#!/bin/bash
# postinst for edgeguard-api — creates system user, filesystem layout,
# initialises PostgreSQL (role + db + migrations), enables systemd
# units. Each step idempotent; safe to re-run on every upgrade.
set -e

export LC_ALL=C
export LANG=C

EG_USER="edgeguard"
EG_HOME="/var/lib/edgeguard"

case "$1" in
    configure)
        # ── System user ──────────────────────────────────────────────
        if ! getent passwd "$EG_USER" >/dev/null; then
            adduser --system --group --home "$EG_HOME" \
                    --shell /usr/sbin/nologin --no-create-home \
                    --gecos "EdgeGuard daemon" "$EG_USER"
        fi

        # ── Directories ──────────────────────────────────────────────
        for d in /etc/edgeguard /var/lib/edgeguard /var/log/edgeguard \
                 /etc/edgeguard/haproxy /etc/edgeguard/nginx \
                 /etc/edgeguard/squid /etc/edgeguard/wireguard \
                 /etc/edgeguard/unbound /etc/edgeguard/nftables.d \
                 /etc/edgeguard/tls; do
            install -d -m 0750 -o "$EG_USER" -g "$EG_USER" "$d"
        done

        # ── Pre-flight: validate embedded migration set ──────────────
        # Catches duplicate version prefixes BEFORE we touch the DB,
        # so a broken upgrade can't half-apply migrations and leave
        # the cluster wedged (mail-gateway 2026-05-08 incident).
        if ! /usr/bin/edgeguard-ctl migrate check; then
            echo "postinst: embedded migrations failed validation — aborting" >&2
            exit 1
        fi

        # ── PostgreSQL: ensure role + database exist ─────────────────
        # Requires postgresql-16 (or -17) running locally — guaranteed
        # by Depends. Idempotent — re-runs on upgrade are no-ops.
        if ! /usr/bin/edgeguard-ctl initdb; then
            echo "postinst: edgeguard-ctl initdb failed — aborting" >&2
            exit 1
        fi

        # ── Apply pending schema migrations ──────────────────────────
        if ! sudo -n -u "$EG_USER" /usr/bin/edgeguard-ctl migrate up; then
            echo "postinst: edgeguard-ctl migrate up failed — aborting" >&2
            exit 1
        fi

        # ── systemd ──────────────────────────────────────────────────
        systemctl daemon-reload
        systemctl enable --now edgeguard-api.service edgeguard-scheduler.service || true
        ;;

    abort-upgrade|abort-remove|abort-deconfigure)
        ;;

    *)
        echo "postinst called with unknown argument \`$1'" >&2
        exit 1
        ;;
esac

#DEBHELPER#

exit 0
