#!/usr/bin/env nix-shell
#!nix-shell -i bash -p curl -p dig -p iputils -p lftp -p openssh

echo "this script will check that uninsane.org is baseline operational"
echo "it doesn't check all services, just the most critical ones"
echo ""

OVPNS_IPV4=185.157.162.178
DOOF_IPV4=205.201.63.12

last_error=0
check() {
  local label=$1
  shift
  printf "checking %s\n" "$label"
  "$@" > /dev/null
  local rc=$?
  if [ $rc -ne 0 ]; then
    last_error=$rc
    printf "FAILED CHECK '%s'\n" "$label" >&2
    echo "  $@" >&2
  fi
  return $rc
}

check "self-test" false 2> /dev/null
if [ $last_error -eq 0 ]; then
  echo "SELF-TEST FAILED" >&2
  echo "SELF-TEST FAILED"
  exit 1
fi
last_error=0


check "uninsane.org. DNS" nslookup uninsane.org.
check "[1.1.1.1] uninsane.org. DNS" nslookup uninsane.org. 1.1.1.1
check "[OVPNS] uninsane.org. DNS" nslookup uninsane.org. ovpns.uninsane.org
check "[DOOF] uninsane.org. DNS" nslookup uninsane.org. doof.tunnel.uninsane.org

check "https://uninsane.org online" curl --silent --fail-with-body https://uninsane.org
check "https://matrix.uninsane.org online" curl --silent --fail-with-body https://matrix.uninsane.org
check "https://fed.uninsane.org online" curl --silent --fail-with-body https://fed.uninsane.org

# port 80 is accessible also from my VPNs
check "http://uninsane.org online" curl --silent --fail-with-body http://uninsane.org
check "[OVPNS] http://uninsane.org online" curl "--connect-to" "uninsane.org:80:$OVPNS_IPV4:80" --silent --fail-with-body http://uninsane.org
check "[DOOF] http://uninsane.org online" curl "--connect-to" "uninsane.org:80:$DOOF_IPV4:80" --silent --fail-with-body http://uninsane.org

# port 443 is accessible over doofnet
check "[DOOF] https://uninsane.org online" curl "--connect-to" "uninsane.org:443:$DOOF_IPV4:443" --silent --fail-with-body https://uninsane.org
check "[DOOF] https://matrix.uninsane.org online" curl "--connect-to" "matrix.uninsane.org:443:$DOOF_IPV4:443" --silent --fail-with-body https://matrix.uninsane.org

check "uninsane.org DMARC record" nslookup -querytype=TXT _dmarc.uninsane.org.

check "servo-hn wireguard network" ping -c 1 -W 3 servo-hn

check "git.uninsane.org" git ls-remote origin --quiet

lftpgetIntoTmp() {
  local url="$1"
  local localName="$2"
  (
    # run these commands in a subshell to preserve the old PWD
    pushd /tmp
    rm -f "$localName"
    lftpget "$url"
  )
}
check "ftp://uninsane.org" lftpgetIntoTmp ftp://uninsane.org/README.md README.md

echo ""
echo "systemctl --failed:"
ssh uninsane.org systemctl -q --failed

echo ""
if [ $last_error -eq 0 ]; then
  echo "SUCCESS"
  echo "now manually test email services:"
  echo "- <https://www.appmaildev.com/en/dkim>"
else
  echo "FAILED"
  exit $last_error
fi