#!/usr/bin/env bash
set -o errexit
set -o nounset
set -o pipefail

LOG_FILE="/var/log/ailab-apt-cleanup.log"
execute=false
non_interactive=false

usage() {
  printf 'Usage: %s [--execute [--non-interactive]]\n' "$(basename "$0")"
}

while (($# > 0)); do
  case "$1" in
    --execute) execute=true ;;
    --non-interactive) non_interactive=true ;;
    -h|--help) usage; exit 0 ;;
    *) printf 'CRITICAL: unknown argument: %s\n' "$1" >&2; usage >&2; exit 2 ;;
  esac
  shift
done

if [[ "$non_interactive" == true && "$execute" != true ]]; then
  printf 'CRITICAL: --non-interactive requires --execute\n' >&2
  exit 2
fi
if ((EUID != 0)); then
  printf 'CRITICAL: this script must run as root\n' >&2
  exit 2
fi
if ! command -v apt >/dev/null 2>&1; then
  printf 'CRITICAL: apt is required\n' >&2
  exit 2
fi

exec > >(tee -a "$LOG_FILE") 2>&1
printf '\n[%s] APT cleanup\n' "$(date --iso-8601=seconds)"

if [[ "$execute" != true ]]; then
  printf 'INFO: dry-run mode; apt update, autoremove, autoclean, and needrestart are not executed\n'
  printf 'INFO: simulated autoremove follows\n'
  LC_ALL=C apt -s autoremove --purge
  printf 'INFO: rerun with --execute and confirm to apply changes\n'
  exit 0
fi

if [[ "$non_interactive" != true ]]; then
  printf 'WARNING: this will update APT metadata and remove packages marked as automatically installed and unused.\n'
  printf 'Type EXECUTE to continue: '
  read -r confirmation
  if [[ "$confirmation" != "EXECUTE" ]]; then
    printf 'CRITICAL: confirmation failed; no changes made\n'
    exit 2
  fi
fi

apt update
apt autoremove --purge -y
apt autoclean -y
if command -v needrestart >/dev/null 2>&1; then
  needrestart -b || true
else
  printf 'WARNING: needrestart is not installed\n'
fi
printf 'OK: APT cleanup completed\n'