#!/bin/bash
set -euo pipefail

# If provided, extract ssh.zip to /root/.ssh (not baked into the image)
SSH_ZIP_PATH="/shared/ssh.zip"
SSH_ZIP_DEST="/root/.ssh"

if [ -f "$SSH_ZIP_PATH" ]; then
	mkdir -p "$SSH_ZIP_DEST"
	chmod 700 "$SSH_ZIP_DEST"

	echo "[rego-tunnel] Extracting $SSH_ZIP_PATH -> $SSH_ZIP_DEST"
	# Exclude editor swap/backup files; overwrite existing.
	7z x -y -aoa -o"$SSH_ZIP_DEST" "$SSH_ZIP_PATH" \
		-x!*.swp -x!*.swo -x!*.swx -x!*~ -x!.DS_Store >/dev/null

	find "$SSH_ZIP_DEST" -type d -exec chmod 700 {} \;
	find "$SSH_ZIP_DEST" -type f -exec chmod 600 {} \;
else
	echo "[rego-tunnel] No $SSH_ZIP_PATH found; skipping SSH zip extraction"
fi

# Wait for network setup
sleep 2

TAP_NAME="${TAP_NAME:-tap0}"

# Optional: provide a dedicated 9p export for host app-data (bind-mounted into the container at /shared/app-data)
TSCLIENT_PATH="/hostshare"
TSCLIENT_TAG="${TSCLIENT_TAG:-TSCLIENT}"
SHARED_TAG="${SHARED_TAG:-shared}"

# Ensure the VM auto-mounts the 9p shares without manual steps.
# This edits the QCOW2 from the outside (idempotent) before QEMU boots.
AUTO_MOUNT_9P="${AUTO_MOUNT_9P:-1}"
if [ "$AUTO_MOUNT_9P" = "1" ]; then
	QCOW2_PATH="/vm/linux-vm.qcow2"
	NBD_DEV="${NBD_DEV:-/dev/nbd0}"
	VMROOT_MNT="/mnt/vmroot"

	if [ -e "$QCOW2_PATH" ] && [ -e "$NBD_DEV" ]; then
		echo "[rego-tunnel] Ensuring guest fstab mounts 9p tags ($SHARED_TAG, $TSCLIENT_TAG)"
		modprobe nbd max_part=16 >/dev/null 2>&1 || true
		qemu-nbd --disconnect "$NBD_DEV" >/dev/null 2>&1 || true
		qemu-nbd --connect "$NBD_DEV" "$QCOW2_PATH"
		sleep 1

		mkdir -p "$VMROOT_MNT"
		ROOT_PART=""
		for part in "${NBD_DEV}"p*; do
			[ -e "$part" ] || continue
			# Try mount and detect a Linux root by presence of /etc/fstab and /etc/os-release
			if mount "$part" "$VMROOT_MNT" >/dev/null 2>&1; then
				if [ -f "$VMROOT_MNT/etc/fstab" ] && [ -f "$VMROOT_MNT/etc/os-release" ]; then
					ROOT_PART="$part"
					break
				fi
				umount "$VMROOT_MNT" >/dev/null 2>&1 || true
			fi
		done

		if [ -n "$ROOT_PART" ]; then
			# already mounted from loop above
			mkdir -p "$VMROOT_MNT/shared" "$VMROOT_MNT/hostshare"

			FSTAB="$VMROOT_MNT/etc/fstab"
			# Add entries only if missing
			grep -qE "^[[:space:]]*${SHARED_TAG}[[:space:]]+" "$FSTAB" || echo "${SHARED_TAG} /shared 9p trans=virtio,version=9p2000.L,msize=262144,_netdev,nofail,x-systemd.automount 0 0" >> "$FSTAB"
			grep -qE "^[[:space:]]*${TSCLIENT_TAG}[[:space:]]+" "$FSTAB" || echo "${TSCLIENT_TAG} /hostshare 9p trans=virtio,version=9p2000.L,msize=262144,_netdev,nofail,x-systemd.automount 0 0" >> "$FSTAB"

			umount "$VMROOT_MNT" >/dev/null 2>&1 || true
		else
			echo "[rego-tunnel] WARN: could not locate guest root partition; skipping auto-mount setup"
		fi

		qemu-nbd --disconnect "$NBD_DEV" >/dev/null 2>&1 || true
	else
		echo "[rego-tunnel] WARN: missing $QCOW2_PATH or $NBD_DEV; skipping auto-mount setup"
	fi
fi

exec qemu-system-x86_64 \
	-enable-kvm \
	-cpu host \
	-m ${VM_RAM:-8G} \
	-smp ${VM_CPUS:-4} \
	-hda /vm/linux-vm.qcow2 \
	-fsdev local,id=fsdev0,path=/shared,security_model=none,multidevs=remap \
	-device virtio-9p-pci,fsdev=fsdev0,mount_tag="$SHARED_TAG" \
	-fsdev local,id=fsdev1,path="$TSCLIENT_PATH",security_model=none,multidevs=remap \
	-device virtio-9p-pci,fsdev=fsdev1,mount_tag="$TSCLIENT_TAG" \
	-netdev tap,id=net0,ifname="$TAP_NAME",script=no,downscript=no \
	-device virtio-net-pci,netdev=net0,mac=52:54:00:12:34:56 \
	-vnc :0 \
	-vga virtio \
	-usb \
	-device usb-tablet