#!/bin/bash
#
# Zabbix Agent 2 Deployment Script - Linux ARM (aarch64 / armhf)
# Installs and configures Zabbix Agent 2 with PSK auto-registration
# Target server: zabbix.snarfnet.net
#
# Usage: sudo bash deploy_zabbix_agent_linux_arm.sh [psk_key]
#   psk_key - (optional) 128-char hex PSK. If omitted, one is generated.
#
set -euo pipefail

ZABBIX_SERVER="zabbix.snarfnet.net"
ZABBIX_VERSION="7.0.0"
PSK_IDENTITY="PSK_autoregister"
PSK_FILE="/etc/zabbix/zabbix_agent2.psk"
AGENT_CONF="/etc/zabbix/zabbix_agent2.conf"
HOST_METADATA="Linux"
INSTALL_DIR="/opt/zabbix-agent2"

# --- Functions ---

log() { echo "[$(date '+%Y-%m-%d %H:%M:%S')] $*"; }

detect_arch() {
    ARCH=$(uname -m)
    case "${ARCH}" in
        aarch64|arm64)
            ARCH_LABEL="aarch64"
            TARBALL_ARCH="linux_arm64"
            ;;
        armv7l|armhf)
            ARCH_LABEL="armhf"
            TARBALL_ARCH="linux_arm"
            ;;
        armv6l)
            ARCH_LABEL="armv6"
            TARBALL_ARCH="linux_arm"
            ;;
        *)
            log "ERROR: Unsupported architecture '${ARCH}'."
            log "       Use deploy_zabbix_agent_linux.sh for x86_64 systems."
            exit 1
            ;;
    esac
    log "Detected architecture: ${ARCH} (${ARCH_LABEL})"
}

detect_os() {
    if [ -f /etc/os-release ]; then
        . /etc/os-release
        OS_ID="${ID}"
        OS_VERSION="${VERSION_ID%%.*}"
    else
        OS_ID="unknown"
        OS_VERSION="0"
    fi
}

install_agent_package_manager() {
    detect_os
    case "${OS_ID}" in
        debian|ubuntu|raspbian)
            log "Installing via apt (Debian/Ubuntu/Raspbian)..."
            # Determine arch string for the repo
            local dpkg_arch
            dpkg_arch=$(dpkg --print-architecture)

            wget -q "https://repo.zabbix.com/zabbix/7.0/ubuntu/pool/main/z/zabbix-release/zabbix-release_latest+ubuntu_all.deb" -O /tmp/zabbix-release.deb 2>/dev/null || \
            wget -q "https://repo.zabbix.com/zabbix/7.0/debian/pool/main/z/zabbix-release/zabbix-release_latest+debian${OS_VERSION}_all.deb" -O /tmp/zabbix-release.deb 2>/dev/null || true

            if [ -f /tmp/zabbix-release.deb ]; then
                dpkg -i /tmp/zabbix-release.deb
                apt-get update
                apt-get install -y zabbix-agent2 && { rm -f /tmp/zabbix-release.deb; return 0; }
            fi

            log "Package manager install failed, falling back to binary tarball..."
            rm -f /tmp/zabbix-release.deb
            install_agent_binary
            ;;
        *)
            log "No ARM package available for '${OS_ID}', using binary tarball..."
            install_agent_binary
            ;;
    esac
}

install_agent_binary() {
    log "Installing Zabbix Agent 2 from pre-compiled binary..."

    local tarball_url="https://cdn.zabbix.com/zabbix/binaries/stable/7.0/${ZABBIX_VERSION}/zabbix_agent2-${ZABBIX_VERSION}-${TARBALL_ARCH}-static.tar.gz"
    local tarball_path="/tmp/zabbix_agent2.tar.gz"

    log "Downloading from: ${tarball_url}"
    if ! wget -q "${tarball_url}" -O "${tarball_path}" 2>/dev/null && \
       ! curl -sL "${tarball_url}" -o "${tarball_path}" 2>/dev/null; then
        log "ERROR: Failed to download Zabbix Agent 2 binary."
        log "       URL: ${tarball_url}"
        log "       You may need to check https://www.zabbix.com/download for the correct ARM binary."
        exit 1
    fi

    # Create directories
    mkdir -p "${INSTALL_DIR}/bin"
    mkdir -p /etc/zabbix
    mkdir -p /var/log/zabbix
    mkdir -p /var/run/zabbix

    # Extract
    tar -xzf "${tarball_path}" -C "${INSTALL_DIR}" --strip-components=1 2>/dev/null || \
    tar -xzf "${tarball_path}" -C "${INSTALL_DIR}" 2>/dev/null

    # Find the binary
    local agent_bin
    agent_bin=$(find "${INSTALL_DIR}" -name "zabbix_agent2" -type f | head -1)
    if [ -z "${agent_bin}" ]; then
        log "ERROR: Could not find zabbix_agent2 binary in extracted archive."
        exit 1
    fi

