#!/bin/bash
# install-mosquitto.sh - Install and configure Mosquitto MQTT broker on Pi Zero 2 W
# Target: Raspberry Pi Zero 2 W (10.60.1.101)
# Author: Pip (CUB-231)

set -e

echo "=== Installing Mosquitto MQTT Broker ==="

# Update package list
echo "[1/6] Updating package list..."
apt-get update

# Install Mosquitto and clients
echo "[2/6] Installing Mosquitto packages..."
apt-get install -y mosquitto mosquitto-clients python3-paho-mqtt

# Create necessary directories
echo "[3/6] Creating configuration directories..."
mkdir -p /etc/mosquitto/conf.d
mkdir -p /var/lib/mosquitto/data
mkdir -p /etc/mosquitto/acl

# Set proper permissions for data directory
chown mosquitto:mosquitto /var/lib/mosquitto/data
chmod 755 /var/lib/mosquitto/data

# Create Mosquitto configuration
echo "[4/6] Creating mosquitto.conf..."
cat > /etc/mosquitto/conf.d/mosquitto.conf << 'EOF'
# Mosquitto Configuration for Pi Zero 2 W Hub
# Auto-generated by install-mosquitto.sh (CUB-231)

# Persistence
persistence true
persistence_location /var/lib/mosquitto/data/
persistence_file mosquitto.db

# Listening
listener 1883

# Authentication
allow_anonymous false

# ACL (Access Control List) configuration
acl_file /etc/mosquitto/acl/acl.conf

# Logging
log_dest file /var/log/mosquitto/mosquitto.log
log_type all
EOF

# Create ACL configuration
echo "[5/6] Creating ACL configuration..."
cat > /etc/mosquitto/acl/acl.conf << 'EOF'
# Mosquitto ACL Configuration
# Topic access control for MQTT users
# Format: topic [read|write] <username>

# Pi Zero 2 W Hub - Read all topics, write to hub-specific topics
pattern read /
pattern write hub/+/set

# Pi clients - Read sensor data, write commands
pattern read sensors/+/data
pattern write devices/+/commands

# Mobile clients - Read home status, write control commands
pattern read home/+/status
pattern write home/+/control

# Admin - Full access
user admin
topic # rw
EOF

# Create users (run interactively with -p for password)
echo "[6/6] Creating initial users..."
echo "Creating 'hub' user for internal services..."
mosquitto_passwd -b /etc/mosquitto/passwd hub "$(openssl rand -base64 16 | tr -d 'O0Il' | cut -c1-16)" 2>/dev/null || echo "User 'hub' setup required"

# Set proper permissions
chown -R mosquitto:mosquitto /etc/mosquitto
chown -R mosquitto:mosquitto /var/lib/mosquitto
chmod 644 /etc/mosquitto/conf.d/mosquitto.conf
chmod 644 /etc/mosquitto/acl/acl.conf
chmod 600 /etc/mosquitto/passwd

echo ""
echo "=== Mosquitto Installation Complete ==="
echo ""
echo "Next steps:"
echo "1. Set password for admin user: mosquitto_passwd -c /etc/mosquitto/passwd <username>"
echo "2. Start the service: systemctl start mosquitto"
echo "3. Enable auto-start: systemctl enable mosquitto"
echo "4. Test connection: mosquitto_sub -h localhost -t test -u <user> -P <pass>"
echo ""