#!/usr/bin/env bash
# ==============================================================================
# Open WebUI Deployment Script (Docker Compose + Traefik)
# ==============================================================================
# Deploys Open WebUI behind the shared Traefik reverse proxy.
#
# Usage:  deploy-docker-open-webui.sh
#         deploy-docker-open-webui.sh --domain chat.us.an2.io
#         deploy-docker-open-webui.sh --remove [--purge] [--yes]
# ==============================================================================

set -euo pipefail

SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
source "${SCRIPT_DIR}/common.sh"

# --- Parse arguments ---
parse_args "$@"

# --- Service config ---
SERVICE_NAME="open-webui"
BASE_DIR="/opt/${SERVICE_NAME}"
CONFIG_NAME="${SERVICE_NAME}"
UNIT_NAME="${SERVICE_NAME}-docker"

# --- Handle --remove ---
if [[ "$ARG_REMOVE" == "1" ]]; then
    require_root
    do_remove "$SERVICE_NAME" "$CONFIG_NAME" "$UNIT_NAME" "$BASE_DIR"
    exit 0
fi

# --- Domain resolution: --domain > existing .env > default ---
if [[ -n "$ARG_DOMAIN" ]]; then
    DOMAIN="$ARG_DOMAIN"
elif [[ -f "${BASE_DIR}/.env" ]] && grep -q '^DOMAIN=' "${BASE_DIR}/.env"; then
    DOMAIN="$(grep '^DOMAIN=' "${BASE_DIR}/.env" | cut -d= -f2)"
else
    DOMAIN="ai.an2.io"
fi

# --- Detect current state for banner ---
traefik_status="Not found — will deploy"
if docker ps --format '{{.Names}}' 2>/dev/null | grep -q '^traefik$'; then
    traefik_status="Running"
elif [[ -f "${TRAEFIK_DIR}/docker-compose.yml" ]]; then
    traefik_status="Stopped — will start"
fi

install_mode="Fresh install"
if [[ -f "${BASE_DIR}/.env" ]]; then
    install_mode="Re-run (preserving data)"
fi

# --- Print deployment plan ---
echo ""
echo -e "${CYAN}══════════════════════════════════════════════${NC}"
echo -e "${CYAN}  Deploying Open WebUI (Docker)${NC}"
echo -e "${CYAN}══════════════════════════════════════════════${NC}"
echo -e "  Domain:      ${DOMAIN}"
echo -e "  Data:        ${BASE_DIR}"
echo -e "  Traefik:     ${traefik_status}"
echo -e "  Mode:        ${install_mode}"
echo -e "${CYAN}══════════════════════════════════════════════${NC}"
echo ""

# --- Check if already deployed and running ---
if [[ -f "${BASE_DIR}/docker-compose.yml" ]] && \
   docker ps --format '{{.Names}}' 2>/dev/null | grep -q '^open-webui$'; then
    echo -e "${GREEN}  Open WebUI is already running — nothing to do.${NC}"
    echo ""
    echo -e "  Logs:      docker logs -f open-webui"
    echo -e "  Backup:    ${SCRIPT_DIR}/backup-open-webui.sh"
    echo -e "  Remove:    $0 --remove [--purge]"
    echo ""
    exit 0
fi

# --- Shared infrastructure ---
require_root
detect_os
install_prerequisites
ensure_docker_network
ensure_traefik
configure_firewall

# --- Backup restore check ---
if check_and_restore_backup "$SERVICE_NAME"; then
    saved_domain="$DOMAIN"
    # shellcheck source=/dev/null
    source "${BASE_DIR}/.env"
    DOMAIN="$saved_domain"
else
    # --- Fresh install ---

    if [[ -f "${BASE_DIR}/.env" ]]; then
        saved_domain="$DOMAIN"
        # shellcheck source=/dev/null
        source "${BASE_DIR}/.env"
        DOMAIN="$saved_domain"
    else
        WEBUI_SECRET_KEY="$(openssl rand -hex 32)"
    fi

    info "Creating directory layout..."
    mkdir -p "${BASE_DIR}/data"

    # --- Generate .env ---
    cat > "${BASE_DIR}/.env" <<DOTENV
# Generated by deploy-docker-open-webui.sh on $(date -Iseconds)
DOMAIN=${DOMAIN}
WEBUI_SECRET_KEY=${WEBUI_SECRET_KEY}
DOTENV
    chmod 600 "${BASE_DIR}/.env"
    ok ".env written."

    # --- Generate docker-compose.yml ---
    cat > "${BASE_DIR}/docker-compose.yml" <<'COMPOSE'
services:
  open-webui:
    image: ghcr.io/open-webui/open-webui:main
    container_name: open-webui
    restart: unless-stopped
    security_opt:
      - no-new-privileges:true
    mem_limit: 4G
    volumes:
      - ./data:/app/backend/data
    environment:
      - WEBUI_SECRET_KEY
      - WEBUI_AUTH=False
      # Use host gateway so container can reach host-side Ollama
      - OLLAMA_BASE_URL=http://host.docker.internal:11434
    extra_hosts:
      - "host.docker.internal:host-gateway"
    networks:
      - traefik-public
    logging:
      driver: json-file
      options:
        max-size: "50m"
        max-file: "5"

networks:
  traefik-public:
    external: true
COMPOSE
    ok "docker-compose.yml written."
fi

# --- Always do these (fresh or restored) ---
write_traefik_dynamic_config "$CONFIG_NAME" "$DOMAIN" "http://open-webui:8080"
install_systemd_unit "$UNIT_NAME" "$BASE_DIR"
(cd "$BASE_DIR" && docker compose up -d)
wait_for_healthy "open-webui" "http://localhost:8080" 120

# --- Summary ---
echo ""
echo -e "${GREEN}══════════════════════════════════════════════${NC}"
echo -e "${GREEN}  Open WebUI deployed successfully${NC}"
echo -e "${GREEN}══════════════════════════════════════════════${NC}"
echo -e "  URL:         https://${DOMAIN}"
echo -e "  Data:        ${BASE_DIR}/data/"
echo -e "  Auth:        disabled (single-user mode)"
echo -e "  Traefik:     ${TRAEFIK_DYNAMIC_DIR}/${CONFIG_NAME}.yml"
echo -e "  Systemd:     systemctl status ${UNIT_NAME}"
echo -e "  Logs:        docker logs -f open-webui"
echo -e "${GREEN}══════════════════════════════════════════════${NC}"
echo ""