package nebula_entrypoint

import (
	"cryptic-net/yamlutil"
	"fmt"
	"io/fs"
	"log"
	"net"
	"path/filepath"
	"strconv"

	crypticnet "cryptic-net"

	"github.com/cryptic-io/pmux/pmuxlib"
)

func Main() {

	env, err := crypticnet.ReadEnv()

	if err != nil {
		log.Fatalf("reading envvars: %v", err)
	}

	var (
		lighthouseHostIPs []string
		staticHostMap     = map[string][]string{}
	)

	for _, host := range env.Hosts {

		if host.Nebula.PublicAddr == "" {
			continue
		}

		lighthouseHostIPs = append(lighthouseHostIPs, host.Nebula.IP)
		staticHostMap[host.Nebula.IP] = []string{host.Nebula.PublicAddr}
	}

	readCertFile := func(name string) string {
		if err != nil {
			return ""
		}

		path := filepath.Join("nebula", "certs", name)

		var b []byte
		if b, err = fs.ReadFile(env.BootstrapFS, path); err != nil {
			err = fmt.Errorf("reading %q from bootstrap fs: %w", path, err)
		}

		return string(b)
	}

	config := map[string]interface{}{
		"pki": map[string]string{
			"ca":   readCertFile("ca.crt"),
			"cert": readCertFile("host.crt"),
			"key":  readCertFile("host.key"),
		},
		"static_host_map": staticHostMap,
		"punchy": map[string]bool{
			"punch":   true,
			"respond": true,
		},
		"tun": map[string]interface{}{
			"dev": "cryptic-nebula1",
		},
	}

	if err != nil {
		log.Fatal(err)
	}

	if publicAddr := env.ThisDaemon().VPN.PublicAddr; publicAddr == "" {

		config["listen"] = map[string]string{
			"host": "0.0.0.0",
			"port": "0",
		}

		config["lighthouse"] = map[string]interface{}{
			"hosts": lighthouseHostIPs,
		}

	} else {

		_, port, err := net.SplitHostPort(publicAddr)

		if err != nil {
			log.Fatalf("parsing public address %q: %v", publicAddr, err)
		}

		config["listen"] = map[string]string{
			"host": "0.0.0.0",
			"port": port,
		}

		config["lighthouse"] = map[string]interface{}{
			"hosts":         []string{},
			"am_lighthouse": true,
		}
	}

	thisDaemon := env.ThisDaemon()

	var firewallInbound []crypticnet.ConfigFirewallRule

	for _, alloc := range thisDaemon.Storage.Allocations {
		firewallInbound = append(
			firewallInbound,
			crypticnet.ConfigFirewallRule{
				Port:  strconv.Itoa(alloc.APIPort),
				Proto: "tcp",
				Host:  "any",
			},
			crypticnet.ConfigFirewallRule{
				Port:  strconv.Itoa(alloc.RPCPort),
				Proto: "tcp",
				Host:  "any",
			},
			crypticnet.ConfigFirewallRule{
				Port:  strconv.Itoa(alloc.WebPort),
				Proto: "tcp",
				Host:  "any",
			},
		)
	}

	firewall := thisDaemon.VPN.Firewall

	firewall.Inbound = append(firewallInbound, firewall.Inbound...)

	config["firewall"] = firewall

	nebulaYmlPath := filepath.Join(env.RuntimeDirPath, "nebula.yml")

	if err := yamlutil.WriteYamlFile(config, nebulaYmlPath); err != nil {
		log.Fatalf("writing nebula.yml to %q: %v", nebulaYmlPath, err)
	}

	pmuxlib.Run(env.Context, pmuxlib.Config{Processes: []pmuxlib.ProcessConfig{
		{
			Name: "nebula-update-global-bucket",
			Cmd:  "cryptic-net-main",
			Args: []string{
				"nebula-update-global-bucket",
			},
			NoRestartOn: []int{0},
		},
		{
			Name: "nebula",
			Cmd:  "nebula",
			Args: []string{"-config", nebulaYmlPath},
		},
	}})
}