u#!/usr/bin/env bash
set -euo pipefail

LOG=/tmp/sovran-install.log
exec > >(tee -a "$LOG") 2>&1

export PATH=/run/current-system/sw/bin:$PATH

BYTES_2TB=$((2 * 1024 * 1024 * 1024 * 1024))
LOGO="/etc/sovran/logo.png"

human_size() {
  numfmt --to=iec --suffix=B "$1"
}

# ── 1. WELCOME & ROLE SELECTION ──────────────────────────────────────────

ROLE=$(zenity --list --radiolist \
  --icon="$LOGO" \
  --width=600 --height=400 \
  --title="Welcome to Sovran_SystemsOS Installer" \
  --text="<span font='28' weight='heavy'>Sovran Systems</span>\n<span font='14' style='italic' foreground='#aaaaaa'>Be Digitally Sovereign</span>\n\nPlease select your installation type:" \
  --print-column=2 \
  --column="Select" --column="Role" \
  TRUE  "Server + Desktop — Full sovereign experience: desktop, cloud, messaging, Bitcoin node." \
  FALSE "Desktop Only — Beautiful desktop without background server applications." \
  FALSE "Node Only — Full Bitcoin node with Lightning and non-KYC buying and selling." \
  || true)

if [ -z "$ROLE" ]; then
  zenity --error --icon="$LOGO" --text="Installation cancelled."
  exit 1
fi

# Normalize role to clean key
case "$ROLE" in
  Server*) ROLE="Server+Desktop" ;;
  Desktop*) ROLE="Desktop Only" ;;
  Node*) ROLE="Node (Bitcoin-only)" ;;
esac

# ── 2. FETCH DISKS ───────────────────────────────���───────────────────────

mapfile -t DISKS < <(lsblk -b -dno NAME,SIZE,TYPE,RO,TRAN -e 7,11 | awk '$3=="disk" && $4=="0" && $5!="usb" {print $1":"$2}')

if [ "${#DISKS[@]}" -eq 0 ]; then
  zenity --error --icon="$LOGO" --text="No valid internal drives found. (USB drives are ignored)"
  exit 1
fi

IFS=$'\n' DISKS_SORTED=($(printf "%s\n" "${DISKS[@]}" | sort -t: -k2,2n))
unset IFS

BOOT_DISK="${DISKS_SORTED[0]%%:*}"
BOOT_SIZE="${DISKS_SORTED[0]##*:}"

DATA_DISK=""
DATA_SIZE=""

if [ "${#DISKS_SORTED[@]}" -ge 2 ]; then
  DATA_DISK="${DISKS_SORTED[-1]%%:*}"
  DATA_SIZE="${DISKS_SORTED[-1]##*:}"
fi

if [ -n "$DATA_DISK" ] && [ "$DATA_SIZE" -lt "$BYTES_2TB" ]; then
  zenity --warning --icon="$LOGO" --width=500 \
    --text="A second disk was detected (<b>${DATA_DISK}</b>), but it is smaller than 2TB and will <b>not</b> be used as a data disk."
  DATA_DISK=""
  DATA_SIZE=""
fi

SUMMARY="<b>Boot disk:</b> /dev/${BOOT_DISK} ($(human_size "$BOOT_SIZE"))"
if [ -n "$DATA_DISK" ]; then
  SUMMARY="${SUMMARY}\n<b>Data disk:</b> /dev/${DATA_DISK} ($(human_size "$DATA_SIZE"))"
else
  SUMMARY="${SUMMARY}\n<b>Data disk:</b> none detected"
fi

# ── 3. CONFIRM ERASE ─────────────────────────────────────────────────────

CONFIRM=$(zenity --entry \
  --icon="$LOGO" \
  --width=520 \
  --title="Confirm Installation" \
  --text="⚠️  <b>This will permanently erase all data on:</b>\n\n${SUMMARY}\n\nType <b>ERASE</b> below to confirm and begin installation.")

if [ "$CONFIRM" != "ERASE" ]; then
  zenity --error --icon="$LOGO" --text="Installation cancelled. Nothing was changed."
  exit 1
fi

BOOT_PATH="/dev/${BOOT_DISK}"
DATA_PATH=""
if [ -n "$DATA_DISK" ]; then
  DATA_PATH="/dev/${DATA_DISK}"
fi

