#!/bin/bash

# --- KONFIGURATION ---
OPENSEARCH_HOST="logserv.tempel-art.de"          # Die IP deines Home-Clusters im VPN
OPENSEARCH_USER="loggy"
OPENSEARCH_PASS="flush!it!now!"
# ---------------------

echo "--- Starte Fluent Bit Installation für OpenSearch ---"

apt update
apt install curl





set -e # Script abbrechen, wenn ein Fehler auftritt

echo "--- Korrigiere Repositories und installiere Fluent Bit ---"


# 2. GPG Key von der RICHTIGEN URL holen
curl https://packages.fluentbit.io/fluentbit.key | gpg --dearmor > /usr/share/keyrings/fluentbit-keyring.gpg


codename=$(grep -oP '(?<=VERSION_CODENAME=).*' /etc/os-release 2>/dev/null || lsb_release -cs 2>/dev/null)
echo "deb [signed-by=/usr/share/keyrings/fluentbit-keyring.gpg] https://packages.fluentbit.io/debian/$codename $codename main" | sudo tee /etc/apt/sources.list.d/fluent-bit.list
# 3. Repo mit der RICHTIGEN URL (packages.fluentbit.io) hinzufügen
#DISTRO=$(lsb_release -cs)
# echo "deb [signed-by=/usr/share/keyrings/fluentbit-keyring.gpg] https://fluentbit.io $DISTRO main" | sudo tee /etc/apt/sources.list.d/fluent-bit.list

# 4. Installieren
sudo apt-get update
sudo apt-get install -y fluent-bit

# 5. Verzeichnisse vorbereiten (User heißt jetzt fluent-bit)
sudo mkdir -p /var/log/fluent-bit/buffer/
sudo chown -R fluent-bit:fluent-bit /var/log/fluent-bit/buffer/

# 6. Konfiguration schreiben (mit 'EOF' damit Variablen auf der Ziel-VM bleiben)
sudo tee /etc/fluent-bit/fluent-bit.conf <<'EOF'
[SERVICE]
    Flush         5
    Log_Level     info
    Parsers_File  parsers.conf
    storage.path  /var/log/fluent-bit/buffer/

[INPUT]
    Name           systemd
    Tag            systemd
    storage.type   filesystem

[FILTER]
    Name           modify
    Match          *
    Add host       ${HOSTNAME}

[OUTPUT]
    Name            opensearch
    Match           *
    Host            REPLACE_HOST
    Port            9200
    Logstash_Format On
    Logstash_Prefix live-logs
    HTTP_User       REPLACE_USER
    HTTP_Passwd     REPLACE_PASS
    tls             Off
    Retry_Limit     False
    Suppress_Type_Name On
EOF

# 7. Die Platzhalter in der Config mit den echten Werten füllen
sudo sed -i "s/REPLACE_HOST/$OPENSEARCH_HOST/" /etc/fluent-bit/fluent-bit.conf
sudo sed -i "s/REPLACE_USER/$OPENSEARCH_USER/" /etc/fluent-bit/fluent-bit.conf
sudo sed -i "s/REPLACE_PASS/$OPENSEARCH_PASS/" /etc/fluent-bit/fluent-bit.conf

# 8. Starten
sudo systemctl enable fluent-bit
sudo systemctl restart fluent-bit

echo "--- Erfolg! Fluent Bit läuft und das Repo ist korrekt eingebunden. ---"

# 4. Konfiguration schreiben
sudo tee /etc/fluent-bit/fluent-bit.conf <<EOF
[SERVICE]
    Flush         5
    Log_Level     info
    Parsers_File  parsers.conf
    storage.path  /var/log/fluent-bit/buffer/

[INPUT]
    Name           tail
    Tag            haproxy.access
    Path           /var/log/haproxy.log
    Parser         haproxy
    storage.type   filesystem

[INPUT]
    Name           systemd
    Tag            systemd
    storage.type   filesystem

[FILTER]
    Name           modify
    Match          *
    Add host       \${HOSTNAME}

[OUTPUT]
    Name            opensearch
    Match           *
    Host            $OPENSEARCH_HOST
    Port            9200
    Index           live-server-logs
    HTTP_User       $OPENSEARCH_USER
    HTTP_Passwd     $OPENSEARCH_PASS
    tls             Off
    Retry_Limit     False
EOF

# 5. Service starten und aktivieren
sudo systemctl enable fluent-bit
sudo systemctl restart fluent-bit

echo "--- Fertig! Logs sollten jetzt nach $OPENSEARCH_HOST fließen. ---"