#!/bin/bash
#
# Volt Platform - Installation Script
#

set -euo pipefail

# Configuration
INSTALL_DIR="${INSTALL_DIR:-/usr/local}"
CONFIG_DIR="${CONFIG_DIR:-/etc/volt}"
DATA_DIR="${DATA_DIR:-/var/lib/volt}"
RUN_DIR="${RUN_DIR:-/var/run/volt}"

# Colors
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
BLUE='\033[0;34m'
NC='\033[0m'

log() { echo -e "${GREEN}[volt]${NC} $1"; }
info() { echo -e "${BLUE}[volt]${NC} $1"; }
warn() { echo -e "${YELLOW}[volt]${NC} $1"; }
error() { echo -e "${RED}[volt]${NC} $1" >&2; }

check_root() {
    if [[ $EUID -ne 0 ]]; then
        error "This script must be run as root"
        exit 1
    fi
}

check_dependencies() {
    log "Checking dependencies..."
    
    local missing=()
    
    # Required commands
    for cmd in ip iptables mount; do
        if ! command -v "$cmd" &>/dev/null; then
            missing+=("$cmd")
        fi
    done
    
    # Kernel features
    if [[ ! -d /sys/fs/cgroup/unified ]] && [[ ! -d /sys/fs/cgroup/memory ]]; then
        warn "Cgroups v2 recommended but not detected"
    fi
    
    # Landlock support
    if [[ ! -f /sys/kernel/security/landlock/abi_version ]]; then
        warn "Landlock not available (kernel >= 5.13 required for full functionality)"
    fi
    
    if [[ ${#missing[@]} -gt 0 ]]; then
        error "Missing required commands: ${missing[*]}"
        exit 1
    fi
    
    log "Dependencies OK"
}

create_directories() {
    log "Creating directories..."
    
    mkdir -p "$INSTALL_DIR/bin"
    mkdir -p "$CONFIG_DIR"
    mkdir -p "$DATA_DIR"/{vms,kernels,images,storage}
    mkdir -p "$RUN_DIR"
    
    # Set permissions
    chmod 755 "$CONFIG_DIR"
    chmod 755 "$DATA_DIR"
    chmod 755 "$RUN_DIR"
}

install_binaries() {
    log "Installing binaries..."
    
    # Build if source available
    if [[ -f "go.mod" ]]; then
        info "Building from source..."
        go build -o "$INSTALL_DIR/bin/volt" ./cmd/volt
    else
        # Download pre-built binary
        local arch=$(uname -m)
        case "$arch" in
            x86_64) arch="amd64" ;;
            aarch64) arch="arm64" ;;
        esac
        
        info "Downloading pre-built binary..."
        curl -fsSL "https://get.voltvisor.io/volt-linux-${arch}" -o "$INSTALL_DIR/bin/volt"
    fi
    
    chmod +x "$INSTALL_DIR/bin/volt"
    
    # Create volt-runtime symlink
    ln -sf "$INSTALL_DIR/bin/volt" "$INSTALL_DIR/bin/volt-runtime"
}

install_configs() {
    log "Installing configurations..."
    
    # Copy kernel configs
    if [[ -d "configs/kernels" ]]; then
        cp -r configs/kernels "$CONFIG_DIR/"
    fi
    
    # Copy image definitions
    if [[ -d "configs/images" ]]; then
        cp -r configs/images "$CONFIG_DIR/"
    fi
    
    # Copy seccomp profiles
    if [[ -d "configs/seccomp" ]]; then
        cp -r configs/seccomp "$CONFIG_DIR/"
    fi
    
    # Copy systemd units
    if [[ -d "configs/systemd" ]]; then
        cp configs/systemd/*.service /etc/systemd/system/ 2>/dev/null || true
    fi
    
    # Main config file
    if [[ ! -f "$CONFIG_DIR/config.yaml" ]]; then
        cat > "$CONFIG_DIR/config.yaml" << 'EOF'
# Volt Platform Configuration

# Directories
data_dir: /var/lib/volt
run_dir: /var/run/volt

# Networking
network:
  bridge: volt0
  subnet: 10.100.0.0/16
  enable_nat: true

# Defaults
defaults:
  kernel: kernel-server
  memory: 256M
  cpus: 1

# Security
security:
  verify_signatures: true
  require_sbom: true
  block_cve_severity: high

# Logging
logging:
  level: info
  format: json
EOF
    fi
}

setup_networking() {
    log "Setting up networking..."
    
    # Create bridge if it doesn't exist
    if ! ip link show volt0 &>/dev/null; then
        ip link add volt0 type bridge
        ip addr add 10.100.0.1/16 dev volt0
        ip link set volt0 up
    fi
    
    # Enable IP forwarding
    sysctl -w net.ipv4.ip_forward=1 > /dev/null
    
    # Setup NAT
    iptables -t nat -C POSTROUTING -s 10.100.0.0/16 -j MASQUERADE 2>/dev/null || \
        iptables -t nat -A POSTROUTING -s 10.100.0.0/16 -j MASQUERADE
    
    # Allow forwarding
    iptables -C FORWARD -i volt0 -j ACCEPT 2>/dev/null || \
        iptables -A FORWARD -i volt0 -j ACCEPT
    iptables -C FORWARD -o volt0 -j ACCEPT 2>/dev/null || \
        iptables -A FORWARD -o volt0 -j ACCEPT
}

setup_systemd() {
    log "Setting up systemd services..."
    
    # Main service
    cat > /etc/systemd/system/volt.service << 'EOF'
[Unit]
Description=Volt Platform Runtime
After=network.target
Wants=network.target

[Service]
Type=simple
ExecStart=/usr/local/bin/volt daemon
Restart=always
RestartSec=5

[Install]
WantedBy=multi-user.target
EOF

    # Reload systemd
    systemctl daemon-reload
}

print_summary() {
    echo ""
    log "================================================"
    log "Volt Platform installed successfully!"
    log "================================================"
    echo ""
    info "Binary:  $INSTALL_DIR/bin/volt"
    info "Config:  $CONFIG_DIR/config.yaml"
    info "Data:    $DATA_DIR"
    echo ""
    info "Quick start:"
    echo "  volt vm create my-server --image volt/server"
    echo "  volt vm start my-server"
    echo "  volt vm ssh my-server"
    echo ""
    info "Desktop VM:"
    echo "  volt desktop create my-desktop --image volt/desktop-productivity"
    echo "  volt desktop connect my-desktop"
    echo ""
    info "Kubernetes nodes:"
    echo "  volt k8s node add --count 100"
    echo ""
}

main() {
    echo ""
    log "Volt Platform Installer"
    log "=========================="
    echo ""
    
    check_root
    check_dependencies
    create_directories
    install_binaries
    install_configs
    setup_networking
    setup_systemd
    print_summary
}

# Run if executed directly
if [[ "${BASH_SOURCE[0]}" == "${0}" ]]; then
    main "$@"
fi