#!/bin/bash

# SPDX-License-Identifier: Apache-2.0

curl -sSf https://tiup-mirrors.pingcap.com/install.sh | sh

LOG_DIR=/root/brain_logs
mkdir -p "$LOG_DIR"

nodes=(
  prod-brain-1
  prod-brain-2
  prod-brain-3
  prod-brain-mon
  staging-brain-1
  staging-brain-2
  staging-brain-3
  staging-brain-mon
)

for host in "${nodes[@]}"; do
  ssh -o StrictHostKeyChecking=no "$host" -- \
      pacman -S --noconfirm sudo \
      >> "${LOG_DIR}/${host}" 2>&1

  ssh "$host" iptables -I INPUT 1 \
    -p tcp -s 10.254.254.0/24 \
    -m multiport --dports 20180,9115,9100,20160,2380,2379,8080 \
    -j ACCEPT

  ssh "$host" iptables -I INPUT 1 \
    -p tcp -s 127.0.0.0/8 \
    -m multiport --dports 20180,9115,9100,20160,2380,2379,8080 \
    -j ACCEPT
  
  ssh "$host" iptables -A INPUT \
    -p tcp \
    -m multiport --dports 20180,9115,9100,20160,2380,2379,8080 \
    -j DROP

  ssh $host iptables-save | ssh $host tee /etc/iptables/iptables.rules
  ssh $host systemctl enable --now iptables.service
done

/root/.tiup/bin/tiup cluster deploy \
  staging-brain v8.5.1 /root/staging_cluster.yaml \
  --user root -i ~/.ssh/id_ed25519

/root/.tiup/bin/tiup cluster deploy \
  prod-brain v8.5.1 /root/prod_cluster.yaml \
  --user root -i ~/.ssh/id_ed25519

/root/.tiup/bin/tiup cluster start staging-brain --init
/root/.tiup/bin/tiup cluster start prod-brain --init

surreal_pass=$(openssl rand -base64 20 | tr -d '=/+')
  
for host in "${nodes[@]}"; do
  echo $host | grep mon > /dev/null && continue

  curl -sSf https://install.surrealdb.com | ssh $host sh
  echo SURREAL_PASS=$surreal_pass | ssh $host tee /opt/surreal_env > /dev/null
  ssh $host curl -o /etc/systemd/system/surrealdb.service \
    https://gitea.detee.cloud/general/examples/raw/branch/master/surrealdb_tikv_prod/surrealdb.service
  ssh $host systemctl daemon-reload
  ssh $host systemctl enable surrealdb.service
  ssh $host systemctl start surrealdb.service
done