#!/bin/sh
# Observare Linux Agent installer
#
# Usage:
#   curl -fsSL https://observare.io/install.sh | sudo sh
#
# What this does:
#   1. Detects your machine architecture (linux-amd64 or linux-arm64)
#   2. Downloads the latest enabled agent binary from observare.io
#   3. Sanity-checks the download is a real ELF executable
#   4. Moves it to /usr/local/bin/observare (mode 0755, owned by root)
#
# What this does NOT do:
#   - Authenticate the agent (run 'observare auth' next)
#   - Register a systemd service (run 'sudo observare install' next)
#   - Upgrade an existing running daemon (stop it first with
#     'sudo systemctl stop observare-agent', then re-run this script,
#     then 'sudo systemctl start observare-agent')
#
# The script is served live from the customer app so the download
# URLs always point at the currently-enabled release. Re-running
# it later pulls whatever is latest at that moment.

set -eu

BASE_URL="https://observare.io"
INSTALL_PATH="/usr/local/bin/observare"

# -- root check -----------------------------------------------------
if [ "$(id -u)" != "0" ]; then
  echo "This installer needs root to write to /usr/local/bin." >&2
  echo "Re-run with:" >&2
  echo "  curl -fsSL $BASE_URL/install.sh | sudo sh" >&2
  exit 1
fi

# -- arch detection -------------------------------------------------
UNAME_M=$(uname -m)
case "$UNAME_M" in
  x86_64|amd64)
    OS_ARCH="linux-amd64"
    ;;
  aarch64|arm64)
    OS_ARCH="linux-arm64"
    ;;
  *)
    echo "Unsupported architecture: $UNAME_M" >&2
    echo "The Observare agent currently ships linux-amd64 and linux-arm64 only." >&2
    exit 1
    ;;
esac

# -- OS check -------------------------------------------------------
UNAME_S=$(uname -s)
if [ "$UNAME_S" != "Linux" ]; then
  echo "Unsupported OS: $UNAME_S" >&2
  echo "The Observare agent currently ships Linux-only." >&2
  exit 1
fi

echo "Observare Linux Agent installer"
echo "  architecture: $OS_ARCH"
echo "  source:       $BASE_URL/agent/download/latest/$OS_ARCH"
echo "  target:       $INSTALL_PATH"
echo

# -- download to a temp file ---------------------------------------
TMP=$(mktemp)
# shellcheck disable=SC2064
trap "rm -f '$TMP'" EXIT INT TERM

echo "Downloading latest release..."
if ! curl -fsSL "$BASE_URL/agent/download/latest/$OS_ARCH" -o "$TMP"; then
  echo "Download failed." >&2
  echo "Check that $BASE_URL is reachable from this host, and that" >&2
  echo "an agent release is currently enabled in the admin UI." >&2
  exit 1
fi

# -- sanity check: first four bytes should be "\x7fELF" ------------
# Reading with dd avoids a dependency on xxd / hexdump / od column
# flags which vary across distros. POSIX-safe.
MAGIC=$(dd if="$TMP" bs=1 count=4 2>/dev/null | od -An -c | tr -d ' ')
case "$MAGIC" in
  *ELF*)
    : # OK
    ;;
  *)
    echo "Downloaded file does not look like an ELF executable." >&2
    echo "First four bytes: $MAGIC" >&2
    echo "Aborting install — this probably means the server returned" >&2
    echo "an error page instead of a binary." >&2
    exit 1
    ;;
esac

# -- move into place -----------------------------------------------
chmod 0755 "$TMP"
mv "$TMP" "$INSTALL_PATH"
trap - EXIT INT TERM

INSTALLED_VERSION=$("$INSTALL_PATH" version 2>/dev/null || echo "unknown")

echo
echo "Installed: $INSTALLED_VERSION"
echo
echo "Next steps:"
echo "  1. Authorize this agent:       observare auth"
echo "  2. Add monitors:               observare config"
echo "  3. Install as a systemd svc:   sudo observare install"
echo