#!/bin/bash
set -euo pipefail

RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
BLUE='\033[0;34m'
NC='\033[0m'

log()  { echo -e "${GREEN}[+]${NC} $*"; }
info() { echo -e "${BLUE}[i]${NC} $*"; }
warn() { echo -e "${YELLOW}[!]${NC} $*"; }
fail() { echo -e "${RED}[✗]${NC} $*"; exit 1; }

[ "$(id -u)" -ne 0 ] && fail "This script must be run as root."

FQDN="${1:-}"
if [ -z "$FQDN" ]; then
    read -rp "Enter FQDN for this Proxmox node (e.g. pve.yourdomain.com): " FQDN
fi
[ -z "$FQDN" ] && fail "FQDN cannot be empty."
[[ "$FQDN" != *.* ]] && fail "FQDN must include a domain (e.g. pve.yourdomain.com)."

SHORT="${FQDN%%.*}"
IP=$(ip route get 1.1.1.1 2>/dev/null | awk '{for(i=1;i<=NF;i++) if($i=="src") print $(i+1)}' | head -1)
[ -z "$IP" ] && fail "Could not determine server IP address."

info "Node FQDN : $FQDN"
info "Short name: $SHORT"
info "IP address: $IP"
echo ""

log "Setting hostname"
hostnamectl set-hostname "$FQDN"
sed -i "/^127\.0\.1\.1/d" /etc/hosts
grep -qF "$FQDN" /etc/hosts || echo "$IP $FQDN $SHORT" >> /etc/hosts

log "Configuring Proxmox VE no-subscription repository"
echo "deb [arch=amd64] http://download.proxmox.com/debian/pve trixie pve-no-subscription" \
    > /etc/apt/sources.list.d/pve-no-subscription.list
rm -f /etc/apt/sources.list.d/pve-enterprise.list

log "Importing Proxmox GPG key"
curl -fsSL https://enterprise.proxmox.com/debian/proxmox-release-trixie.gpg \
    -o /etc/apt/trusted.gpg.d/proxmox-release-trixie.gpg

log "Updating package lists"
apt-get update -q

log "Running full-upgrade"
DEBIAN_FRONTEND=noninteractive apt-get full-upgrade -y -q

log "Installing Proxmox VE"
echo "postfix postfix/mailname string $FQDN" | debconf-set-selections
echo "postfix postfix/main_mailer_type string 'Local only'" | debconf-set-selections
DEBIAN_FRONTEND=noninteractive apt-get install -y proxmox-ve postfix open-iscsi chrony

log "Removing os-prober"
DEBIAN_FRONTEND=noninteractive apt-get remove -y os-prober 2>/dev/null || true

echo ""
log "Detecting network interface and NIC driver"
IFACE=$(ip route get 1.1.1.1 2>/dev/null | awk '{for(i=1;i<=NF;i++) if($i=="dev") print $(i+1)}' | head -1)
DRIVER=$(ethtool -i "$IFACE" 2>/dev/null | awk '/^driver:/{print $2}')

echo ""
echo -e "${YELLOW}━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━${NC}"
echo -e "${YELLOW}  ⚠  NIC OFFLOAD CONFIGURATION — IMPORTANT${NC}"
echo -e "${YELLOW}  Interface : ${NC}$IFACE"
echo -e "${YELLOW}  Driver    : ${NC}$DRIVER"
echo -e "${YELLOW}━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━${NC}"
echo ""

FLAGS=""
case "$DRIVER" in
    igb|i40e|ixgbe|e1000e)
        FLAGS="tso off gso off gro off"
        log "Intel NIC detected — disabling tso gso gro"
        ;;
    mlx4*|mlx5*)
        FLAGS="tso off gso off gro off tx off rx off"
        log "Mellanox NIC detected — disabling tso gso gro tx rx"
        ;;
    r8169|r8168|r8125)
        FLAGS="tso off gso off gro off tx off rx off"
        log "Realtek NIC detected — disabling tso gso gro tx rx"
        ;;
    *)
        warn "Unrecognized driver: $DRIVER"
        warn "NIC offload settings NOT applied. Review manually:"
        warn "  ethtool -k $IFACE"
        ;;
esac

if [ -n "$FLAGS" ]; then
    ethtool -K "$IFACE" $FLAGS

    cat > /etc/systemd/system/nic-offload.service << EOF
[Unit]
Description=Disable NIC offload features for Proxmox VE
After=network.target

[Service]
Type=oneshot
ExecStart=/usr/sbin/ethtool -K $IFACE $FLAGS
RemainAfterExit=yes

[Install]
WantedBy=multi-user.target
EOF

    systemctl daemon-reload
    systemctl enable nic-offload.service
    log "nic-offload.service created and enabled"
fi

echo ""
log "Setup complete. Reboot to start Proxmox VE."
echo ""
echo "    reboot"
echo ""