#!/bin/bash
# LibrePortal task-processor systemd helper — the only root-privileged management
# of the libreportal.service unit the manager may trigger. Installed root:root
# 0755 to /usr/local/sbin by init.sh. Self-contained: it GENERATES the unit from
# config (mode + install-user uid + the baked manager name + fixed script paths)
# — it does NOT accept unit content from the caller (that would be root: an
# arbitrary systemd unit runs anything as root). So the scoped sudoers can allow
# it instead of blanket `sudo tee /etc/systemd/...` + `sudo systemctl`.
#
# Idempotent: only rewrites + daemon-reloads + restarts when the unit changed,
# else just ensures it's enabled + running (no needless restart of in-flight work).

set -u

[[ $EUID -eq 0 ]] || { echo "libreportal-svc: must run as root" >&2; exit 1; }

MANAGER="__MANAGER__"
[[ "$MANAGER" == "__MANAGER__" || -z "$MANAGER" ]] && MANAGER="libreportal"

SERVICE_FILE="/etc/systemd/system/libreportal.service"
INSTALL_SCRIPTS_DIR="/docker/install/scripts"
TASK_PROCESSOR="$INSTALL_SCRIPTS_DIR/crontab/task/crontab_task_processor.sh"
DB_CFG="/docker/configs/general/general_docker_install"

_mode() {
    local m
    m=$(grep -h '^CFG_DOCKER_INSTALL_TYPE=' "$DB_CFG" 2>/dev/null | head -1 | cut -d= -f2 | awk '{print $1}')
    echo "${m:-rootless}"
}

_gen_unit() {
    local env_block=""
    if [[ "$(_mode)" == "rootless" ]]; then
        local u uid
        u=$(grep -h '^CFG_DOCKER_INSTALL_USER=' "$DB_CFG" 2>/dev/null | head -1 | cut -d= -f2 | awk '{print $1}')
        uid=$(id -u "${u:-dockerinstall}" 2>/dev/null)
        if [[ -n "$uid" ]]; then
            env_block="Environment=DOCKER_HOST=unix:///run/user/${uid}/docker.sock
Environment=XDG_RUNTIME_DIR=/run/user/${uid}"
        fi
    fi
    cat <<EOF
[Unit]
Description=LibrePortal Task Processor
After=network.target
Wants=network.target

[Service]
Type=simple
User=$MANAGER
Group=$MANAGER
WorkingDirectory=$INSTALL_SCRIPTS_DIR
ExecStart=$TASK_PROCESSOR start_script
Restart=always
RestartSec=5
SyslogIdentifier=libreportal
${env_block}

# Security
PrivateTmp=true

[Install]
WantedBy=multi-user.target
EOF
}

install_unit() {
    local desired current=""
    desired="$(_gen_unit)"
    [[ -f "$SERVICE_FILE" ]] && current="$(cat "$SERVICE_FILE" 2>/dev/null)"
    if [[ "$desired" != "$current" ]]; then
        printf '%s\n' "$desired" > "$SERVICE_FILE"
        systemctl daemon-reload
        systemctl enable libreportal.service >/dev/null 2>&1
        systemctl restart libreportal.service
        echo "updated"
    else
        systemctl enable libreportal.service >/dev/null 2>&1
        systemctl is-active --quiet libreportal.service || systemctl start libreportal.service
        echo "unchanged"
    fi
}

action="${1:-}"
case "$action" in
    install) install_unit ;;
    enable)  systemctl enable libreportal.service >/dev/null 2>&1 ;;
    restart) systemctl restart libreportal.service ;;
    start)   systemctl start libreportal.service ;;
    status)  systemctl is-active libreportal.service ;;
    *) echo "usage: libreportal-svc {install|enable|restart|start|status}" >&2; exit 2 ;;
esac
