#!/bin/bash
# Monitor Tailscale VPN connectivity
set -euo pipefail

SEND_NTFY="/usr/local/bin/send-ntfy.sh"

# Check if Tailscale is running
if ! systemctl is-active --quiet tailscaled; then
    $SEND_NTFY critical "Tailscale Down" "🔴 CRITICAL: Tailscale service is NOT RUNNING on PVE! Remote access unavailable." "skull,error,globe_with_meridians"
    exit 1
fi

# Check Tailscale status
TS_STATUS=$(timeout 10 tailscale status 2>/dev/null || echo "FAILED")

if [ "$TS_STATUS" = "FAILED" ]; then
    $SEND_NTFY critical "Tailscale Check Failed" "🔴 CRITICAL: Unable to get Tailscale status!" "skull,error"
    exit 1
fi

# Check if we're connected to the network
if echo "$TS_STATUS" | grep -q "100.96.100.82"; then
    logger -t tailscale-monitor "Tailscale: Connected"
else
    $SEND_NTFY warning "Tailscale Disconnected" "🟡 WARNING: Tailscale may be disconnected - cannot find local IP in status" "warning,globe_with_meridians"
fi

# Check if iMac is reachable via Tailscale (critical for iMacHDD storage)
IMAC_REACHABLE=$(timeout 5 ping -c 1 anthonys-iMac.kangaroo-eel.ts.net >/dev/null 2>&1 && echo "YES" || echo "NO")

if [ "$IMAC_REACHABLE" = "NO" ]; then
    $SEND_NTFY warning "iMac Unreachable" "🟡 WARNING: iMac unreachable via Tailscale - iMacHDD storage may be affected" "warning,computer"
fi

logger -t tailscale-monitor "Tailscale check completed"