#!/usr/bin/env bash
set -euo pipefail

# ============================================
# PeopleCounter - Auto install (Mender + Connect)
# For Raspberry Pi 4 / Raspberry Pi 5
# ============================================

# ----------------------------
# USER CONFIG (edit only if needed)
# ----------------------------
SERVER_URL="https://visionai.bbctech.it/"
SERVER_CERT_PATH=""   # leave empty for public CA (Let's Encrypt etc.)

# Where Mender reads device type (Debian package installs)
DEVICE_TYPE_FILE="/var/lib/mender/device_type"

# ----------------------------
# Helpers
# ----------------------------
log() {
  echo
  echo ">>> $*"
}

warn() {
  echo
  echo "WARNING: $*" >&2
}

die() {
  echo
  echo "ERROR: $*" >&2
  exit 1
}

need_root() {
  if [[ "${EUID:-$(id -u)}" -ne 0 ]]; then
    die "Run this script with sudo (example: curl ... | sudo bash)"
  fi
}

detect_pi_model() {
  local model=""
  model="$(tr -d '\0' </proc/device-tree/model 2>/dev/null || true)"

  if [[ -z "$model" && -r /sys/firmware/devicetree/base/model ]]; then
    model="$(tr -d '\0' </sys/firmware/devicetree/base/model 2>/dev/null || true)"
  fi

  echo "$model"
}

detect_device_type() {
  local model="$1"

  case "$model" in
    *"Raspberry Pi 4"*)
      echo "raspberrypi4"
      ;;
    *"Raspberry Pi 5"*)
      echo "raspberrypi5"
      ;;
    *)
      return 1
      ;;
  esac
}

json_escape() {
  # Minimal JSON string escaper (safe for paths/URLs)
  local s="$1"
  s="${s//\\/\\\\}"
  s="${s//\"/\\\"}"
  printf '%s' "$s"
}

# ----------------------------
# Start
# ----------------------------
need_root
export DEBIAN_FRONTEND=noninteractive

log "Detecting Raspberry Pi model"
PI_MODEL="$(detect_pi_model || true)"
if [[ -z "${PI_MODEL:-}" ]]; then
  die "Could not detect Raspberry Pi model. Is this running on a Raspberry Pi?"
fi
echo "Detected model: $PI_MODEL"

if ! DEVICE_TYPE="$(detect_device_type "$PI_MODEL")"; then
  die "Unsupported Raspberry Pi model: $PI_MODEL (supported: Pi 4 / Pi 5)"
fi
echo "Using Mender device_type: $DEVICE_TYPE"

log "Checking internet connectivity"
if ! ping -c 1 -W 2 1.1.1.1 >/dev/null 2>&1; then
  warn "No response from 1.1.1.1. Continuing, but package install may fail if there is no internet."
fi

log "Installing prerequisites"
apt-get update
apt-get install -y --no-install-recommends \
  curl ca-certificates gnupg jq

log "Downloading Mender installer helper"
curl -fLsS https://get.mender.io -o /tmp/get-mender.sh
chmod +x /tmp/get-mender.sh

log "Installing Mender Client v4 + Mender Connect"
# --force-mender-client4 ensures correct generation where supported
bash /tmp/get-mender.sh --force-mender-client4 mender-client4 mender-connect

log "Verifying Mender binaries"
command -v mender-update >/dev/null || die "mender-update not found after install"
if ! command -v mender-connect >/dev/null 2>&1; then
  warn "mender-connect binary not found in PATH (service may still exist depending on package layout)"
fi

log "Writing device type files in correct Mender format"
# IMPORTANT: file content must be exactly: device_type=<value>
install -d -m 0755 "$(dirname "$DEVICE_TYPE_FILE")"
printf 'device_type=%s\n' "$DEVICE_TYPE" > "$DEVICE_TYPE_FILE"
chmod 0644 "$DEVICE_TYPE_FILE"

# Fallback path for some layouts/tools
install -d -m 0755 /etc/mender
printf 'device_type=%s\n' "$DEVICE_TYPE" > /etc/mender/device_type
chmod 0644 /etc/mender/device_type

log "Writing /etc/mender/mender.conf (backup if exists)"
if [[ -f /etc/mender/mender.conf ]]; then
  cp -a /etc/mender/mender.conf "/etc/mender/mender.conf.bak.$(date +%Y%m%d_%H%M%S)"
fi

SERVER_URL_JSON="$(json_escape "$SERVER_URL")"
DEVICE_TYPE_FILE_JSON="$(json_escape "$DEVICE_TYPE_FILE")"

if [[ -n "$SERVER_CERT_PATH" ]]; then
  SERVER_CERT_PATH_JSON="$(json_escape "$SERVER_CERT_PATH")"
  cat > /etc/mender/mender.conf <<JSON
{
  "ServerURL": "${SERVER_URL_JSON}",
  "DeviceTypeFile": "${DEVICE_TYPE_FILE_JSON}",
  "ServerCertificate": "${SERVER_CERT_PATH_JSON}"
}
JSON
else
  cat > /etc/mender/mender.conf <<JSON
{
  "ServerURL": "${SERVER_URL_JSON}",
  "DeviceTypeFile": "${DEVICE_TYPE_FILE_JSON}"
}
JSON
fi

# Validate JSON
jq -e . /etc/mender/mender.conf >/dev/null || die "Invalid JSON in /etc/mender/mender.conf"

log "Enabling and restarting Mender services"
# Some systems may not have mender-connect service installed yet if package failed partially
systemctl enable --now mender-authd mender-updated || die "Failed to enable/start mender-authd or mender-updated"
systemctl restart mender-authd mender-updated || true

if systemctl list-unit-files | grep -q '^mender-connect\.service'; then
  systemctl enable --now mender-connect || warn "Could not enable/start mender-connect"
  systemctl restart mender-connect || warn "Could not restart mender-connect"
else
  warn "mender-connect.service not found"
fi

log "Triggering initial Mender communication (best effort)"
mender-update send-inventory || true
mender-update check-update || true

log "Debug info (important for device_type verification)"
echo "--- /proc/device-tree/model ---"
echo "$PI_MODEL"
echo
echo "--- ${DEVICE_TYPE_FILE} ---"
cat "$DEVICE_TYPE_FILE" || true
echo
echo "--- /etc/mender/device_type ---"
cat /etc/mender/device_type || true
echo
echo "--- /etc/mender/mender.conf ---"
cat /etc/mender/mender.conf || true

log "Service status"
systemctl --no-pager --full status mender-authd mender-updated mender-connect || true

log "DONE ✅"
echo "Expected Mender inventory device_type: ${DEVICE_TYPE}"
echo "If device_type is still wrong in UI, wait a few minutes and refresh inventory."
echo "If needed, reboot once:"
echo "  sudo reboot"