#!/bin/bash
export PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:$PATH

: '
Copyright (C) 2022 - now  HaoZi Technology Co., Ltd.

This program is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as published
by the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.

This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU Affero General Public License for more details.

You should have received a copy of the GNU Affero General Public License
along with this program.  If not, see <https://www.gnu.org/licenses/>.
'

source <(curl -f -s --connect-timeout 10 --retry 3 https://dl.cdn.haozi.net/panel/public.sh)
if [ $? -ne 0 ]; then
    echo "下载 public.sh 失败，请检查网络或稍后重试。"
    echo "Download public.sh failed, please check the network or try again later."
    exit 1
fi

channel=${1}
version=${2}
minio_path="${setup_path}/server/minio"

if [ ! -d "${minio_path}" ]; then
    mkdir -p ${minio_path}
fi

minio_user_check=$(cat /etc/passwd | grep minio)
if [ "${minio_user_check}" == "" ]; then
    groupadd minio
    useradd -s /sbin/nologin -g minio minio
fi

# 架构判断
if [ ${ARCH} == "x86_64" ]; then
    minio_file="minio-${version}-amd64.7z"
elif [ ${ARCH} == "aarch64" ]; then
    minio_file="minio-${version}-arm64.7z"
else
    error "不支持的架构"
fi

# 下载
cd ${minio_path}
wget --retry-connrefused --retry-on-host-error --retry-on-http-error=429,500,502,503,504 -t 10 -T 120 -O ${minio_path}/${minio_file} ${download_url}/minio/${minio_file}
wget --retry-connrefused --retry-on-host-error --retry-on-http-error=429,500,502,503,504 -t 10 -T 120 -O ${minio_path}/${minio_file}.sha256 ${download_url}/minio/${minio_file}.sha256
if ! sha256sum --status -c ${minio_path}/${minio_file}.sha256; then
    rm -rf ${minio_path}
    error "minio 校验失败"
fi

# 解压
cd ${minio_path}
7z x ${minio_file}
rm -f ${minio_file} ${minio_file}.sha256
mv minio-${version}-* minio
if [ ! -f "${minio_path}/minio" ]; then
    rm -rf ${minio_path}
    error "minio 解压失败"
fi

# 初始化目录
mkdir -p ${minio_path}/data
chown -R minio:minio ${minio_path}
chmod -R 700 ${minio_path}
ln -sf ${minio_path}/minio /usr/local/bin/minio

# 配置systemd
cat >/etc/systemd/system/minio.service <<EOF
[Unit]
Description=MinIO
Documentation=https://docs.min.io
Wants=network-online.target
After=network-online.target
AssertFileIsExecutable=/usr/local/bin/minio
AssertFileNotEmpty=/etc/default/minio

[Service]
Type=notify

WorkingDirectory=${minio_path}/

User=minio
Group=minio
ProtectProc=invisible

EnvironmentFile=/etc/default/minio
ExecStart=/usr/local/bin/minio server \$MINIO_OPTS \$MINIO_VOLUMES

# Let systemd restart this service always
Restart=always

# Specifies the maximum file descriptor number that can be opened by this process
LimitNOFILE=1048576

# Specifies the maximum number of threads this process can create
TasksMax=infinity

# Disable timeout logic and wait until process is stopped
TimeoutSec=infinity

# Disable killing of MinIO by the kernel's OOM killer
OOMScoreAdjust=-1000

SendSIGKILL=no

[Install]
WantedBy=multi-user.target
EOF

# 环境变量
root_user=$(cat /dev/urandom | head -n 16 | md5sum | head -c 8)
root_password=$(cat /dev/urandom | head -n 16 | md5sum | head -c 16)
cat >/etc/default/minio <<EOF
# MINIO_ROOT_USER and MINIO_ROOT_PASSWORD sets the root account for the MinIO server.
# This user has unrestricted permissions to perform S3 and administrative API operations on any resource in the deployment.
# Omit to use the default values 'minioadmin:minioadmin'.
# MinIO recommends setting non-default values as a best practice, regardless of environment

MINIO_ROOT_USER=${root_user}
MINIO_ROOT_PASSWORD=${root_password}

# MINIO_VOLUMES sets the storage volume or path to use for the MinIO server.

MINIO_VOLUMES="${minio_path}/data"

# MINIO_OPTS sets any additional commandline options to pass to the MinIO server.
# For example, \$(--console-address :9001) sets the MinIO Console listen port
MINIO_OPTS="--console-address :9001"
EOF

chmod 600 /etc/default/minio
chown minio:minio /etc/default/minio

systemctl daemon-reload
systemctl enable --now minio
if [ "$?" != "0" ]; then
    error "启动失败"
fi

# 防火墙
firewall-cmd --zone=public --add-port=9000/tcp --permanent
firewall-cmd --zone=public --add-port=9001/tcp --permanent
firewall-cmd --reload

panel-cli app write minio ${channel} ${version}

echo -e $HR
echo "minio 安装完成，默认账号见环境变量"
echo -e $HR