#!/usr/bin/env bash
# ╔═══════════════════════════════════════════════════════╗
# ║   NexaCore AI VPS — Open WebUI Template v1.0.0       ║
# ╚═══════════════════════════════════════════════════════╝
# Usage:
#   DOMAIN=ai.yourdomain.com bash <(curl -s https://templates.nexacore.cl/v1/openwebui/install.sh)
set -euo pipefail

VERSION="1.0.0"
TEMPLATE_NAME="Open WebUI"
SERVICE_NAME="openwebui"
DEFAULT_PORT="3000"

SCRIPTS_URL="${NEXACORE_SCRIPTS_URL:-https://templates.nexacore.cl/scripts/common}"
_LOCAL_SCRIPTS="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)/../../.."

source_lib() {
  local lib="$1"
  local local_path="${_LOCAL_SCRIPTS}/scripts/common/${lib}"
  if [[ -f "$local_path" ]]; then source "$local_path"
  else source <(curl -fsSL "${SCRIPTS_URL}/${lib}") || { echo "[✘] Failed: ${lib}"; exit 1; }
  fi
}

source_lib utils.sh
source_lib install_docker.sh
source_lib install_caddy.sh
source_lib setup_firewall.sh
source_lib setup_fail2ban.sh
source_lib setup_ssh.sh
source_lib setup_directories.sh
source_lib setup_logging.sh

DOMAIN="${DOMAIN:-}"
APP_DIR="${NEXACORE_BASE_DIR}/apps/${SERVICE_NAME}"
export NEXACORE_LOG_FILE="${NEXACORE_LOG_DIR}/install-${SERVICE_NAME}.log"

prompt_domain() {
  if [[ -z "$DOMAIN" ]]; then
    echo -e "${Y}Enter domain (e.g. ai.yourdomain.com):${X}"
    read -r DOMAIN
    [[ -n "$DOMAIN" ]] || die "Domain required"
  fi
}

deploy_openwebui() {
  local secret; secret=$(gen_secret 32)
  mkdir -p "${APP_DIR}" "${NEXACORE_BASE_DIR}/data/${SERVICE_NAME}"

  cat > "${APP_DIR}/.env" <<EOF
# NexaCore — Open WebUI — $(date)
WEBUI_SECRET_KEY=${secret}
WEBUI_JWT_SECRET_KEY=${secret}
OLLAMA_BASE_URL=http://ollama:11434
EOF
  chmod 600 "${APP_DIR}/.env"

  cat > "${APP_DIR}/docker-compose.yml" <<EOF
version: "3.9"
services:
  openwebui:
    image: ghcr.io/open-webui/open-webui:main
    container_name: nexacore-openwebui
    restart: unless-stopped
    ports:
      - "127.0.0.1:${DEFAULT_PORT}:8080"
    env_file: .env
    volumes:
      - ${NEXACORE_BASE_DIR}/data/${SERVICE_NAME}:/app/backend/data
    labels:
      - "com.nexacore.template=openwebui"
      - "com.nexacore.version=${VERSION}"
EOF

  step "Starting Open WebUI..."
  docker compose -f "${APP_DIR}/docker-compose.yml" up -d >> "$NEXACORE_LOG_FILE" 2>&1

  cat > "${NEXACORE_BASE_DIR}/configs/${SERVICE_NAME}/credentials.txt" <<EOF
# NexaCore — $(date)
URL=https://${DOMAIN}
# First-run: create admin account via the web UI
EOF
  chmod 600 "${NEXACORE_BASE_DIR}/configs/${SERVICE_NAME}/credentials.txt"
}

main() {
  require_root; require_ubuntu
  print_banner "$TEMPLATE_NAME"
  prompt_domain

  setup_logging
  step "[1/8] Updating system..."; apt_update
  DEBIAN_FRONTEND=noninteractive apt-get upgrade -y -q >> "$NEXACORE_LOG_FILE" 2>&1
  step "[2/8] Creating directories..."; setup_directories "$SERVICE_NAME"
  step "[3/8] Installing Docker...";   install_docker
  step "[4/8] Deploying Open WebUI..."; deploy_openwebui
  step "[5/8] Installing Caddy...";    install_caddy
  write_caddyfile "$DOMAIN" "localhost:${DEFAULT_PORT}"
  step "[6/8] Configuring firewall..."; setup_firewall
  step "[7/8] Configuring fail2ban..."; setup_fail2ban
  step "[8/8] Hardening SSH...";       setup_ssh

  print_summary "$DOMAIN" "$SERVICE_NAME" \
    "Note     : Create admin account on first visit"
}

main "$@"