    # Move binary to expected location
    cp "${agent_bin}" "${INSTALL_DIR}/bin/zabbix_agent2"
    chmod +x "${INSTALL_DIR}/bin/zabbix_agent2"
    ln -sf "${INSTALL_DIR}/bin/zabbix_agent2" /usr/sbin/zabbix_agent2

    # Create zabbix user if it doesn't exist
    if ! id -u zabbix &>/dev/null; then
        useradd -r -s /sbin/nologin -d /var/lib/zabbix -M zabbix
    fi

    chown -R zabbix:zabbix /var/log/zabbix /var/run/zabbix

    # Set config path for binary installs
    AGENT_CONF="/etc/zabbix/zabbix_agent2.conf"

    # Create systemd service
    create_systemd_service

    rm -f "${tarball_path}"
    log "Binary installation complete."
}

create_systemd_service() {
    log "Creating systemd service..."
    cat > /etc/systemd/system/zabbix-agent2.service << 'EOF'
[Unit]
Description=Zabbix Agent 2
After=syslog.target
After=network.target

[Service]
Environment="CONFFILE=/etc/zabbix/zabbix_agent2.conf"
Type=simple
Restart=on-failure
PIDFile=/var/run/zabbix/zabbix_agent2.pid
KillMode=control-group
ExecStart=/usr/sbin/zabbix_agent2 -c $CONFFILE
ExecStop=/bin/kill -SIGTERM $MAINPID
RestartSec=10s
User=zabbix
Group=zabbix

[Install]
WantedBy=multi-user.target
EOF

    systemctl daemon-reload
}

generate_psk() {
    openssl rand -hex 32
}

configure_agent() {
    local psk_key="$1"

    log "Writing PSK to ${PSK_FILE}..."
    echo "${psk_key}" > "${PSK_FILE}"
    chmod 640 "${PSK_FILE}"
    chown root:zabbix "${PSK_FILE}"

    log "Writing agent configuration to ${AGENT_CONF}..."
    # Back up existing config if present
    [ -f "${AGENT_CONF}" ] && cp "${AGENT_CONF}" "${AGENT_CONF}.bak.$(date +%s)"

    cat > "${AGENT_CONF}" << EOF
# Zabbix Agent 2 Configuration
# Auto-generated by ARM deployment script on $(date '+%Y-%m-%d %H:%M:%S')
# Architecture: ${ARCH} (${ARCH_LABEL})

Server=${ZABBIX_SERVER}
ServerActive=${ZABBIX_SERVER}
HostnameItem=system.hostname
HostMetadata=${HOST_METADATA}

# PSK Encryption
TLSConnect=psk
TLSAccept=psk
TLSPSKIdentity=${PSK_IDENTITY}
TLSPSKFile=${PSK_FILE}

# Logging
LogFile=/var/log/zabbix/zabbix_agent2.log
LogFileSize=10

# Performance
BufferSend=5
BufferSize=100
EOF

    chown root:zabbix "${AGENT_CONF}"
    chmod 644 "${AGENT_CONF}"
}

start_agent() {
    log "Enabling and starting zabbix-agent2..."
    systemctl enable zabbix-agent2
    systemctl restart zabbix-agent2

    sleep 2
    if systemctl is-active --quiet zabbix-agent2; then
        log "Zabbix Agent 2 is running."
        systemctl status zabbix-agent2 --no-pager
    else
        log "WARNING: Agent may not have started. Check logs:"
        log "  journalctl -u zabbix-agent2 -n 20"
        log "  cat /var/log/zabbix/zabbix_agent2.log"
    fi
}

# --- Main ---

if [ "$(id -u)" -ne 0 ]; then
    echo "This script must be run as root." >&2
    exit 1
fi

PSK_KEY="${1:-}"
if [ -z "${PSK_KEY}" ]; then
    PSK_KEY=$(generate_psk)
    log "Generated new PSK key."
fi

# Validate PSK is valid hex and at least 32 chars
if ! echo "${PSK_KEY}" | grep -qE '^[0-9a-fA-F]{32,128}$'; then
    log "ERROR: PSK must be a 32-128 character hex string."
    exit 1
fi

detect_arch

log "=== Zabbix Agent 2 Deployment (ARM) ==="
log "Server: ${ZABBIX_SERVER}"
log "PSK Identity: ${PSK_IDENTITY}"
log "Architecture: ${ARCH_LABEL}"

install_agent_package_manager
configure_agent "${PSK_KEY}"
start_agent

log "=== Deployment Complete ==="
log "PSK Identity: ${PSK_IDENTITY}"
log "PSK Key: ${PSK_KEY}"
log ""
log "IMPORTANT: Use this same PSK identity and key in your Zabbix server"
log "auto-registration encryption settings."