#!/bin/bash
# Cleanup Old WireGuard Docker Setup
# Purpose: Remove old WireGuard Docker stack and CoreDNS before migrating to host-based setup
# WARNING: This will stop and remove the old VPN setup!

set -euo pipefail

# Colors for output
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
BLUE='\033[0;34m'
NC='\033[0m'

print_info() {
    echo -e "${BLUE}[INFO]${NC} $1"
}

print_success() {
    echo -e "${GREEN}[SUCCESS]${NC} $1"
}

print_warning() {
    echo -e "${YELLOW}[WARNING]${NC} $1"
}

print_error() {
    echo -e "${RED}[ERROR]${NC} $1"
}

# ========================================
# Configuration
# ========================================

DEPLOYMENT_DIR="/home/michael/dev/michaelschiemer/deployment"
WIREGUARD_STACK_DIR="${DEPLOYMENT_DIR}/stacks/wireguard"
COREDNS_STACK_DIR="${DEPLOYMENT_DIR}/stacks/coredns"
ARCHIVE_DIR="${DEPLOYMENT_DIR}/wireguard-docker-archive-$(date +%Y%m%d)"

# ========================================
# Pre-flight Checks
# ========================================

print_info "WireGuard Docker Setup Cleanup Script"
echo ""
print_warning "This script will:"
echo "  - Stop WireGuard Docker container"
echo "  - Stop CoreDNS container (if exists)"
echo "  - Archive old configuration"
echo "  - Remove Docker stacks"
echo ""
print_warning "VPN access will be lost until new host-based setup is deployed!"
echo ""
read -p "Continue? (type 'yes' to proceed): " -r
if [[ ! $REPLY == "yes" ]]; then
    print_info "Aborted by user"
    exit 0
fi

# ========================================
# Stop Docker Containers
# ========================================

print_info "Stopping WireGuard Docker container..."
if [ -d "$WIREGUARD_STACK_DIR" ]; then
    cd "$WIREGUARD_STACK_DIR"
    if [ -f "docker-compose.yml" ]; then
        docker-compose down || print_warning "WireGuard container already stopped or not found"
    fi
else
    print_warning "WireGuard stack directory not found: $WIREGUARD_STACK_DIR"
fi

print_info "Stopping CoreDNS Docker container (if exists)..."
if [ -d "$COREDNS_STACK_DIR" ]; then
    cd "$COREDNS_STACK_DIR"
    if [ -f "docker-compose.yml" ]; then
        docker-compose down || print_warning "CoreDNS container already stopped or not found"
    fi
else
    print_info "CoreDNS stack directory not found (may not have existed)"
fi

# ========================================
# Archive Old Configuration
# ========================================

print_info "Creating archive of old configuration..."
mkdir -p "$ARCHIVE_DIR"

# Archive WireGuard stack
if [ -d "$WIREGUARD_STACK_DIR" ]; then
    print_info "Archiving WireGuard stack..."
    cp -r "$WIREGUARD_STACK_DIR" "$ARCHIVE_DIR/wireguard-stack"
    print_success "WireGuard stack archived to: $ARCHIVE_DIR/wireguard-stack"
fi

# Archive CoreDNS stack
if [ -d "$COREDNS_STACK_DIR" ]; then
    print_info "Archiving CoreDNS stack..."
    cp -r "$COREDNS_STACK_DIR" "$ARCHIVE_DIR/coredns-stack"
    print_success "CoreDNS stack archived to: $ARCHIVE_DIR/coredns-stack"
fi

# Archive old Ansible files
print_info "Archiving old Ansible playbooks..."
if [ -d "${DEPLOYMENT_DIR}/wireguard-old" ]; then
    cp -r "${DEPLOYMENT_DIR}/wireguard-old" "$ARCHIVE_DIR/ansible-old"
fi

# Archive nftables templates
if [ -f "${DEPLOYMENT_DIR}/ansible/templates/wireguard-nftables.nft.j2" ]; then
    mkdir -p "$ARCHIVE_DIR/ansible-templates"
    cp "${DEPLOYMENT_DIR}/ansible/templates/wireguard-nftables.nft.j2" "$ARCHIVE_DIR/ansible-templates/"
fi

# Create archive summary
cat > "$ARCHIVE_DIR/ARCHIVE_INFO.txt" <<EOF
WireGuard Docker Setup Archive
Created: $(date)

This archive contains the old WireGuard Docker-based setup that was replaced
with a host-based WireGuard configuration.

Contents:
- wireguard-stack/: Docker Compose stack for WireGuard
- coredns-stack/: Docker Compose stack for CoreDNS (if existed)
- ansible-old/: Old Ansible playbooks and configs
- ansible-templates/: Old nftables templates

To restore old setup (NOT RECOMMENDED):
1. Stop new host-based WireGuard: systemctl stop wg-quick@wg0
2. Copy stacks back: cp -r wireguard-stack ../stacks/
3. Start container: cd ../stacks/wireguard && docker-compose up -d

For new host-based setup, see:
- deployment/wireguard/README.md
- deployment/ansible/playbooks/setup-wireguard-host.yml
EOF

print_success "Archive created at: $ARCHIVE_DIR"

# ========================================
# Remove Docker Stacks
# ========================================

print_info "Removing old Docker stacks..."

read -p "Remove WireGuard Docker stack directory? (y/N): " -n 1 -r
echo
if [[ $REPLY =~ ^[Yy]$ ]]; then
    if [ -d "$WIREGUARD_STACK_DIR" ]; then
        rm -rf "$WIREGUARD_STACK_DIR"
        print_success "WireGuard Docker stack removed"
    fi
fi

read -p "Remove CoreDNS Docker stack directory? (y/N): " -n 1 -r
echo
if [[ $REPLY =~ ^[Yy]$ ]]; then
    if [ -d "$COREDNS_STACK_DIR" ]; then
        rm -rf "$COREDNS_STACK_DIR"
        print_success "CoreDNS Docker stack removed"
    fi
fi

# ========================================
# Clean up Docker Resources
# ========================================

print_info "Cleaning up Docker resources..."

# Remove WireGuard network
docker network rm wireguard-net 2>/dev/null || print_info "WireGuard network already removed"

# Remove unused volumes
print_info "Removing unused Docker volumes..."
docker volume prune -f || print_warning "Could not prune volumes"

# ========================================
# Summary
# ========================================

echo ""
print_success "=========================================="
print_success "Cleanup Complete!"
print_success "=========================================="
echo ""
echo "Archive Location: $ARCHIVE_DIR"
echo ""
print_info "Next Steps:"
echo "  1. Deploy host-based WireGuard:"
echo "     cd ${DEPLOYMENT_DIR}/ansible"
echo "     ansible-playbook playbooks/setup-wireguard-host.yml"
echo ""
echo "  2. Generate client configs:"
echo "     cd ${DEPLOYMENT_DIR}/scripts"
echo "     sudo ./generate-client-config.sh <device-name>"
echo ""
echo "  3. Verify new setup:"
echo "     sudo wg show wg0"
echo "     sudo systemctl status wg-quick@wg0"
echo ""
print_warning "Old Docker-based VPN is now inactive!"
print_info "VPN access will be restored after deploying host-based setup"
echo ""