#!/usr/bin/env bash
# ==============================================================================
# Babycam Setup Script
# Raspberry Pi 3 + Camera Module 3 NoIR
# Raspberry Pi OS Trixie (arm64)
# ==============================================================================
set -e

REPO_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
INSTALL_DIR="/opt/babycam"
AP_INTERFACE="wlan1"
AP_IP="192.168.50.1"

RED='\033[0;31m'; GREEN='\033[0;32m'; YELLOW='\033[1;33m'; NC='\033[0m'
info()    { echo -e "${GREEN}[INFO]${NC}  $*"; }
warn()    { echo -e "${YELLOW}[WARN]${NC}  $*"; }
error()   { echo -e "${RED}[ERROR]${NC} $*"; exit 1; }

[[ $EUID -ne 0 ]] && error "Bitte als root ausführen: sudo bash setup.sh"

# ------------------------------------------------------------------------------
# 1. Pakete installieren
# ------------------------------------------------------------------------------
info "Pakete installieren..."
apt-get update -q
apt-get install -y \
  hostapd \
  dnsmasq \
  python3-flask \
  rpicam-apps \
  avahi-daemon \
  network-manager \
  iptables \
  ffmpeg

# ------------------------------------------------------------------------------
# 2. Kamera-Interface aktivieren
# ------------------------------------------------------------------------------
info "Kamera-Interface aktivieren..."
if ! grep -q "^camera_auto_detect=1" /boot/firmware/config.txt 2>/dev/null; then
  echo "camera_auto_detect=1" >> /boot/firmware/config.txt
fi
if ! grep -q "^start_x=1" /boot/firmware/config.txt 2>/dev/null; then
  echo "start_x=1" >> /boot/firmware/config.txt
fi

# ------------------------------------------------------------------------------
# 3. Projektdateien installieren
# ------------------------------------------------------------------------------
info "Verzeichnisse anlegen..."
mkdir -p /var/lib/babycam
chown pi:pi /var/lib/babycam
usermod -aG video pi
usermod -aG audio pi

info "Projektdateien nach $INSTALL_DIR kopieren..."
mkdir -p "$INSTALL_DIR"
cp -r "$REPO_DIR/app"     "$INSTALL_DIR/"
cp -r "$REPO_DIR/scripts" "$INSTALL_DIR/"
cp -r "$REPO_DIR/config"  "$INSTALL_DIR/"
chmod +x "$INSTALL_DIR/scripts/network_state.py"

# ------------------------------------------------------------------------------
# 4. hostapd konfigurieren
# ------------------------------------------------------------------------------
info "hostapd konfigurieren..."
cp "$REPO_DIR/config/hostapd.conf" /etc/hostapd/hostapd.conf
sed -i 's|#DAEMON_CONF=.*|DAEMON_CONF="/etc/hostapd/hostapd.conf"|' /etc/default/hostapd
# hostapd nicht automatisch beim Boot starten (State Machine übernimmt das)
systemctl unmask hostapd
systemctl disable hostapd

# ------------------------------------------------------------------------------
# 5. dnsmasq konfigurieren
# ------------------------------------------------------------------------------
info "dnsmasq konfigurieren..."
# Originale Config sichern
if [ -f /etc/dnsmasq.conf ] && [ ! -f /etc/dnsmasq.conf.orig ]; then
  mv /etc/dnsmasq.conf /etc/dnsmasq.conf.orig
fi
cp "$REPO_DIR/config/dnsmasq.conf" /etc/dnsmasq.conf
# dnsmasq nicht automatisch starten (State Machine übernimmt)
systemctl disable dnsmasq

# systemd-resolved: DNS-Stub deaktivieren damit Port 53 frei ist
if [ -f /etc/systemd/resolved.conf ]; then
  sed -i 's|#DNSStubListener=yes|DNSStubListener=no|' /etc/systemd/resolved.conf
  sed -i 's|DNSStubListener=yes|DNSStubListener=no|' /etc/systemd/resolved.conf
  if ! grep -q "DNSStubListener=no" /etc/systemd/resolved.conf; then
    echo "DNSStubListener=no" >> /etc/systemd/resolved.conf
  fi
  systemctl restart systemd-resolved
fi

