#!/bin/bash
# =============================================================================
# Server Backup Script (läuft auf Mac Mini)
# =============================================================================
# Dieses Script läuft auf dem Mac Mini und erstellt tägliche Backups.
# Die Backups werden lokal auf dem Mac Mini gespeichert.
#
# Installation auf Mac Mini:
#   1. Script kopieren: scp scripts/server-backup.sh macmini:~/scripts/
#   2. Ausführbar machen: ssh macmini "chmod +x ~/scripts/server-backup.sh"
#   3. Cron einrichten: ssh macmini "crontab -e"
#      Zeile hinzufügen: 0 2 * * * /Users/benjaminadmin/scripts/server-backup.sh
#
# Backups werden gespeichert in: ~/backups/
# =============================================================================

set -e

# Konfiguration
BACKUP_DIR="/Users/benjaminadmin/backups"
TIMESTAMP=$(date +%Y-%m-%d_%H-%M-%S)
RETENTION_DAYS=14

# Erstelle Backup-Verzeichnis
mkdir -p "$BACKUP_DIR"

LOG_FILE="$BACKUP_DIR/backup-$TIMESTAMP.log"

echo "=== Server Backup gestartet: $TIMESTAMP ===" | tee "$LOG_FILE"

# 1. PostgreSQL Backup
echo "[1/3] PostgreSQL Backup..." | tee -a "$LOG_FILE"
PG_BACKUP="$BACKUP_DIR/postgres-$TIMESTAMP.sql.gz"
/usr/local/bin/docker exec breakpilot-pwa-postgres pg_dump -U breakpilot breakpilot_db 2>/dev/null | gzip > "$PG_BACKUP"
if [ -s "$PG_BACKUP" ]; then
    SIZE=$(du -h "$PG_BACKUP" | cut -f1)
    echo "      ✓ PostgreSQL: $PG_BACKUP ($SIZE)" | tee -a "$LOG_FILE"
else
    echo "      ⚠ PostgreSQL Backup leer oder fehlgeschlagen" | tee -a "$LOG_FILE"
fi

# 2. Gitea Repositories Backup (Bare Repos)
echo "[2/3] Gitea Repositories..." | tee -a "$LOG_FILE"
GITEA_BACKUP="$BACKUP_DIR/gitea-repos-$TIMESTAMP.tar.gz"
/usr/local/bin/docker exec breakpilot-pwa-gitea tar czf - /var/lib/gitea/git/repositories 2>/dev/null > "$GITEA_BACKUP"
if [ -s "$GITEA_BACKUP" ]; then
    SIZE=$(du -h "$GITEA_BACKUP" | cut -f1)
    echo "      ✓ Gitea: $GITEA_BACKUP ($SIZE)" | tee -a "$LOG_FILE"
else
    echo "      ⚠ Gitea Backup leer oder fehlgeschlagen" | tee -a "$LOG_FILE"
fi

# 3. Vault Backup (Secrets)
echo "[3/3] Vault Secrets..." | tee -a "$LOG_FILE"
VAULT_BACKUP="$BACKUP_DIR/vault-$TIMESTAMP.json"
curl -s -H "X-Vault-Token: breakpilot-dev-token" "http://localhost:8200/v1/secret/data/cicd/api-tokens" > "$VAULT_BACKUP" 2>/dev/null
curl -s -H "X-Vault-Token: breakpilot-dev-token" "http://localhost:8200/v1/secret/data/breakpilot" >> "$VAULT_BACKUP" 2>/dev/null
if [ -s "$VAULT_BACKUP" ]; then
    echo "      ✓ Vault: $VAULT_BACKUP" | tee -a "$LOG_FILE"
else
    echo "      ⚠ Vault Backup leer" | tee -a "$LOG_FILE"
fi

# 4. Aufräumen alter Backups
echo "" | tee -a "$LOG_FILE"
echo "Räume Backups älter als $RETENTION_DAYS Tage auf..." | tee -a "$LOG_FILE"
find "$BACKUP_DIR" -name "postgres-*.sql.gz" -mtime +$RETENTION_DAYS -delete 2>/dev/null
find "$BACKUP_DIR" -name "gitea-repos-*.tar.gz" -mtime +$RETENTION_DAYS -delete 2>/dev/null
find "$BACKUP_DIR" -name "vault-*.json" -mtime +$RETENTION_DAYS -delete 2>/dev/null
find "$BACKUP_DIR" -name "backup-*.log" -mtime +$RETENTION_DAYS -delete 2>/dev/null
echo "      ✓ Alte Backups entfernt" | tee -a "$LOG_FILE"

# Zusammenfassung
echo "" | tee -a "$LOG_FILE"
echo "=== Backup abgeschlossen: $(date +%Y-%m-%d_%H-%M-%S) ===" | tee -a "$LOG_FILE"
echo "" | tee -a "$LOG_FILE"
echo "Backup-Verzeichnis: $BACKUP_DIR" | tee -a "$LOG_FILE"
ls -lh "$BACKUP_DIR"/*-$TIMESTAMP* 2>/dev/null | tee -a "$LOG_FILE"