#!/usr/bin/env bash
# =============================================================================
# FusionPBX Config Backup — runs on fusion (134.209.72.226)
# Critical: PostgreSQL fusionpbx DB dump + FreeSWITCH configs
# Install: /usr/local/bin/fusionpbx-backup
# Cron:    0 5 * * 0 /usr/local/bin/fusionpbx-backup >> /var/log/fusionpbx-backup.log 2>&1
# =============================================================================
set -euo pipefail

PAT="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"
REPO_URL="https://${PAT}@github.com/myronblair/fusionpbx-config.git"
REPO_DIR="/opt/fusionpbx-config"
LOG_PREFIX="[$(date '+%Y-%m-%d %H:%M:%S')] [fusion]"

log() { echo "$LOG_PREFIX $*"; }

# ---------------------------------------------------------------------------
# 1. Clone or pull repo
# ---------------------------------------------------------------------------
if [[ -d "$REPO_DIR/.git" ]]; then
    log "Pulling latest from GitHub"
    cd "$REPO_DIR"
    git config user.email "backup@orbishosting.com"
    git config user.name  "FusionPBX Backup"
    git pull --rebase origin main -q || true
else
    log "Cloning repo to $REPO_DIR"
    git clone "$REPO_URL" "$REPO_DIR"
    cd "$REPO_DIR"
    git config user.email "backup@orbishosting.com"
    git config user.name  "FusionPBX Backup"
fi

cd "$REPO_DIR"
mkdir -p database freeswitch/autoload_configs freeswitch/sip_profiles \
         nginx fail2ban network systemd ssh recordings

# ---------------------------------------------------------------------------
# 2. PostgreSQL dump — THE most critical piece
#    Everything (extensions, dialplans, SIP gateways, IVR, ring groups,
#    devices, voicemail, users) lives here.
# ---------------------------------------------------------------------------
log "Dumping PostgreSQL fusionpbx database"
su -c "pg_dump --clean --if-exists fusionpbx" postgres 2>/dev/null | gzip > database/fusionpbx.sql.gz
# Remove old uncompressed dump if it exists
rm -f database/fusionpbx.sql
DUMP_SIZE=$(wc -c < database/fusionpbx.sql.gz)
log "  DB dump (compressed): $(numfmt --to=iec $DUMP_SIZE 2>/dev/null || echo ${DUMP_SIZE}B)"

# Also dump roles/users
su -c "pg_dumpall --globals-only" postgres > database/postgres_globals.sql 2>/dev/null

# ---------------------------------------------------------------------------
# 3. FreeSWITCH config (key files — FusionPBX dynamically generates the rest)
# ---------------------------------------------------------------------------
log "Backing up FreeSWITCH config"
cp /etc/freeswitch/vars.xml           freeswitch/         2>/dev/null || true
cp /etc/freeswitch/freeswitch.xml     freeswitch/         2>/dev/null || true
cp /etc/freeswitch/extensions.conf    freeswitch/         2>/dev/null || true
# SIP profiles (noload — managed by FusionPBX, but useful as reference)
rsync -a --delete /etc/freeswitch/sip_profiles/ freeswitch/sip_profiles/ 2>/dev/null || true
# Autoload configs that may have been customized
for f in switch.conf.xml sofia.conf.xml event_socket.conf.xml modules.conf.xml \
          lua.conf.xml conference.conf logfile.conf.xml; do
    [[ -f "/etc/freeswitch/autoload_configs/$f" ]] && \
        cp "/etc/freeswitch/autoload_configs/$f" freeswitch/autoload_configs/ || true
done

# ---------------------------------------------------------------------------
# 4. FusionPBX application config (has DB credentials + domain settings)
# ---------------------------------------------------------------------------
log "Backing up FusionPBX app config"
mkdir -p fusionpbx-app
[[ -f /var/www/fusionpbx/resources/config.php ]] && \
    cp /var/www/fusionpbx/resources/config.php fusionpbx-app/ || true

# ---------------------------------------------------------------------------
# 5. nginx config
# ---------------------------------------------------------------------------
log "Backing up nginx config"
[[ -f /etc/nginx/sites-enabled/fusionpbx ]] && \
    cp /etc/nginx/sites-enabled/fusionpbx nginx/fusionpbx.conf || true

# ---------------------------------------------------------------------------
# 6. fail2ban
# ---------------------------------------------------------------------------
log "Backing up fail2ban"
[[ -f /etc/fail2ban/jail.local ]] && cp /etc/fail2ban/jail.local fail2ban/ || true
rsync -a --delete /etc/fail2ban/jail.d/ fail2ban/jail.d/ 2>/dev/null || true

# ---------------------------------------------------------------------------
# 7. Network / netplan
# ---------------------------------------------------------------------------
log "Backing up network"
for f in /etc/netplan/*.yaml; do
    [[ -f "$f" ]] && cp "$f" network/ || true
done
cp /etc/hosts    network/hosts    2>/dev/null || true
cp /etc/hostname network/hostname 2>/dev/null || true

# ---------------------------------------------------------------------------
# 8. Systemd units (FusionPBX service daemons)
# ---------------------------------------------------------------------------
log "Backing up systemd units"
FPBX_UNITS="active_calls active_conferences email_queue event_guard fax_queue system_status transcribe_queue websockets xml_cdr"
for unit in $FPBX_UNITS; do
    [[ -f "/etc/systemd/system/$unit.service" ]] && \
        cp "/etc/systemd/system/$unit.service" systemd/ || true
done

# ---------------------------------------------------------------------------
# 9. SSH authorized_keys
# ---------------------------------------------------------------------------
log "Backing up SSH keys"
[[ -f /root/.ssh/authorized_keys ]] && cp /root/.ssh/authorized_keys ssh/ || true

# ---------------------------------------------------------------------------
# 10. Recordings (small — 3.7MB)
# ---------------------------------------------------------------------------
log "Backing up recordings"
if [[ -d /var/lib/freeswitch/recordings ]]; then
    rsync -a --delete /var/lib/freeswitch/recordings/ recordings/ 2>/dev/null || true
    RECSIZE=$(du -sh recordings/ 2>/dev/null | cut -f1)
    log "  Recordings: $RECSIZE"
fi

# ---------------------------------------------------------------------------
# 11. Commit and push
# ---------------------------------------------------------------------------
log "Committing changes"
git add -A
if git diff --cached --quiet; then
    log "No changes to commit"
else
    CHANGES=$(git diff --cached --stat | tail -1)
    git commit -m "[fusion] Weekly backup $(date '+%Y-%m-%d') — $CHANGES"
    log "Pushing to GitHub"
    git push origin main
    log "Backup complete"
fi