#!/bin/bash
#
# mirror-from-gold.sh - Byte-identical mirror of /srv/samba/ from an existing
#                       PXE server (GOLD) onto a freshly-installed PXE server.
#
# Run this ON THE NEW PXE SERVER, pointing at the GOLD server's IP.
# It pulls every Samba share (winpeapps, enrollment, blancco-reports,
# clonezilla) wholesale so the new box matches GOLD regardless of whether
# content lives in the flat layout or the new taxonomy layout.
#
# Usage:
#   sudo ./mirror-from-gold.sh <GOLD_IP> [options]
#
# Options:
#   --skip-drivers        Do not mirror Out-of-box Drivers trees (saves ~178G).
#   --skip-dell10         Do not mirror Dell_10 drivers (saves ~179G).
#   --skip-latitude       Do not mirror Latitude drivers (saves ~48G).
#   --skip-os             Do not mirror shared Operating Systems (saves ~22G).
#   --skip-clonezilla     Do not mirror clonezilla backup images (can be huge).
#   --skip-reports        Do not mirror blancco-reports history.
#   --dry-run             Show what would transfer without doing it.
#
# Prereqs:
#   - GOLD's pxe user accepts the SSH key this script generates.
#   - GOLD's filesystem is world-readable for the paths involved
#     (it is, by default).

# Note: not using `set -e`. rsync legitimately exits non-zero (e.g. 23
# "some files/attrs were not transferred") when source dirs have files
# the rsync user cannot read (the OpenText W10shortcuts dir on GOLD is
# pxe-upload-group-only). We log and continue instead of aborting.
set -uo pipefail

GOLD="${1:-}"
shift || true

if [ -z "$GOLD" ]; then
    echo "Usage: $0 <GOLD_IP> [--skip-drivers|--skip-dell10|--skip-latitude|--skip-os|--dry-run]"
    exit 1
fi

if [ "$(id -u)" -ne 0 ]; then
    echo "ERROR: must run as root (sudo)."
    exit 1
fi

SKIP_DRIVERS=0
SKIP_DELL10=0
SKIP_LATITUDE=0
SKIP_OS=0
SKIP_CLONEZILLA=0
SKIP_REPORTS=0
DRY_RUN=""

while [ $# -gt 0 ]; do
    case "$1" in
        --skip-drivers)    SKIP_DRIVERS=1 ;;
        --skip-dell10)     SKIP_DELL10=1 ;;
        --skip-latitude)   SKIP_LATITUDE=1 ;;
        --skip-os)         SKIP_OS=1 ;;
        --skip-clonezilla) SKIP_CLONEZILLA=1 ;;
        --skip-reports)    SKIP_REPORTS=1 ;;
        --dry-run)         DRY_RUN="--dry-run" ;;
        *) echo "Unknown option: $1"; exit 1 ;;
    esac
    shift
done

KEY=/root/.ssh/pxe-mirror-key
if [ ! -f "$KEY" ]; then
    echo "[setup] Generating mirror SSH key at $KEY"
    mkdir -p /root/.ssh && chmod 700 /root/.ssh
    ssh-keygen -t ed25519 -N '' -f "$KEY" -q
    echo
    echo "Copy the following public key into pxe@$GOLD's ~/.ssh/authorized_keys"
    echo "(easiest: ssh pxe@$GOLD 'mkdir -p ~/.ssh && chmod 700 ~/.ssh' and then"
    echo " scp '$KEY.pub' pxe@$GOLD:~/.ssh/authorized_keys, then chmod 600 there)"
    echo
    cat "$KEY.pub"
    echo
    read -rp "Press enter once the key is installed on GOLD..."
fi

RSH="ssh -i $KEY -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null"

# Quick connectivity check
echo "[check] Testing key-based SSH to pxe@$GOLD..."
$RSH "pxe@$GOLD" "whoami" >/dev/null || {
    echo "ERROR: SSH to pxe@$GOLD failed. Install $KEY.pub on GOLD first."
    exit 1
}
echo "       OK"

mirror() {
    local label="$1"
    local src="$2"
    local dest="$3"
    shift 3
    echo
    echo "==== $label ===="
    echo "  src:  pxe@$GOLD:$src"
    echo "  dest: $dest"
    mkdir -p "$dest"
    rsync -aHl --delete --info=progress2 --no-inc-recursive $DRY_RUN "$@" \
        -e "$RSH" \
        "pxe@$GOLD:$src" "$dest" || \
        echo "  WARNING: rsync exited rc=$? (likely a permissions issue on source); continuing"
}

# ---------- winpeapps share (all image types + _shared) ----------
WINPE_EXCLUDES=()
[ "$SKIP_OS" = "1" ]       && WINPE_EXCLUDES+=(--exclude='_shared/gea-Operating Systems')
[ "$SKIP_DRIVERS" = "1" ]  && WINPE_EXCLUDES+=(--exclude='_shared/Out-of-box Drivers' --exclude='Out-of-box Drivers')
[ "$SKIP_DELL10" = "1" ]   && WINPE_EXCLUDES+=(--exclude='Dell_10')
[ "$SKIP_LATITUDE" = "1" ] && WINPE_EXCLUDES+=(--exclude='Latitude')

mirror "winpeapps (all image types, _shared, tools)" \
    "/srv/samba/winpeapps/" \
    "/srv/samba/winpeapps/" \
    "${WINPE_EXCLUDES[@]}"

# ---------- enrollment share (flat-layout root + taxonomy subdirs) ----------
mirror "enrollment (taxonomy + flat-layout content)" \
    "/srv/samba/enrollment/" \
    "/srv/samba/enrollment/"

# ---------- blancco-reports share (historical XML reports) ----------
if [ "$SKIP_REPORTS" = "0" ]; then
    mirror "blancco-reports (erasure report history)" \
        "/srv/samba/blancco-reports/" \
        "/srv/samba/blancco-reports/"
fi

# ---------- clonezilla share (disk backup images, can be very large) ----------
if [ "$SKIP_CLONEZILLA" = "0" ]; then
    mirror "clonezilla (disk backup images)" \
        "/srv/samba/clonezilla/" \
        "/srv/samba/clonezilla/"
fi

# Permissions: make sure everything we pulled is readable by the share
chown -R root:root /srv/samba/enrollment /srv/samba/winpeapps /srv/samba/blancco-reports /srv/samba/clonezilla 2>/dev/null || true
find /srv/samba/enrollment /srv/samba/winpeapps -type d -exec chmod 0755 {} \; 2>/dev/null || true
find /srv/samba/enrollment /srv/samba/winpeapps -type f -exec chmod 0644 {} \; 2>/dev/null || true
find /srv/samba/enrollment -name '*.ppkg' -exec chmod 0755 {} \; 2>/dev/null || true

echo
echo "============================================"
echo "Mirror complete. Verify with:"
echo "  du -sh /srv/samba/winpeapps/_shared/*"
echo "  du -sh /srv/samba/enrollment/*"
echo "  df -h /srv"
echo "============================================"