#!/bin/bash
#
# Nagios/Icinga2 plugin to check if the system requires a reboot.
#
# Supported distributions:
#   - Debian / Ubuntu : checks /run/reboot-required (written by unattended-upgrades
#     or update-notifier after kernel/libc upgrades)
#
# Exit codes:
#   0 - OK       : No reboot required.
#   1 - WARNING  : (not used)
#   2 - CRITICAL : System needs to be rebooted.
#   3 - UNKNOWN  : Cannot determine reboot status.
#
# Usage: check_reboot_required [-v] [-r]
#   -v  Verbose: also print the list of packages that triggered the requirement.
#   -r  Reset: remove /run/reboot-required (and .pkgs) to clear the alert.
#       Requires root privileges (or sudo).
#

# --- Nagios exit codes ---
STATE_OK=0
STATE_WARNING=1
STATE_CRITICAL=2
STATE_UNKNOWN=3

VERBOSE=0
RESET=0

while getopts "vr" opt; do
    case $opt in
        v) VERBOSE=1 ;;
        r) RESET=1 ;;
        *) echo "Usage: $0 [-v] [-r]"; exit $STATE_UNKNOWN ;;
    esac
done

# -----------------------------------------------------------------------
# Reset: remove /run/reboot-required to clear the alert
# -----------------------------------------------------------------------
if [ "$RESET" -eq 1 ]; then
    if [ ! -f /run/reboot-required ]; then
        echo "OK: /run/reboot-required does not exist, nothing to clear."
        exit $STATE_OK
    fi
    rm -f /run/reboot-required /run/reboot-required.pkgs 2>/dev/null
    if [ $? -eq 0 ]; then
        echo "OK: /run/reboot-required cleared successfully."
        exit $STATE_OK
    else
        echo "UNKNOWN: Failed to remove /run/reboot-required (permission denied?)"
        exit $STATE_UNKNOWN
    fi
fi

# -----------------------------------------------------------------------
# Helper: build a human-readable package list from /run/reboot-required.pkgs
# -----------------------------------------------------------------------
_debian_pkg_list() {
    local pkgs_file="/run/reboot-required.pkgs"
    if [ -f "$pkgs_file" ] && [ -s "$pkgs_file" ]; then
        # Deduplicate, sort, join on commas
        sort -u "$pkgs_file" | tr '\n' ',' | sed 's/,$//' | sed 's/,/, /g'
    else
        echo "(package list unavailable)"
    fi
}

# -----------------------------------------------------------------------
# Debian / Ubuntu path
# -----------------------------------------------------------------------
if [ -f /run/reboot-required ]; then
    if [ "$VERBOSE" -eq 1 ]; then
        pkg_list=$(_debian_pkg_list)
        echo "CRITICAL: Reboot required. Triggering packages: ${pkg_list}"
    else
        echo "CRITICAL: Reboot required."
    fi
    exit $STATE_CRITICAL
fi

# -----------------------------------------------------------------------
# Fallback: compare running kernel with installed kernel
# -----------------------------------------------------------------------
running_kernel=$(uname -r)

# Try Debian/Ubuntu kernel package name
if command -v dpkg >/dev/null 2>&1; then
    installed_kernel=$(dpkg -l "linux-image-*" 2>/dev/null \
        | awk '/^ii/{print $2}' \
        | sed 's/linux-image-//' \
        | grep -E '^[0-9]' \
        | sort -V \
        | tail -1)

    if [ -n "$installed_kernel" ] && [ "$installed_kernel" != "$running_kernel" ]; then
        echo "CRITICAL: Reboot required. Running kernel: ${running_kernel}, latest installed: ${installed_kernel}."
        exit $STATE_CRITICAL
    elif [ -n "$installed_kernel" ]; then
        echo "OK: No reboot required. Running kernel: ${running_kernel}."
        exit $STATE_OK
    fi
fi

echo "UNKNOWN: Unable to determine if a reboot is required on this system."
exit $STATE_UNKNOWN
