{{- if (ne .host.distro.family "windows") -}}
#!/usr/bin/env bash
# @file CloudFlare WARP
# @brief Configures and connects the CloudFlare WARP CLI to the CloudFlare network if `warp-cli` is installed.
# @description
#     This script automatically connects CloudFlare WARP CLI by first ensuring that the environment is not a WSL environment
#     and also by ensuring the `warp-cli` command is available. It then:
#
#     1. Automatically accepts the Terms of Service and registers the client with CloudFlare
#     2. Automatically connects to the CloudFlare network
#     3. Ensures Always-On Mode is enabled
#     4. Enrolls the client with CloudFlare teams (if the `CLOUDFLARE_TEAMS_CLIENT_ID` and `CLOUDFLARE_TEAMS_CLIENT_SECRET` variables are provided)
#
#     There are also commented lines in this script that show how you can enable WARP+DNS and Family Mode, if you decide
#     to leverage CloudFlare WARP CLI for anything other than securely connecting to CloudFlare Teams.

{{ includeTemplate "universal/profile" }}
{{ includeTemplate "universal/logg" }}

### Configure CloudFlare WARP (if not WSL and warp-cli is installed)
if [[ ! "$(test -d /proc && grep Microsoft /proc/version > /dev/null)" ]] && command -v warp-cli > /dev/null; then
    ### Register CloudFlare WARP
    if warp-cli --accept-tos status | grep 'Registration missing' > /dev/null; then
        logg info 'Registering CloudFlare WARP'
        warp-cli --accept-tos register
    else
        logg info 'Already registered with CloudFlare WARP'
    fi

    ### Connect CloudFlare WARP
    if warp-cli --accept-tos status | grep 'Disconnected' > /dev/null; then
        logg info 'Connecting to CloudFlare WARP'
        warp-cli --accept-tos connect
    else
        logg info 'Already connected to CloudFlare WARP'
    fi

    ### Enable Always-On mode
    logg info 'Enabling always-on mode'
    warp-cli --accept-tos enable-always-on

    ### Enable Family Mode
    # logg info 'Enabling family-mode'
    # warp-cli --accept-tos set-families-mode full

    ### Enable WARP+DNS mode
    # logg info 'Enabling WARP+DNS mode'
    # warp-cli set-mode warp+doh

    # TODO
    {{ if and (or (and (stat (joinPath .host.home ".config" "age" "chezmoi.txt")) (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "CLOUDFLARE_TEAMS_CLIENT_ID"))) (env "CLOUDFLARE_TEAMS_CLIENT_ID")) (or (and (stat (joinPath .host.home ".config" "age" "chezmoi.txt")) (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "CLOUDFLARE_TEAMS_CLIENT_SECRET"))) (env "CLOUDFLARE_TEAMS_CLIENT_SECRET")) -}}
    ### Enroll with CloudFlare Teams
    logg info 'Enrolling with CloudFlare Teams'
    warp-cli teams-enroll '{{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "CLOUDFLARE_TEAMS_CLIENT_ID")) }}{{ includeTemplate "secrets/CLOUDFLARE_TEAMS_CLIENT_ID" | decrypt }}{{ else }}{{ env "CLOUDFLARE_TEAMS_CLIENT_ID" }}{{ end }}' '{{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "CLOUDFLARE_TEAMS_CLIENT_SECRET")) }}{{ includeTemplate "secrets/CLOUDFLARE_TEAMS_CLIENT_SECRET" | decrypt }}{{ else }}{{ env "CLOUDFLARE_TEAMS_CLIENT_SECRET" }}{{ end }}'
    {{- end }}
fi

{{ end -}}