#!/bin/bash

# Generate Filebeat configuration from template
# This script creates a filebeat.yml configuration file with proper authentication

# Determine config directory - use CONFIG_PATH from dropshell or fallback
if [ -n "$CONFIG_PATH" ]; then
    CONFIG_DIR="$CONFIG_PATH"
elif [ -d "./config" ]; then
    CONFIG_DIR="./config"
else
    CONFIG_DIR="."
fi

# Ensure config directory exists
mkdir -p "$CONFIG_DIR"

# Generate filebeat.yml configuration
cat > "$CONFIG_DIR/filebeat.yml" << 'EOF'
# Filebeat Configuration for LogClient
# Generated by generate-config.sh

# ======================== Docker Input Configuration =========================
# Use Docker input to collect logs via Docker API
filebeat.inputs:
- type: docker
  enabled: true
  # Collect from all containers
  containers.ids:
    - '*'
  # Collect both stdout and stderr
  containers.stream: all
  # Combine partial log lines
  combine_partial: true
  # Add Docker metadata
  processors:
    - add_docker_metadata:
        host: "unix:///var/run/docker.sock"

# ======================== System Logs Configuration ==========================
- type: log
  enabled: true
  paths:
    - /var/log/syslog
    - /var/log/messages
  exclude_lines: ['^#']
  fields:
    log_type: syslog

- type: log
  enabled: true
  paths:
    - /var/log/auth.log
    - /var/log/secure
  exclude_lines: ['^#']
  fields:
    log_type: auth

# ======================== Processors Configuration ===========================
processors:
  - add_host_metadata:
      when.not.contains:
        tags: forwarded

# ======================== Output Configuration ===============================
output.logstash:
  hosts: ["${LOGSERVER_HOST}:${LOGSERVER_PORT}"]
  # SSL/TLS configuration
  ssl.enabled: true
  ssl.verification_mode: none  # Set to full in production with proper certs

  # API Key authentication
  api_key: "${API_KEY}"

  # Performance settings
  bulk_max_size: ${BULK_MAX_SIZE:-2048}
  worker: ${WORKER_THREADS:-1}
  compression_level: 3

  # Retry configuration
  max_retries: 3
  backoff.init: 1s
  backoff.max: ${MAX_BACKOFF:-60s}

# ======================== Queue Configuration ================================
queue.mem:
  events: ${QUEUE_SIZE:-4096}
  flush.min_events: 512
  flush.timeout: 5s

# ======================== Logging Configuration ==============================
logging.level: info
logging.to_files: true
logging.files:
  path: /usr/share/filebeat/data/logs
  name: filebeat
  keepfiles: 3
  permissions: 0600

# ======================== Monitoring ==========================================
monitoring.enabled: false
http.enabled: true
http.host: 0.0.0.0
http.port: 5066

# ======================== File Permissions ====================================
# Set strict permissions (disabled for Docker)
# filebeat.config.modules.path: ${path.config}/modules.d/*.yml
EOF

echo "Filebeat configuration generated at: $CONFIG_DIR/filebeat.yml"

# Validate that required environment variables are set
if [ -z "$LOGSERVER_HOST" ] || [ -z "$LOGSERVER_PORT" ] || [ -z "$API_KEY" ]; then
    echo "WARNING: Required environment variables not set"
    echo "  LOGSERVER_HOST: ${LOGSERVER_HOST:-NOT SET}"
    echo "  LOGSERVER_PORT: ${LOGSERVER_PORT:-NOT SET}"
    echo "  API_KEY: ${API_KEY:+SET}"
fi