#!/usr/bin/env bash
set -e
clear

# Fill in the following variables
eff_email_address=${eff_email_address}		# eg, eff@web.com
appname=${appname}							# eg, nextcloud
subdomain=${subdomain}						# eg, cloud
domain=${domain}							# eg, web.com
adddomains=(${adddomains//,/ })				# eg, web2.com web3.comf
host=${host}								# eg, 127.0.0.1
port=${port}								# eg, 65000
backup_port=${backup_port}					# eg, 65000 (defaults to localhost 127.0.0.1 as host)

# Grab URL
if [ ${subdomain} ]
then
    url=${subdomain}.${domain}
else
    url=${domain}
fi

# Grab URLs for extra domains
for add in ${adddomains[@]}
do
    addurl+=(${subdomain}.${add})
done

# Abort if variables are missing
for var in eff_email_address appname domain host port
do
    if [ -z ${!var} ]
    then
        echo "Variable ${var} does not exist, aborting..."
        exit 1
    fi
done

# Figure out nginx conf directory
if grep -q 'include.*conf.d' /etc/nginx/nginx.conf
then
    nginxdir=conf.d
elif grep -q 'include.*sites-enabled' /etc/nginx/nginx.conf
then
    nginxdir=sites-available
    sudo ln -s -f /etc/nginx/sites-available/${appname}.conf /etc/nginx/sites-enabled/
else
    echo "Missing nginx directory, exiting..."
    exit 1
fi

# Add backup directive to nginx.conf if supplied
if [ ${backup_port} ]
then
    sudo tee /etc/nginx/${nginxdir}/${appname}.conf >/dev/null <<- conf
	upstream ${appname} {
	    server ${host}:${port};

	    server 127.0.0.1:${backup_port} backup;
	}

	conf
else
    sudo tee /etc/nginx/${nginxdir}/${appname}.conf >/dev/null <<- conf
	upstream ${appname} {
	    server ${host}:${port};
	}

	conf
fi

# Nginx
sudo tee -a /etc/nginx/${nginxdir}/${appname}.conf >/dev/null <<- conf
server {
    server_name ${url};
    include http_upgrade;

    location / {
        proxy_pass http://${appname};
        include proxy_params;

        error_log  /var/log/nginx/${appname}_error.log;
        access_log /var/log/nginx/${appname}_access.log;
    }
}

conf

# Certbot
sudo certbot --nginx --non-interactive --agree-tos --no-eff-email --hsts --no-redirect \
    --email ${eff_email_address} \
    --domain ${url}

# Add extra domains
for url in ${addurl[@]}
do
    sudo tee -a /etc/nginx/${nginxdir}/${appname}.conf >/dev/null <<- conf
	server {
	    server_name ${url};
	    include http_upgrade;

	    location / {
	        proxy_pass http://${appname};
	        include proxy_params;

	        error_log  /var/log/nginx/${appname}_error.log;
	        access_log /var/log/nginx/${appname}_access.log;
	    }
	}

	conf

    # Certbot
    sudo certbot --nginx --non-interactive --agree-tos --no-eff-email --hsts --no-redirect \
        --email ${eff_email_address} \
        --domain ${url}
done

# Add http2 and http3 directives
sudo sed -e '/listen 80/d' \
    -e '/listen 443/a\
    listen 443 quic;\
    listen [::]:443 ssl;\
    listen [::]:443 quic;\
' -i /etc/nginx/${nginxdir}/${appname}.conf 
sudo systemctl reload nginx.service