#!/usr/bin/env bash
# deploy_tb.sh — Thunderbolt bridge deploy (Bash 3 compatible)

set -eo pipefail

# ---------- EDIT THESE ----------
get_mgmt_ip() {
  case "$1" in
    baobab) echo "192.168.2.91" ;;
    ebony)  echo "192.168.2.92" ;;
    tapia)  echo "192.168.2.93" ;;
    *)      echo "" ;;
  esac
}
get_tb_ip() {
  case "$1" in
    baobab) echo "192.168.10.91" ;;
    ebony)  echo "192.168.10.92" ;;
    tapia)  echo "192.168.10.93" ;;
    *)      echo "" ;;
  esac
}
# --------------------------------

TARGETS=("$@")
if [ ${#TARGETS[@]} -eq 0 ]; then
  TARGETS=(baobab ebony tapia)
fi

SSH_USER="root"
SSH_OPTS="-o BatchMode=yes -o ConnectTimeout=5 -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null"
BASE_DIR="$(pwd)"

COMMON_UDEV="$BASE_DIR/common/udev/rules.d/90-thunderbolt-net-systemd.rules"
COMMON_SVC1="$BASE_DIR/common/systemd/system/tb-enlist@.service"
COMMON_SVC2="$BASE_DIR/common/systemd/system/tb-bridge.service"
COMMON_SVC3="$BASE_DIR/common/systemd/system/tb-recover.service"
COMMON_TMR1="$BASE_DIR/common/systemd/system/tb-recover.timer"
COMMON_BIN1="$BASE_DIR/common/sbin/tb-recover.sh"

require() {
  for f in "$@"; do
    [ -f "$f" ] || { echo "Missing required file: $f" >&2; exit 1; }
  done
}

# try mgmt IP first, then TB IP; print chosen IP and return 0 if SSH works
pick_ip() {
  local host="$1" ip=""
  ip="$(get_mgmt_ip "$host")"
  if [ -n "$ip" ] && ssh $SSH_OPTS -q "${SSH_USER}@${ip}" true 2>/dev/null; then
    echo "$ip"; return 0
  fi
  ip="$(get_tb_ip "$host")"
  if [ -n "$ip" ] && ssh $SSH_OPTS -q "${SSH_USER}@${ip}" true 2>/dev/null; then
    echo "$ip"; return 0
  fi
  # fall back to mgmt for error messaging
  ip="$(get_mgmt_ip "$host")"
  [ -n "$ip" ] && echo "$ip"
  return 1
}

deploy_node() {
  local host="$1"
  local node_dir="$BASE_DIR/$host"
  [ -d "$node_dir" ] || { echo "No node directory: $node_dir" >&2; exit 1; }

  local ip
  ip="$(pick_ip "$host")" || {
    echo "!! [$host] SSH not reachable on $(get_mgmt_ip "$host") or $(get_tb_ip "$host")). Fix IPs or firewall." >&2
    exit 1
  }

  echo "==> [$host@$ip] prepare remote dirs"
  ssh $SSH_OPTS "${SSH_USER}@${ip}" "mkdir -p /etc/udev/rules.d /etc/systemd/system /etc/network/interfaces.d /usr/local/sbin"

  echo "==> [$host@$ip] copy COMMON files"
  scp -q "$COMMON_UDEV" "${SSH_USER}@${ip}:/etc/udev/rules.d/90-thunderbolt-net-systemd.rules"
  scp -q "$COMMON_SVC1" "${SSH_USER}@${ip}:/etc/systemd/system/tb-enlist@.service"
  scp -q "$COMMON_SVC2" "${SSH_USER}@${ip}:/etc/systemd/system/tb-bridge.service"
  scp -q "$COMMON_SVC3" "${SSH_USER}@${ip}:/etc/systemd/system/tb-recover.service"
  scp -q "$COMMON_TMR1" "${SSH_USER}@${ip}:/etc/systemd/system/tb-recover.timer"
  scp -q "$COMMON_BIN1" "${SSH_USER}@${ip}:/usr/local/sbin/tb-recover.sh"

  echo "==> [$host@$ip] copy NODE config"
  require "$node_dir/etc/network/interfaces" "$node_dir/etc/network/interfaces.d/10-thunderbolt"
  scp -q "$node_dir/etc/network/interfaces" "${SSH_USER}@${ip}:/etc/network/interfaces"
  scp -q "$node_dir/etc/network/interfaces.d/10-thunderbolt" "${SSH_USER}@${ip}:/etc/network/interfaces.d/10-thunderbolt"

  echo "==> [$host@$ip] enable + reload"
  ssh $SSH_OPTS "${SSH_USER}@${ip}" bash -s <<'EOF'
set -e
chmod 0644 /etc/udev/rules.d/90-thunderbolt-net-systemd.rules
chmod 0644 /etc/systemd/system/tb-enlist@.service
chmod 0644 /etc/systemd/system/tb-bridge.service
chmod 0644 /etc/systemd/system/tb-recover.service
chmod 0644 /etc/systemd/system/tb-recover.timer
chmod 0755 /usr/local/sbin/tb-recover.sh
systemctl daemon-reload
udevadm control --reload
command -v ifreload >/dev/null 2>&1 && ifreload -a || true
systemctl enable --now tb-bridge.service
systemctl enable --now tb-recover.timer
systemctl start tb-recover.service
udevadm trigger --subsystem-match=net --action=add
EOF

  echo "==> [$host@$ip] status"
  ssh $SSH_OPTS "${SSH_USER}@${ip}" bash -s <<'EOF'
set -e
systemctl --no-pager --plain --full status tb-bridge.service | sed -n '1,6p'
systemctl --no-pager --plain --full status tb-recover.timer | sed -n '1,8p'
systemctl --no-pager --plain --full list-units 'tb-enlist@*.service' | sed -n '1,12p' || true
ip -d link show thunderbridge | sed -n '1,3p'
bridge link | grep -E 'thunderbolt|thunderbridge' || true
EOF

  echo "==> [$host@$ip] done."
  echo
}

require "$COMMON_UDEV" "$COMMON_SVC1" "$COMMON_SVC2" "$COMMON_SVC3" "$COMMON_TMR1" "$COMMON_BIN1"

for h in "${TARGETS[@]}"; do
  deploy_node "$h"
done

echo "All done. Go poke the cables and watch systemd behave."