#!/bin/bash
# shellcheck disable=SC1091
source "${AGENT_PATH}/common.sh"
_check_required_env_vars "CONTAINER_NAME" "IMAGE_REGISTRY" "IMAGE_REPO" "IMAGE_TAG" "TAILSCALE_AUTH_KEY"

# Check if auth key is set
if [ -z "$TAILSCALE_AUTH_KEY" ] || [ "$TAILSCALE_AUTH_KEY" = "" ]; then
    _die "TAILSCALE_AUTH_KEY is not set in config/service.env! Please add your Tailscale auth key."
fi

echo "Starting Tailscale container..."

# Determine if we should use userspace networking
NETWORK_MODE=""
CAP_ADD=""
DEVICE_MOUNT=""

if [ "$TAILSCALE_USERSPACE" = "true" ]; then
    echo "Using userspace networking mode..."
    TAILSCALE_EXTRA_ARGS="--tun=userspace-networking ${TAILSCALE_EXTRA_ARGS}"
else
    # Standard mode with TUN device
    CAP_ADD="--cap-add=NET_ADMIN --cap-add=SYS_MODULE"
    DEVICE_MOUNT="--device=/dev/net/tun:/dev/net/tun"
fi

# Build hostname argument if provided
HOSTNAME_ARG=""
if [ -n "$TAILSCALE_HOSTNAME" ]; then
    HOSTNAME_ARG="--hostname=${TAILSCALE_HOSTNAME}"
fi

# Build the Docker run command
DOCKER_RUN_CMD="docker run -d \
    --restart always \
    --name ${CONTAINER_NAME} \
    --network=host \
    -v ${STATE_VOLUME}:/var/lib/tailscale \
    -v /dev/net/tun:/dev/net/tun \
    ${CAP_ADD} \
    ${DEVICE_MOUNT} \
    -e TS_AUTHKEY=${TAILSCALE_AUTH_KEY} \
    -e TS_STATE_DIR=/var/lib/tailscale \
    -e TS_USERSPACE=${TAILSCALE_USERSPACE} \
    ${HOSTNAME_ARG} \
    ${IMAGE_REGISTRY}/${IMAGE_REPO}:${IMAGE_TAG} \
    tailscaled"

# Create and start the container
if ! _create_and_start_container "$DOCKER_RUN_CMD" "$CONTAINER_NAME"; then
    _die "Failed to start Tailscale container"
fi

# Give it a moment to initialize
sleep 2

# Check if the container is still running (didn't crash immediately)
if ! _is_container_running "$CONTAINER_NAME"; then
    echo "Container failed to start. Checking logs..."
    docker logs "$CONTAINER_NAME" 2>&1 | tail -20
    _die "Tailscale container exited unexpectedly. Check the TAILSCALE_AUTH_KEY and logs above."
fi

# Connect to Tailscale network
echo "Connecting to Tailscale network..."

# Build tailscale up command
TAILSCALE_UP_CMD="tailscale up --authkey=${TAILSCALE_AUTH_KEY}"

if [ -n "$TAILSCALE_HOSTNAME" ]; then
    TAILSCALE_UP_CMD="${TAILSCALE_UP_CMD} --hostname=${TAILSCALE_HOSTNAME}"
fi

if [ -n "$TAILSCALE_EXTRA_ARGS" ]; then
    TAILSCALE_UP_CMD="${TAILSCALE_UP_CMD} ${TAILSCALE_EXTRA_ARGS}"
fi

# Execute tailscale up command
if ! docker exec ${CONTAINER_NAME} ${TAILSCALE_UP_CMD}; then
    echo "Warning: Failed to connect to Tailscale network automatically."
    echo "You may need to connect manually using:"
    echo "  docker exec ${CONTAINER_NAME} tailscale up"
fi

echo ""
echo "Tailscale started successfully!"
echo "Container: ${CONTAINER_NAME}"
echo ""
echo "The device should appear as connected in your Tailscale admin console."
echo "Manage at: https://login.tailscale.com/admin/machines"