#!/bin/bash
host="$(hostname)"

cleanup() {
	printf "$(tput sgr0)\n"
}
trap cleanup EXIT

printf 'ID\tName\tup;sec\tver\t(notice)\n'

pvesh get "/nodes/$host/qemu" --output-format json | jq -r '.[] | select(.status == "running") | "\(.vmid),\(.name),\(.tags)"' |\
while IFS= read -r vmline; do
	vmid="$(cut -d, -f1 <<< "$vmline")"
	vmname="$(cut -d, -f2 <<< "$vmline")"
	tags="$(cut -d, -f3 <<< "$vmline")"

	printf "$vmid $vmname "

	if grep -q custom <<< "$tags"; then echo "$(tput setaf 5)is custom$(tput sgr0)";
		continue
	fi

	printf "$(tput setaf 5)"; qm guest exec "$vmid" -- /usr/bin/apt-get update > /dev/null; code="$?"; printf "$(tput sgr0)"
	if [[ "$code" == 255 ]]; then
		continue
	fi

	apt="$(qm guest exec "$vmid" -- /usr/lib/update-notifier/apt-check | jq '."err-data"' | sed 's/\n$//'| xargs -I: printf " ":)"
	printf "$(tput setaf 190)$apt$(tput sgr0) "

	ver="$(qm guest exec "$vmid" -- /usr/bin/lsb_release -a 2>/dev/null | jq '."out-data"' | cut -d'\' -f4 | cut -c 2- )"
	printf "$ver"

	expectedTag="unknown"
	case "$(cut -d' ' -f1 <<< "$ver")" in
		Ubuntu)
			expectedTag="ub$(cut -d' ' -f2 <<< "$ver" | cut -d. -f1)"
			;;
		Debian)
			expectedTag="d$(cut -d' ' -f3 <<< "$ver")"
			;;
	esac

	if ! grep -q "$expectedTag" <<< "$tags"; then
		printf " $(tput setaf 6)TAG MISMATCH$(tput sgr0)"
	fi

	if [[ "$(cut -d';' -f2 <<< "$apt")" != 0 ]]; then
		printf " $(tput setaf 3)SECURITY UPDATES$(tput sgr0)"
	fi

	echo
done