL_SOCKET="${CSL_SOCKET:-/run/csl-setup/csl.sock}"
export CSL_LOG_DIR="${CSL_LOG_DIR:-/var/log/csl/setup}"

# Bind-mount the socket DIRECTORY (not the file) so the admin container keeps
# resolving the live socket inode after csl-setup restarts (which recreate the
# socket file). Relies on RuntimeDirectoryPreserve=yes (csl-setup.service)
# keeping the directory itself stable across restarts.
export CSL_SOCKET_DIR_HOST="$(dirname "$CSL_SOCKET")"                       # e.g. /run/csl-setup
export CSL_SOCKET_DIR_CONT="${CSL_SOCKET_DIR_CONT:-/run/csl-setup}"
export CSL_BG_SOCKET="${CSL_BG_SOCKET:-${CSL_SOCKET_DIR_CONT}/$(basename "$CSL_SOCKET")}"  # e.g. /run/csl-setup/csl.sock

# Map host paths
export HOST_CONFIG_PATH="${HOST_CONFIG_PATH:-$GLOBAL_CONFIG_DIR}"
export HOST_BACKUPS_PATH="${HOST_BACKUPS_PATH:-$CSL_HOME/backups}"
export HOST_LOGS_PATH="${HOST_LOGS_PATH:-$CSL_LOG_DIR}"
export HOST_INFLUX_PATH="${HOST_INFLUX_PATH:-$CSL_WS/exported_logs}"
# Runtime-user-owned dir for the admin UI's self-generated Flask secret key.
# init (run as root) creates it as cslrt:csl 0770; these are fallback defaults.
export HOST_ADMIN_PATH="${HOST_ADMIN_PATH:-$CSL_HOME/admin}"
export CSL_SECRET_KEY_FILE="${CSL_SECRET_KEY_FILE:-/app/secrets/flask_secret_key}"

# Backward-compatibility: if an old config still points to workspace backups,
# transparently switch to the new global backups location.
if [ "${HOST_BACKUPS_PATH}" = "${CSL_WS}/backups" ]; then
  HOST_BACKUPS_PATH="${CSL_HOME}/backups"
fi

# Ensure mount source directories exist before docker compose starts.
mkdir -p "$HOST_BACKUPS_PATH" "$HOST_LOGS_PATH" "$HOST_INFLUX_PATH" "$HOST_ADMIN_PATH"

# Optional image/tag + port
export ADMIN_IMG="${ADMIN_IMG:-registry.gitlab.com/aphelio/csl-administration:latest}"
export ADMIN_PORT="${ADMIN_PORT:-8060}"

# Ensure docker compose is available
command -v docker >/dev/null || { echo "docker not found"; exit 1; }
docker compose version >/dev/null 2>&1 || { echo "docker compose plugin not found"; exit 1; }

# Wait for csl-setup socket to be created by the daemon
for _ in $(seq 1 40); do
  if [ -S "$CSL_SOCKET" ]; then
    break
  fi
  sleep 0.25
done
if [ ! -S "$CSL_SOCKET" ]; then
  echo "CSL socket not found at $CSL_SOCKET. Ensure csl-setup is running." >&2
  exit 1
fi

cd "$PROJECT_DIR"

if [ "${1:-}" = "down" ]; then
  exec docker compose -f "$COMPOSE_FILE" --project-directory "$PROJECT_DIR" -p csl-admin down
fi

exec docker compose -f "$COMPOSE_FILE" --project-directory "$PROJECT_DIR" -p csl-admin up -d
