#!/usr/bin/env bash
set -euo pipefail

if [ ! -f .env ]; then
  echo "Missing .env file. Copy .env.example to .env and edit DOMAIN_NAME, LETSENCRYPT_EMAIL and database password."
  exit 1
fi

source .env

if [ -z "${DOMAIN_NAME:-}" ] || [ -z "${LETSENCRYPT_EMAIL:-}" ]; then
  echo "DOMAIN_NAME and LETSENCRYPT_EMAIL must be set in .env"
  exit 1
fi

if ! command -v docker >/dev/null 2>&1; then
  echo "Docker is not installed. Install Docker Engine and Docker Compose plugin first."
  exit 1
fi

if ! docker compose version >/dev/null 2>&1; then
  echo "Docker Compose plugin is not available."
  exit 1
fi

mkdir -p certbot/www certbot/conf backups

# Generate temporary HTTP-only Nginx config so Certbot can verify the domain.
sed "s/\${DOMAIN_NAME}/${DOMAIN_NAME}/g" nginx/http-only.conf.template > nginx/app.conf

# First start Nginx on HTTP so Certbot can verify the domain.
docker compose up -d --build frontend backend db adminer nginx

echo "Requesting HTTPS certificate for ${DOMAIN_NAME}..."
docker compose run --rm certbot certonly \
  --webroot \
  --webroot-path=/var/www/certbot \
  --email "${LETSENCRYPT_EMAIL}" \
  --agree-tos \
  --no-eff-email \
  -d "${DOMAIN_NAME}"

# Replace temporary config with final HTTPS config and restart Nginx.
sed "s/\${DOMAIN_NAME}/${DOMAIN_NAME}/g" nginx/app.conf.template > nginx/app.conf
docker compose restart nginx

echo "Application prepared successfully. Open: https://${DOMAIN_NAME}"