#!/usr/bin/env bash
set -euo pipefail

PROXMOX_HOST=${PROXMOX_HOST:-192.168.0.88}
CTID=${CTID:-103}
SSH_KEY=${SSH_KEY:-/home/piagent/projects/nimrod/.ssh/piagent_homelab}
BACKUP_DIR=${BACKUP_DIR:-/home/piagent/backups/searxng}
STAMP=$(date -u +%Y%m%dT%H%M%SZ)
ARTIFACT="$BACKUP_DIR/searxng-sanitized-config-$STAMP.tar.gz"
MANIFEST="$BACKUP_DIR/searxng-sanitized-config-$STAMP.sha256"

install -d -m 0700 "$BACKUP_DIR"

ssh -i "$SSH_KEY" -o BatchMode=yes "piagent@$PROXMOX_HOST" \
  "sudo pct exec $CTID -- bash -s" > "$ARTIFACT" <<'REMOTE'
set -euo pipefail
STAGING=$(mktemp -d)
cleanup() { rm -rf "$STAGING"; }
trap cleanup EXIT

install -d -m 0700 "$STAGING/opt/searxng/searxng" "$STAGING/etc/systemd/system"
cp /opt/searxng/docker-compose.yml "$STAGING/opt/searxng/docker-compose.yml"
cp /etc/systemd/system/searxng-compose.service "$STAGING/etc/systemd/system/searxng-compose.service"
sed -E 's/^([[:space:]]*secret_key:[[:space:]]*).*/\1"__REGENERATE_ON_RESTORE__"/' \
  /opt/searxng/searxng/settings.yml > "$STAGING/opt/searxng/searxng/settings.yml"
grep -q '__REGENERATE_ON_RESTORE__' "$STAGING/opt/searxng/searxng/settings.yml"
tar -C "$STAGING" -czf - opt etc
REMOTE

chmod 0600 "$ARTIFACT"
cd "$BACKUP_DIR"
sha256sum "$(basename "$ARTIFACT")" > "$MANIFEST"
chmod 0600 "$MANIFEST"
sha256sum -c "$MANIFEST"
echo "$ARTIFACT"