#!/usr/bin/env bash
set -euo pipefail

# Usage:
#   export K3S_NODES="node1 node2 node3"
#   export REGISTRY_USERNAME="..."
#   export REGISTRY_PASSWORD="..."
#   export REGISTRY_VIP_IP="10.0.0.2"   # optional (recommended)
#   ./ops/k3s/apply-registries.sh

if [[ -z "${K3S_NODES:-}" ]]; then
  echo "K3S_NODES is required (space-separated ssh targets)"
  exit 1
fi

if [[ -z "${REGISTRY_USERNAME:-}" || -z "${REGISTRY_PASSWORD:-}" ]]; then
  echo "REGISTRY_USERNAME and REGISTRY_PASSWORD are required"
  exit 1
fi

TMP_FILE="$(mktemp)"

sed \
  -e "s#\${REGISTRY_USERNAME}#${REGISTRY_USERNAME}#g" \
  -e "s#\${REGISTRY_PASSWORD}#${REGISTRY_PASSWORD}#g" \
  "$(dirname "$0")/registries.yaml" > "$TMP_FILE"

for node in ${K3S_NODES}; do
  echo "Applying registry config on ${node}"
  scp "$TMP_FILE" "${node}:/tmp/registries.yaml"
  ssh "$node" "sudo mkdir -p /etc/rancher/k3s && sudo mv /tmp/registries.yaml /etc/rancher/k3s/registries.yaml"

  if [[ -n "${REGISTRY_VIP_IP:-}" ]]; then
    echo "Ensuring /etc/hosts contains registry.nxtgauge.com -> ${REGISTRY_VIP_IP} on ${node}"
    ssh "$node" "sudo sh -lc 'grep -q \"\\sregistry\\.nxtgauge\\.com\\b\" /etc/hosts && sed -i \"s/^.*\\sregistry\\.nxtgauge\\.com\\b.*/${REGISTRY_VIP_IP} registry.nxtgauge.com/\" /etc/hosts || echo \"${REGISTRY_VIP_IP} registry.nxtgauge.com\" >> /etc/hosts'"
  fi

  ssh "$node" "sudo systemctl restart k3s || sudo systemctl restart k3s-agent"
  echo "Waiting for ${node} to recover..."
  sleep 8
done

rm -f "$TMP_FILE"

echo "Done: registries.yaml applied and k3s restarted on all nodes."