#!/bin/bash
#===============================================================================
# ШАГ 99: ФИНАЛЬНАЯ ПРОВЕРКА
#===============================================================================
# Запуск: sudo bash 02-k-git-server-deploy.99.sh
#===============================================================================

SCRIPT_DIR=$(cd "$(dirname "$0")" && pwd)
source "$SCRIPT_DIR/02-k-git-server-deploy.00.sh"

init_log
check_root

print_header "ШАГ 99: ФИНАЛЬНАЯ ПРОВЕРКА"

echo ""
echo -e "${BLUE}================================================================${NC}"
echo -e "${BLUE}  ПРОВЕРКА КОМПОНЕНТОВ СИСТЕМЫ${NC}"
echo -e "${BLUE}================================================================${NC}"

#-------------------------------------------------------------------------------
# Проверка сервисов
#-------------------------------------------------------------------------------
echo ""
echo "Статус сервисов:"
echo ""

# Gitea
if service_running gitea; then
    echo -e "  Gitea:       ${GREEN}OK${NC} (port 3000)"
else
    echo -e "  Gitea:       ${RED}FAILED${NC}"
fi

# Nginx
if service_running nginx; then
    echo -e "  Nginx:       ${GREEN}OK${NC} (ports 80, 443)"
else
    echo -e "  Nginx:       ${RED}FAILED${NC}"
fi

# SSH
if service_running sshd || service_running ssh; then
    echo -e "  SSH:         ${GREEN}OK${NC} (port 22)"
else
    echo -e "  SSH:         ${RED}FAILED${NC}"
fi

# Certbot timer
if service_running certbot.timer; then
    echo -e "  Certbot:     ${GREEN}OK${NC} (auto-renewal)"
else
    echo -e "  Certbot:     ${YELLOW}WARNING${NC} (timer not running)"
fi

#-------------------------------------------------------------------------------
# Проверка SSL
#-------------------------------------------------------------------------------
echo ""
echo "SSL-сертификат:"

CERT_PATH="/etc/letsencrypt/live/$GIT_DOMAIN/fullchain.pem"
if [[ -f "$CERT_PATH" ]]; then
    EXPIRE=$(openssl x509 -enddate -noout -in "$CERT_PATH" 2>/dev/null | cut -d= -f2)
    ISSUER=$(openssl x509 -issuer -noout -in "$CERT_PATH" 2>/dev/null | cut -d= -f2)
    echo -e "  Статус:      ${GREEN}OK${NC}"
    echo "  Истекает:    $EXPIRE"
    echo "  Издатель:    $ISSUER"
else
    echo -e "  Статус:      ${RED}НЕ НАЙДЕН${NC}"
fi

#-------------------------------------------------------------------------------
# Проверка DNS
#-------------------------------------------------------------------------------
echo ""
echo "DNS:"

if host $GIT_DOMAIN &>/dev/null; then
    GIT_IP=$(host $GIT_DOMAIN | head -1 | awk '{print $NF}')
    echo -e "  $GIT_DOMAIN: ${GREEN}$GIT_IP${NC}"
else
    echo -e "  $GIT_DOMAIN: ${RED}НЕ РЕЗОЛВИТСЯ${NC}"
fi

#-------------------------------------------------------------------------------
# Проверка доступности
#-------------------------------------------------------------------------------
echo ""
echo "Доступность:"

# HTTP check
if curl -sI "http://$GIT_DOMAIN" 2>/dev/null | head -1 | grep -q "200\|301"; then
    echo -e "  HTTP:        ${GREEN}OK${NC}"
else
    echo -e "  HTTP:        ${YELLOW}CHECK MANUALLY${NC}"
fi

# HTTPS check
if curl -skI "https://$GIT_DOMAIN" 2>/dev/null | head -1 | grep -q "200"; then
    echo -e "  HTTPS:       ${GREEN}OK${NC}"
else
    echo -e "  HTTPS:       ${YELLOW}CHECK MANUALLY${NC}"
fi

# Gitea API check
if curl -s "http://localhost:3000/api/v1/version" 2>/dev/null | grep -q "version"; then
    echo -e "  Gitea API:   ${GREEN}OK${NC}"
else
    echo -e "  Gitea API:   ${YELLOW}CHECK MANUALLY${NC}"
fi

#-------------------------------------------------------------------------------
# Проверка firewall
#-------------------------------------------------------------------------------
echo ""
echo "Firewall (nftables):"

if nft list table inet filter &>/dev/null; then
    OPEN_PORTS=$(nft list table inet filter 2>/dev/null | grep "dport" | grep -oE "dport [0-9]+" | sort -u | tr '\n' ' ')
    echo -e "  Статус:      ${GREEN}OK${NC}"
    echo "  Открытые:    $OPEN_PORTS"
else
    echo -e "  Статус:      ${YELLOW}НЕ НАСТРОЕН${NC}"
fi

#-------------------------------------------------------------------------------
# Проверка скриптов
#-------------------------------------------------------------------------------
echo ""
echo "Скрипты:"

if [[ -x /usr/local/bin/gitea-backup.sh ]]; then
    echo -e "  backup:      ${GREEN}OK${NC}"
else
    echo -e "  backup:      ${RED}MISSING${NC}"
fi

if [[ -x /usr/local/bin/gitea-restore.sh ]]; then
    echo -e "  restore:     ${GREEN}OK${NC}"
else
    echo -e "  restore:     ${RED}MISSING${NC}"
fi

if [[ -x /usr/local/bin/gitea-to-github.sh ]]; then
    echo -e "  to-github:   ${GREEN}OK${NC}"
else
    echo -e "  to-github:   ${RED}MISSING${NC}"
fi

#-------------------------------------------------------------------------------
# Итоговая информация
#-------------------------------------------------------------------------------
echo ""
echo -e "${GREEN}================================================================${NC}"
echo -e "${GREEN}  РАЗВЁРТЫВАНИЕ ЗАВЕРШЕНО${NC}"
echo -e "${GREEN}================================================================${NC}"
echo ""
echo "Веб-интерфейс:    https://$GIT_DOMAIN"
echo "SSH git clone:    git clone git@$GIT_DOMAIN:user/repo.git"
echo "HTTPS git clone:  git clone https://$GIT_DOMAIN/user/repo.git"
echo ""

if [[ -f /root/.gitea-admin-credentials ]]; then
    echo "Администратор:    см. /root/.gitea-admin-credentials"
else
    echo "Администратор:    создайте через веб-интерфейс"
fi

echo ""
echo "Полезные команды:"
echo "  Статус Gitea:      systemctl status gitea"
echo "  Логи Gitea:        journalctl -u gitea -f"
echo "  Бэкап:             /usr/local/bin/gitea-backup.sh"
echo "  Восстановление:    /usr/local/bin/gitea-restore.sh /path/to/backup"
echo ""
echo "Следующие шаги:"
echo "  1. Войдите в веб-интерфейс: https://$GIT_DOMAIN"
echo "  2. Смените пароль администратора"
echo "  3. Создайте пользователей"
echo "  4. Добавьте SSH-ключи пользователей"
echo "  5. Создайте репозитории"
echo "  6. Настройте NFS для бэкапов (опционально)"
echo ""