{% extends "ui/_layout.html" %}
{% block title %}Settings - bty-web{% endblock %}
{% block content %}
<h1 class="h3 mb-4"><i class="bi bi-gear me-2"></i>Settings</h1>

<!-- ----------------------------------------------------------------- -->
<div class="card mb-4">
    <div class="card-body">
        <h2 class="h5 mb-3"><i class="bi bi-shield-lock me-2"></i>Authentication</h2>
        <p class="text-muted mb-0">
            bty-web is gated by the OS password of the
            <code>{{ service_user }}</code> account. To rotate the credential,
            run <code>sudo passwd {{ service_user }}</code> on the server.
            Sessions are server-signed cookies (Starlette's
            <code>SessionMiddleware</code>) with a sliding 7-day TTL. To
            invalidate every existing session in one shot, rotate the
            session secret with
            <code>sudo rm /var/lib/bty/session-secret &amp;&amp; sudo systemctl
            restart bty-web</code> and reboot once.
        </p>
    </div>
</div>

<!-- ----------------------------------------------------------------- -->
<div class="card">
    <div class="card-body">
        <h2 class="h5 mb-3"><i class="bi bi-hdd-network me-2"></i>PXE proxy-DHCP</h2>
        <p class="text-muted">
            Activates the dnsmasq proxy-DHCP block: bty-web responds to PXE
            queries on the chosen interface. Pick the interface that faces the
            target machines, supply the subnet they're on, and click Activate.
            <code>dnsmasq</code> restarts; until then the dnsmasq config shipped
            with the appliance only serves TFTP.
        </p>

        {% if pxe %}
            {% if pxe_iface_present %}
            {# Healthy active state: configured interface still exists. #}
            <div class="alert alert-success d-flex justify-content-between align-items-center">
                <div>
                    <i class="bi bi-check-circle-fill me-1"></i>
                    <strong>Active</strong> on interface
                    <code>{{ pxe.interface }}</code>, subnet
                    <code>{{ pxe.subnet }}</code>.
                </div>
                <form action="/ui/settings/pxe-deactivate" method="post" class="m-0">
                    <button type="submit" class="btn btn-sm btn-outline-danger"
                            onclick="return confirm('Deactivate PXE proxy-DHCP on {{ pxe.interface }}?');">
                        <i class="bi bi-stop-circle me-1"></i>Deactivate
                    </button>
                </form>
            </div>
            {% else %}
            {# NIC-gone state: configured interface is no longer present.
               Likely renamed across a reboot (USB ethernet adapters,
               systemd predictable-name churn). dnsmasq is failing to
               bind silently in the background. #}
            <div class="alert alert-warning d-flex justify-content-between align-items-center">
                <div>
                    <i class="bi bi-exclamation-triangle-fill me-1"></i>
                    PXE is configured for interface
                    <code>{{ pxe.interface }}</code> but that interface is
                    <strong>not currently present</strong>. ``dnsmasq`` is
                    failing to bind. Deactivate and re-activate on a present
                    interface below.
                </div>
                <form action="/ui/settings/pxe-deactivate" method="post" class="m-0">
                    <button type="submit" class="btn btn-sm btn-outline-danger">
                        <i class="bi bi-stop-circle me-1"></i>Deactivate
                    </button>
                </form>
            </div>
            {% endif %}
        {% else %}
        <div class="alert alert-light border">
            <i class="bi bi-info-circle me-1"></i>
            PXE is currently <strong>not</strong> active. Machines with
            <code>boot_policy=flash</code> won't actually be served until you
            activate it here.
        </div>
        {% endif %}

        <h3 class="h6 mt-4">{% if pxe %}Change binding{% else %}Activate{% endif %}</h3>
        {% set pxe_iface = pxe.interface if (pxe and pxe_iface_present) else (interfaces[0].name if interfaces else '') %}
        {% set pxe_subnet = pxe.subnet if pxe else (interfaces[0].subnet if interfaces and interfaces[0].subnet else '') %}
        <form action="/ui/settings/pxe-activate" method="post" class="row g-3">
            <div class="col-sm-6">
                <label class="form-label" for="interface">Interface</label>
                <select name="interface" id="interface" class="form-select" required
                        onchange="document.getElementById('subnet').value =
                                  this.options[this.selectedIndex].dataset.subnet || '';">
                    {% for iface in interfaces %}
                    <option value="{{ iface.name }}"
                            data-subnet="{{ iface.subnet or '' }}"
                            data-netmask="{{ iface.netmask or '' }}"
                            {% if iface.name == pxe_iface %}selected{% endif %}>
                        {{ iface.name }} ({{ iface.operstate }}{% if iface.ipv4 %},
                        {{ iface.ipv4 }}/{{ iface.prefix }}{% endif %})
                    </option>
                    {% endfor %}
                    {% if not interfaces %}
                    <option value="" disabled selected>(no interfaces detected)</option>
                    {% endif %}
                </select>
            </div>
            <div class="col-sm-6">
                <label class="form-label" for="subnet">Subnet</label>
                <input type="text" name="subnet" id="subnet" class="form-control"
                       placeholder="192.168.1.0 or 192.168.1.0/24"
                       value="{{ pxe_subnet }}" required>
                <div class="form-text">
                    Network address of the segment PXE clients live on. Pre-filled
                    from the selected interface's IPv4 address; edit if needed.
                </div>
            </div>
            <div class="col-12">
                <button type="submit" class="btn btn-primary">
                    {% if pxe %}
                    <i class="bi bi-arrow-clockwise me-1"></i>Re-bind
                    {% else %}
                    <i class="bi bi-play-circle me-1"></i>Activate
                    {% endif %}
                </button>
            </div>
        </form>
        <p class="form-text mt-2">
            Proxy-DHCP only: bty assumes there is already a DHCP server on
            this segment. Full DHCP is intentionally not offered here -
            misconfigured rogue-DHCP would conflict with the LAN's real
            DHCP server. Run a dedicated DHCP daemon next to bty if you
            need one.
        </p>
    </div>
</div>

{# Recent activity for settings: PXE activate / activate-failed
   via the per-subject events card. #}
{% with events=settings_events,
        title="Recent settings activity",
        link_to_full="/ui/events?subject_kind=settings" %}
{% include "ui/_events_card.html" %}
{% endwith %}
{% endblock %}