#!/usr/bin/env bash
# ╔═══════════════════════════════════════════════════════╗
# ║   NexaCore AI VPS — n8n Template v1.0.0              ║
# ╚═══════════════════════════════════════════════════════╝
# Usage:
#   DOMAIN=n8n.yourdomain.com bash <(curl -s https://templates.nexacore.cl/v1/n8n/install.sh)
set -euo pipefail

VERSION="1.0.0"
TEMPLATE_NAME="n8n Automation"
SERVICE_NAME="n8n"
DEFAULT_PORT="5678"

SCRIPTS_URL="${NEXACORE_SCRIPTS_URL:-https://templates.nexacore.cl/scripts/common}"
_LOCAL_SCRIPTS="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)/../../.."

source_lib() {
  local lib="$1"
  local local_path="${_LOCAL_SCRIPTS}/scripts/common/${lib}"
  if [[ -f "$local_path" ]]; then source "$local_path"
  else source <(curl -fsSL "${SCRIPTS_URL}/${lib}") || { echo "[✘] Failed: ${lib}"; exit 1; }
  fi
}

source_lib utils.sh
source_lib install_docker.sh
source_lib install_caddy.sh
source_lib setup_firewall.sh
source_lib setup_fail2ban.sh
source_lib setup_ssh.sh
source_lib setup_directories.sh
source_lib setup_logging.sh

DOMAIN="${DOMAIN:-}"
N8N_USER="${N8N_USER:-admin}"
APP_DIR="${NEXACORE_BASE_DIR}/apps/${SERVICE_NAME}"
export NEXACORE_LOG_FILE="${NEXACORE_LOG_DIR}/install-${SERVICE_NAME}.log"

prompt_config() {
  if [[ -z "$DOMAIN" ]]; then
    echo -e "${Y}Enter domain (e.g. n8n.yourdomain.com):${X}"; read -r DOMAIN
    [[ -n "$DOMAIN" ]] || die "Domain required"
  fi
}

deploy_n8n() {
  local password; password=$(gen_password 20)
  local enc_key; enc_key=$(gen_secret 32)
  mkdir -p "${APP_DIR}" "${NEXACORE_BASE_DIR}/data/${SERVICE_NAME}"

  cat > "${APP_DIR}/.env" <<EOF
# NexaCore — n8n — $(date)
N8N_BASIC_AUTH_ACTIVE=true
N8N_BASIC_AUTH_USER=${N8N_USER}
N8N_BASIC_AUTH_PASSWORD=${password}
N8N_HOST=${DOMAIN}
N8N_PORT=${DEFAULT_PORT}
N8N_PROTOCOL=https
WEBHOOK_URL=https://${DOMAIN}/
N8N_ENCRYPTION_KEY=${enc_key}
EXECUTIONS_DATA_PRUNE=true
EXECUTIONS_DATA_MAX_AGE=168
GENERIC_TIMEZONE=America/Santiago
TZ=America/Santiago
EOF
  chmod 600 "${APP_DIR}/.env"

  cat > "${APP_DIR}/docker-compose.yml" <<EOF
version: "3.9"
services:
  n8n:
    image: docker.n8n.io/n8nio/n8n:latest
    container_name: nexacore-n8n
    restart: unless-stopped
    ports:
      - "127.0.0.1:${DEFAULT_PORT}:5678"
    env_file: .env
    volumes:
      - ${NEXACORE_BASE_DIR}/data/${SERVICE_NAME}:/home/node/.n8n
    labels:
      - "com.nexacore.template=n8n"
      - "com.nexacore.version=${VERSION}"
EOF

  step "Starting n8n..."
  docker compose -f "${APP_DIR}/docker-compose.yml" up -d >> "$NEXACORE_LOG_FILE" 2>&1

  cat > "${NEXACORE_BASE_DIR}/configs/${SERVICE_NAME}/credentials.txt" <<EOF
# NexaCore — $(date)
URL=https://${DOMAIN}
USER=${N8N_USER}
PASSWORD=${password}
EOF
  chmod 600 "${NEXACORE_BASE_DIR}/configs/${SERVICE_NAME}/credentials.txt"
  echo "$password"
}

main() {
  require_root; require_ubuntu
  print_banner "$TEMPLATE_NAME"
  prompt_config

  setup_logging
  step "[1/8] Updating system..."; apt_update
  DEBIAN_FRONTEND=noninteractive apt-get upgrade -y -q >> "$NEXACORE_LOG_FILE" 2>&1
  step "[2/8] Creating directories..."; setup_directories "$SERVICE_NAME"
  step "[3/8] Installing Docker...";    install_docker
  step "[4/8] Deploying n8n...";
  local password; password=$(deploy_n8n)
  step "[5/8] Installing Caddy...";    install_caddy
  write_caddyfile "$DOMAIN" "localhost:${DEFAULT_PORT}"
  step "[6/8] Configuring firewall..."; setup_firewall
  step "[7/8] Configuring fail2ban..."; setup_fail2ban
  step "[8/8] Hardening SSH...";       setup_ssh

  print_summary "$DOMAIN" "$SERVICE_NAME" \
    "User     : ${N8N_USER}" \
    "Password : ${password}"
}

main "$@"