#!/usr/bin/env bash
#
# Install Metacrypt on a systemd-based Linux system.
#
# Usage: sudo ./install.sh /path/to/metacrypt
#
set -euo pipefail

BINARY="${1:?Usage: $0 /path/to/metacrypt}"
INSTALL_DIR="/usr/local/bin"
SRV_DIR="/srv/metacrypt"
BACKUP_DIR="${SRV_DIR}/backups"
CERTS_DIR="${SRV_DIR}/certs"
SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
DEPLOY_DIR="$(dirname "$SCRIPT_DIR")"

echo "==> Creating metacrypt user and group"
if ! getent group metacrypt >/dev/null 2>&1; then
    groupadd --system metacrypt
fi
if ! getent passwd metacrypt >/dev/null 2>&1; then
    useradd --system --gid metacrypt --home-dir "$SRV_DIR" --shell /usr/sbin/nologin metacrypt
fi

echo "==> Installing binary"
install -m 0755 "$BINARY" "$INSTALL_DIR/metacrypt"

echo "==> Creating directories"
install -d -m 0750 -o metacrypt -g metacrypt "$SRV_DIR"
install -d -m 0750 -o metacrypt -g metacrypt "$CERTS_DIR"
install -d -m 0700 -o metacrypt -g metacrypt "$BACKUP_DIR"

echo "==> Installing configuration"
if [ ! -f "$SRV_DIR/metacrypt.toml" ]; then
    install -m 0640 -o metacrypt -g metacrypt "$DEPLOY_DIR/examples/metacrypt.toml" "$SRV_DIR/metacrypt.toml"
    echo "    Installed default config to $SRV_DIR/metacrypt.toml"
    echo "    >>> Edit this file before starting the service <<<"
else
    echo "    Config already exists at $SRV_DIR/metacrypt.toml — skipping"
fi

echo "==> Installing systemd units"
install -m 0644 "$DEPLOY_DIR/systemd/metacrypt.service" /etc/systemd/system/
install -m 0644 "$DEPLOY_DIR/systemd/metacrypt-backup.service" /etc/systemd/system/
install -m 0644 "$DEPLOY_DIR/systemd/metacrypt-backup.timer" /etc/systemd/system/
systemctl daemon-reload

echo "==> Done"
echo ""
echo "Next steps:"
echo "  1. Place TLS cert and key in $CERTS_DIR/"
echo "  2. Edit $SRV_DIR/metacrypt.toml"
echo "  3. Initialize:  metacrypt init --config $SRV_DIR/metacrypt.toml"
echo "  4. Start:       systemctl enable --now metacrypt"
echo "  5. Backups:     systemctl enable --now metacrypt-backup.timer"