#!/usr/bin/env bash
set -euo pipefail

SCRIPT_DIR="$(cd -- "$(dirname -- "${BASH_SOURCE[0]}")" && pwd)"
PLATFORM_REPO="$(cd -- "${SCRIPT_DIR}/../.." && pwd)"
NAS_ROOT="${NAS_ROOT:-/Volumes/docker/nodedc-platform}"
LAUNCHER_REPO="${LAUNCHER_REPO:-}"

if [[ ! -d "${NAS_ROOT}" ]]; then
  echo "NAS_ROOT not found: ${NAS_ROOT}" >&2
  echo "Set NAS_ROOT=/path/to/nodedc-platform when the Synology share is mounted elsewhere." >&2
  exit 1
fi

mkdir -p "${NAS_ROOT}/platform" "${NAS_ROOT}/authentik/custom-templates"

rsync -av \
  "${PLATFORM_REPO}/infra/synology/docker-compose.platform-http.yml" \
  "${NAS_ROOT}/platform/docker-compose.platform-http.yml"

rsync -av \
  "${PLATFORM_REPO}/infra/synology/Caddyfile.http" \
  "${NAS_ROOT}/platform/Caddyfile.http"

rsync -av \
  "${PLATFORM_REPO}/infra/synology/deploy-current.sh" \
  "${PLATFORM_REPO}/infra/synology/backup-current.sh" \
  "${NAS_ROOT}/platform/"

rsync -av --delete \
  "${PLATFORM_REPO}/infra/authentik/custom-templates/" \
  "${NAS_ROOT}/authentik/custom-templates/"

if [[ -n "${LAUNCHER_REPO}" ]]; then
  if [[ ! -d "${LAUNCHER_REPO}" ]]; then
    echo "LAUNCHER_REPO not found: ${LAUNCHER_REPO}" >&2
    exit 1
  fi

  mkdir -p "${NAS_ROOT}/launcher/source"
  rsync -av --delete \
    --exclude='.git/' \
    --exclude='node_modules/' \
    --exclude='dist/' \
    --exclude='server/storage/*' \
    --exclude='public/storage/uploads/*' \
    "${LAUNCHER_REPO}/" \
    "${NAS_ROOT}/launcher/source/"
else
  echo "LAUNCHER_REPO is not set; launcher source was not synced."
fi

cat <<'EOF'

Synced files to NAS mount. Run on Synology to apply runtime changes:

cd /volume1/docker/nodedc-platform/platform
sudo mkdir -p ../launcher/server-storage ../launcher/uploads
sudo chown -R 1000:1000 ../launcher/server-storage ../launcher/uploads
sudo chmod -R u+rwX,g+rwX ../launcher/server-storage ../launcher/uploads

cd /volume1/docker/nodedc-platform/launcher/source
sudo /usr/local/bin/docker build -t nodedc/launcher:local .

cd /volume1/docker/nodedc-platform/platform
sudo /usr/local/bin/docker compose \
  --env-file /volume1/docker/nodedc-platform/platform/.env.synology \
  -f /volume1/docker/nodedc-platform/platform/docker-compose.platform-http.yml \
  up -d --force-recreate launcher reverse-proxy authentik-server authentik-worker

Verify:

sudo /usr/local/bin/docker exec nodedc-platform-launcher-1 sh -lc \
  'touch /app/server/storage/.write-test && rm /app/server/storage/.write-test && echo storage-ok'

curl -k -sS --compressed https://id.nodedc.ru/if/flow/default-authentication-flow/ \
  | grep -aE 'hub.nodedc.ru|launcher.local|getLauncherBaseUrl|Запросить доступ'
EOF