#!/usr/bin/env bash
#
# PDF OCR Hotfolder — Installer für Debian 12/13
#
# Fragt interaktiv nach dem Service-User. Unterstützt:
#   - Lokal anlegen (neuer System-User)
#   - Bereits existierender lokaler User
#   - AD-User mit lokaler UID (z.B. via SSSD/Winbind)
#

set -euo pipefail

RED='\033[0;31m'; GREEN='\033[0;32m'; YELLOW='\033[1;33m'; BLUE='\033[0;34m'; NC='\033[0m'
log_info()  { echo -e "${GREEN}[INFO]${NC} $*"; }
log_warn()  { echo -e "${YELLOW}[WARN]${NC} $*"; }
log_error() { echo -e "${RED}[ERROR]${NC} $*"; }
log_step()  { echo -e "${BLUE}==>${NC} $*"; }

if [ "${EUID}" -ne 0 ]; then
    log_error "Bitte als root ausführen: sudo ./install.sh"
    exit 1
fi

INSTALL_DIR="/opt/pdf-ocr-hotfolder"
CONFIG_DIR="/etc/pdf-ocr-hotfolder"
DATA_DIR="/var/lib/pdf-ocr-hotfolder"
LOG_DIR="/var/log/pdf-ocr-hotfolder"
SERVICE_NAME="pdf-ocr-hotfolder"

SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
REPO_DIR="$SCRIPT_DIR"

if [ ! -f "$REPO_DIR/pdf_ocr_hotfolder/__init__.py" ]; then
    log_error "Repo-Layout nicht erkannt. install.sh aus dem Repo ausführen."
    exit 1
fi

echo
echo "=========================================="
echo "  PDF OCR Hotfolder — Installation"
echo "=========================================="
echo

# ============ 1. System-Dependencies ============
log_step "Installiere System-Pakete"

apt-get update -qq
apt-get install -y --no-install-recommends \
    python3 python3-venv python3-pip \
    tesseract-ocr tesseract-ocr-deu tesseract-ocr-eng \
    ghostscript qpdf unpaper pngquant \
    icc-profiles-free \
    ca-certificates curl

log_info "System-Pakete installiert ✓"

# ============ 2. Service-User ============
log_step "Service-User konfigurieren"

read -r -p "Service-User-Name [pdfocr]: " SERVICE_USER
SERVICE_USER="${SERVICE_USER:-pdfocr}"

if id "$SERVICE_USER" &>/dev/null; then
    log_info "User '$SERVICE_USER' existiert bereits (lokal oder via AD)."
    SERVICE_GROUP="$(id -gn "$SERVICE_USER")"
    log_info "Verwende bestehende primäre Gruppe: $SERVICE_GROUP"
else
    log_warn "User '$SERVICE_USER' existiert nicht."
    read -r -p "Lokal als System-User anlegen? [J/n]: " CREATE_USER
    CREATE_USER="${CREATE_USER:-J}"
    if [[ "$CREATE_USER" =~ ^[JjYy]$ ]]; then
        adduser --system --group --home "$DATA_DIR" --shell /usr/sbin/nologin "$SERVICE_USER"
        SERVICE_GROUP="$SERVICE_USER"
        log_info "Lokaler System-User '$SERVICE_USER' angelegt ✓"
    else
        log_error "User '$SERVICE_USER' muss vor der Installation existieren (z.B. via AD/SSSD)."
        log_error "Lege ihn an oder wähle einen existierenden Namen."
        exit 1
    fi
fi

# ============ 3. Verzeichnisse ============
log_step "Verzeichnisse erstellen"

mkdir -p "$INSTALL_DIR" "$CONFIG_DIR" "$LOG_DIR"
mkdir -p "$DATA_DIR"/{incoming,outgoing,working,error}

cp -r "$REPO_DIR/pdf_ocr_hotfolder" "$INSTALL_DIR/"
cp "$REPO_DIR/requirements.txt" "$INSTALL_DIR/"
cp "$REPO_DIR/VERSION" "$INSTALL_DIR/"
echo "$REPO_DIR" > "$INSTALL_DIR/.repo_path"

if [ ! -f "$CONFIG_DIR/config.toml" ]; then
    cp "$REPO_DIR/config.example.toml" "$CONFIG_DIR/config.toml"
    log_info "Beispiel-Konfig nach $CONFIG_DIR/config.toml kopiert"
else
    log_info "Bestehende Konfig $CONFIG_DIR/config.toml bleibt unverändert"
fi

log_info "Verzeichnisse erstellt ✓"

# ============ 4. Python venv ============
log_step "Python venv anlegen"

if [ ! -d "$INSTALL_DIR/venv" ]; then
    python3 -m venv "$INSTALL_DIR/venv"
fi
"$INSTALL_DIR/venv/bin/pip" install --upgrade pip -q
"$INSTALL_DIR/venv/bin/pip" install -r "$INSTALL_DIR/requirements.txt" -q

log_info "venv bereit ✓"

# ============ 5. Berechtigungen ============
log_step "Berechtigungen setzen"

chown -R "$SERVICE_USER:$SERVICE_GROUP" "$INSTALL_DIR" "$DATA_DIR" "$LOG_DIR"
chown root:"$SERVICE_GROUP" "$CONFIG_DIR"
chmod 750 "$CONFIG_DIR"
if [ -f "$CONFIG_DIR/config.toml" ]; then
    chown root:"$SERVICE_GROUP" "$CONFIG_DIR/config.toml"
    chmod 640 "$CONFIG_DIR/config.toml"
fi

log_info "Berechtigungen gesetzt ✓"

# ============ 6. systemd-Unit ============
log_step "systemd-Unit installieren"

sed -e "s|__SERVICE_USER__|$SERVICE_USER|g" \
    -e "s|__SERVICE_GROUP__|$SERVICE_GROUP|g" \
    "$REPO_DIR/systemd/pdf-ocr-hotfolder.service" \
    > "/etc/systemd/system/${SERVICE_NAME}.service"

systemctl daemon-reload
systemctl enable "${SERVICE_NAME}.service"

log_info "systemd-Unit installiert & enabled ✓"

# ============ 7. Start ============
log_step "Service starten"
systemctl restart "${SERVICE_NAME}.service"
sleep 2
systemctl --no-pager --lines=10 status "${SERVICE_NAME}.service" || true

echo
echo "=========================================="
echo "  Installation abgeschlossen"
echo "=========================================="
echo
echo "  Konfiguration:  $CONFIG_DIR/config.toml"
echo "  Eingang:        $DATA_DIR/incoming"
echo "  Ausgang:        $DATA_DIR/outgoing"
echo "  Service-User:   $SERVICE_USER ($SERVICE_GROUP)"
echo
echo "  Logs:           journalctl -u $SERVICE_NAME -f"
echo "  Update:         sudo ./update.sh"
echo