# ── 4. PARTITION & FORMAT ─────────────────────────────────────────────────

(
  if [ -n "$DATA_PATH" ]; then
    sudo disko --mode disko /etc/sovran/flake/iso/disko.nix \
      --arg device '"'"$BOOT_PATH"'"' \
      --arg dataDevice '"'"$DATA_PATH"'"'
  else
    sudo disko --mode disko /etc/sovran/flake/iso/disko.nix \
      --arg device '"'"$BOOT_PATH"'"'
  fi
  echo "DONE"
) 2>&1 | zenity --progress --pulsing \
  --icon="$LOGO" \
  --title="Preparing Drives" \
  --text="⏳ Please wait while your drives are being set up...\n\nThis may take a few minutes. Do not turn off your computer." \
  --width=520 \
  --auto-close \
  --no-cancel

# ── 5. COPY CONFIG ────────────────────────────────────────────────────────

sudo nixos-generate-config --root /mnt

cp /mnt/etc/nixos/hardware-configuration.nix /tmp/hardware-configuration.nix
sudo rm -rf /mnt/etc/nixos/*
sudo cp -a /etc/sovran/flake/* /mnt/etc/nixos/
sudo cp /tmp/hardware-configuration.nix /mnt/etc/nixos/hardware-configuration.nix

# ── 6. APPLY ROLE STATE & TEMPLATE ───────────────────────────────────────

IS_SERVER="false"
IS_DESKTOP="false"
IS_NODE="false"

case "$ROLE" in
  "Server+Desktop") IS_SERVER="true" ;;
  "Desktop Only")   IS_DESKTOP="true" ;;
  "Node (Bitcoin-only)") IS_NODE="true" ;;
esac

sudo tee /mnt/etc/nixos/role-state.nix > /dev/null <<EOF
# THIS FILE IS AUTO-GENERATED BY THE INSTALLER. DO NOT EDIT.
# To change your role later, edit custom.nix instead.
{ config, lib, ... }:
{
  sovran_systemsOS.roles.server_plus_desktop = lib.mkDefault ${IS_SERVER};
  sovran_systemsOS.roles.desktop = lib.mkDefault ${IS_DESKTOP};
  sovran_systemsOS.roles.node = lib.mkDefault ${IS_NODE};
}
EOF

sudo cp /mnt/etc/nixos/custom.template.nix /mnt/etc/nixos/custom.nix

# ── 7. VERIFY FILES ───────────────────────────────────────────────────────

for f in /mnt/etc/nixos/role-state.nix /mnt/etc/nixos/custom.nix; do
  if [ ! -f "$f" ]; then
    zenity --error --icon="$LOGO" --width=500 \
      --title="Installation Error" \
      --text="<b>A required file is missing:</b>\n\n<tt>${f}</tt>\n\nInstallation cannot continue. Please check the log at <tt>${LOG}</tt> and try again."
    exit 1
  fi
done

# ── 8. FINAL INSTALL ─────────────────────────────────────────────────────

sudo nixos-install --root /mnt --flake /mnt/etc/nixos#nixos 2>&1 | \
  zenity --progress --pulsing \
    --icon="$LOGO" \
    --title="Installing Sovran SystemsOS" \
    --text="⏳ Installing your system...\n\nThis may take 20–40 minutes depending on your internet speed.\nPlease do not turn off your computer." \
    --width=520 \
    --auto-close \
    --no-cancel

# ── 9. COMPLETE ───────────────────────────────────────────────────────────

zenity --info \
  --icon="$LOGO" \
  --width=600 \
  --title="Installation Complete 🎉" \
  --text="<b><span size='large'>Installation Successful!</span></b>

Please write down your login details before rebooting:

<b>Username:</b> free
<b>Password:</b> free

🚨 <b>CRITICAL:</b> Do not lose this password — you will be locked out permanently if you forget it.

📁 <b>App Passwords:</b> After rebooting, your system will finish setting up and save all app passwords (Nextcloud, Bitcoin, Matrix, etc.) to a secure PDF in your <b>Documents</b> folder.

Click OK to reboot into your new system!"

sudo rebootdo reboot