# ------------------------------------------------------------------------------
# 6. polkit: pi darf NetworkManager steuern (für WLAN-Verbindungen im Webinterface)
# ------------------------------------------------------------------------------
info "polkit-Regel für NetworkManager installieren..."
mkdir -p /etc/polkit-1/rules.d
cp "$REPO_DIR/config/50-babycam-network.rules" /etc/polkit-1/rules.d/
chmod 644 /etc/polkit-1/rules.d/50-babycam-network.rules
systemctl restart polkit

# Hostname in /etc/hosts eintragen (verhindert sudo-Warnings)
HOSTNAME=$(hostname)
if ! grep -q "127.0.1.1.*$HOSTNAME" /etc/hosts; then
  sed -i "s/127.0.1.1\s*raspberrypi/127.0.1.1\t\t$HOSTNAME/" /etc/hosts || \
  echo "127.0.1.1		$HOSTNAME" >> /etc/hosts
fi

# ------------------------------------------------------------------------------
# 7. NetworkManager: wlan1 als unmanaged markieren
# ------------------------------------------------------------------------------
info "wlan1 aus NetworkManager-Verwaltung nehmen..."
mkdir -p /etc/NetworkManager/conf.d
cat > /etc/NetworkManager/conf.d/99-unmanaged.conf << EOF
[keyfile]
unmanaged-devices=interface-name:wlan1
EOF
systemctl reload NetworkManager || systemctl restart NetworkManager

# ------------------------------------------------------------------------------
# 7. IP-Forwarding aktivieren (für Internet-Sharing AP → Heimnetz)
# ------------------------------------------------------------------------------
info "IP-Forwarding aktivieren..."
if ! grep -q "^net.ipv4.ip_forward=1" /etc/sysctl.conf; then
  echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf
fi
sysctl -w net.ipv4.ip_forward=1 > /dev/null

# iptables NAT-Regel (wlan0 → wlan1 Sharing)
iptables -t nat -C POSTROUTING -o wlan0 -j MASQUERADE 2>/dev/null || \
  iptables -t nat -A POSTROUTING -o wlan0 -j MASQUERADE

# Regel persistent speichern
apt-get install -y iptables-persistent -q || true
netfilter-persistent save 2>/dev/null || true

# ------------------------------------------------------------------------------
# 8. Systemd Services installieren
# ------------------------------------------------------------------------------
info "Systemd Services installieren..."
cp "$REPO_DIR/systemd/babycam-web.service"     /etc/systemd/system/
cp "$REPO_DIR/systemd/babycam-network.service" /etc/systemd/system/

systemctl daemon-reload
systemctl enable babycam-web.service
systemctl enable babycam-network.service

# ------------------------------------------------------------------------------
# 9. Flask braucht Port 80 → als root oder via authbind
# ------------------------------------------------------------------------------
info "Flask Port 80 erlauben..."
apt-get install -y authbind -q
touch /etc/authbind/byport/80
chmod 500 /etc/authbind/byport/80
chown pi /etc/authbind/byport/80

# Service anpassen um authbind zu nutzen
sed -i 's|ExecStart=/usr/bin/python3|ExecStart=/usr/bin/authbind --deep /usr/bin/python3|' \
  /etc/systemd/system/babycam-web.service
systemctl daemon-reload

# ------------------------------------------------------------------------------
# Fertig
# ------------------------------------------------------------------------------
echo ""
echo -e "${GREEN}========================================${NC}"
echo -e "${GREEN}  Babycam Setup abgeschlossen!${NC}"
echo -e "${GREEN}========================================${NC}"
echo ""
echo "  Webinterface:  http://babycam.local"
echo "  AP-SSID:       BabyCam"
echo "  AP-Passwort:   babycam123"
echo "  AP-IP:         192.168.50.1"
echo ""
warn "Kamera-Ribbon-Kabel verbunden? Kamera wird nach Neustart erkannt."
echo ""
info "Neustart in 5 Sekunden... (Ctrl+C zum Abbrechen)"
sleep 5
reboot