#!/bin/bash

set -eu
cd "$(dirname "$0")"

# redirect all docker commands to the remote host.
DOCKER_HOST="ssh://ubuntu@$WWW_FQDN"
export DOCKER_HOST="$DOCKER_HOST"

# Create the nginx config file which covers all domainys.
bash -c ./stub/nginx_config.sh

for DOMAIN_NAME in ${DOMAIN_LIST//,/ }; do
    export DOMAIN_NAME="$DOMAIN_NAME"
    export SITE_PATH="$SITES_PATH/$DOMAIN_NAME"

    # source the site path so we know what features it has.
    source ../../../defaults.sh
    source "$SITE_PATH/site.conf"
    source ../domain_env.sh

    ### Let's check to ensure all the requiredsettings are set.
    if [ "$DEPLOY_GHOST" = true ]; then
        if [ -z "$GHOST_MYSQL_PASSWORD" ]; then
            echo "ERROR: Ensure GHOST_MYSQL_PASSWORD is configured in your site.conf."
            exit 1
        fi

        if [ -z "$GHOST_MYSQL_ROOT_PASSWORD" ]; then
            echo "ERROR: Ensure GHOST_MYSQL_ROOT_PASSWORD is configured in your site.conf."
            exit 1
        fi
    fi

    if [ "$DEPLOY_GITEA" = true ]; then
        if [ -z "$GITEA_MYSQL_PASSWORD" ]; then
            echo "ERROR: Ensure GITEA_MYSQL_PASSWORD is configured in your site.conf."
            exit 1
        fi
        if [ -z "$GITEA_MYSQL_ROOT_PASSWORD" ]; then
            echo "ERROR: Ensure GITEA_MYSQL_ROOT_PASSWORD is configured in your site.conf."
            exit 1
        fi
    fi

    if [ "$DEPLOY_NEXTCLOUD" = true ]; then
        if [ -z "$NEXTCLOUD_MYSQL_ROOT_PASSWORD" ]; then
            echo "ERROR: Ensure NEXTCLOUD_MYSQL_ROOT_PASSWORD is configured in your site.conf."
            exit 1
        fi

        if [ -z "$NEXTCLOUD_MYSQL_PASSWORD" ]; then
            echo "ERROR: Ensure NEXTCLOUD_MYSQL_PASSWORD is configured in your site.conf."
            exit 1
        fi
    fi

    if [ -z "$DUPLICITY_BACKUP_PASSPHRASE" ]; then
        echo "ERROR: Ensure DUPLICITY_BACKUP_PASSPHRASE is configured in your site.conf."
        exit 1
    fi

    if [ -z "$DOMAIN_NAME" ]; then
        echo "ERROR: Ensure DOMAIN_NAME is configured in your site.conf."
        exit 1
    fi

    # prepare clams images and such
    if [ "$DEPLOY_CLAMS" = true ]; then
        echo ""
        ./clams/build.sh
    fi

done

./stop_docker_stacks.sh

# TODO check if there are any other stacks that are left running (other than reverse proxy)
# if so, this may mean the user has disabled one or more domains and that existing sites/services
# are still running. We should prompt the user of this and quit. They have to go manually docker stack remove these.
if [[ $(docker stack list | wc -l) -gt 2 ]]; then
    echo "WARNING! You still have stacks running. If you have modified the SITES list, you may need to go remove the docker stacks runnong the remote machine."
    echo "exiting."
    exit 1
fi

# ok, the backend stacks are stopped.
if [ "$RESTART_FRONT_END" = true ]; then
    # remove the nginx stack
    if docker stack list --format "{{.Name}}" | grep -q reverse-proxy; then
        sleep 2

        docker stack rm reverse-proxy

        # wait for all docker containers to stop.
        # TODO see if there's a way to check for this.
        sleep 20
    fi

    # generate the certs and grab a backup
    if [ "$RUN_CERT_RENEWAL" = true ] && [ "$RESTORE_CERTS" = false ]; then
        if [ "$STOP_SERVICES" = false ]; then
            ./generate_certs.sh
        fi
    fi

    # let's backup all our letsencrypt certs
    export APP="letsencrypt"
    for DOMAIN_NAME in ${DOMAIN_LIST//,/ }; do
        export DOMAIN_NAME="$DOMAIN_NAME"
        export SITE_PATH="$SITES_PATH/$DOMAIN_NAME"

        # source the site path so we know what features it has.
        source ../../../defaults.sh
        source "$SITE_PATH/site.conf"
        source ../domain_env.sh

        # these variable are used by both backup/restore scripts.
        export REMOTE_BACKUP_PATH="$REMOTE_HOME/backups/www/$APP/$DOMAIN_IDENTIFIER"
        export REMOTE_SOURCE_BACKUP_PATH="$REMOTE_DATA_PATH/$APP/$DOMAIN_NAME"

        # ensure our local backup path exists so we can pull down the duplicity archive to the management machine.
        export LOCAL_BACKUP_PATH="$SITE_PATH/backups/www/$APP"
        mkdir -p "$LOCAL_BACKUP_PATH"

        # we grab a backup of the certs unless we're restoring.
        if [ "$RESTORE_CERTS" = true ]; then
            ./restore_path.sh
        else
            ./backup_path.sh
        fi
    done
fi

# nginx gets deployed first since it "owns" the docker networks of downstream services.
./stub/nginx_yml.sh

# next run our application stub logic. These deploy the apps too if configured to do so.
./stub/ghost_yml.sh
./stub/nextcloud_yml.sh
./stub/gitea_yml.sh
./stub/nostr_yml.sh

# # start a browser session; point it to port 80 to ensure HTTPS redirect.
# # WWW_FQDN is in our certificate, so we resolve to that.
# wait-for-it -t 320 "$WWW_FQDN:80"
# wait-for-it -t 320 "$WWW_FQDN:443"

# # open bowser tabs.
# if [ "$DEPLOY_GHOST" = true ]; then
#     xdg-open "http://$WWW_FQDN" > /dev/null 2>&1
# fi

# if [ "$DEPLOY_NEXTCLOUD" = true ]; then
#     xdg-open "http://$NEXTCLOUD_FQDN" > /dev/null 2>&1
# fi

# if [ "$DEPLOY_GITEA" = true ]; then
#     xdg-open "http://$GITEA_FQDN" > /dev/null 2>&1
# fi