#!/bin/bash

# This script updates the Nginx configuration for boilerhaus.org and its subdomains

# Set variables
SERVER_IP="66.179.188.130"
SERVER_USER="root"  # Using root as requested

# Create backup of existing configuration
echo "Creating backup of existing Nginx configuration..."
ssh $SERVER_USER@$SERVER_IP "mkdir -p /etc/nginx/sites-available && cp -f /etc/nginx/sites-available/boilerhaus.org.conf /etc/nginx/sites-available/boilerhaus.org.conf.bak 2>/dev/null || true"

# Create updated configuration file
cat > boilerhaus.org.conf.new << 'EOL'
# Main website configuration
server {
    listen 80;
    listen [::]:80;
    server_name boilerhaus.org www.boilerhaus.org;

    root /var/www/boilerhaus.org;
    index index.html;

    location / {
        try_files $uri $uri/ =404;
    }

    # Managed by Certbot
    # This section will be updated by Certbot automatically
}

# Nextcloud configuration
server {
    listen 80;
    listen [::]:80;
    server_name cloud.boilerhaus.org;

    # Proxy to Nextcloud
    location / {
        proxy_pass http://localhost:8080;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }

    # Managed by Certbot
    # This section will be updated by Certbot automatically
}

# Gitea configuration
server {
    listen 80;
    listen [::]:80;
    server_name git.boilerhaus.org;

    # Proxy to Gitea
    location / {
        proxy_pass http://localhost:3000;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }

    # Managed by Certbot
    # This section will be updated by Certbot automatically
}

# Vaultwarden configuration
server {
    listen 80;
    listen [::]:80;
    server_name bw.boilerhaus.org;

    # Proxy to Vaultwarden
    location / {
        proxy_pass http://localhost:8000;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }

    # Managed by Certbot
    # This section will be updated by Certbot automatically
}

# SSL configurations will be added by Certbot automatically
EOL

# Upload the new configuration
echo "Uploading new configuration..."
scp boilerhaus.org.conf.new $SERVER_USER@$SERVER_IP:/etc/nginx/sites-available/boilerhaus.org.conf

# Test Nginx configuration
echo "Testing Nginx configuration..."
ssh $SERVER_USER@$SERVER_IP "nginx -t"

# If the test is successful, reload Nginx
if [ $? -eq 0 ]; then
    echo "Reloading Nginx..."
    ssh $SERVER_USER@$SERVER_IP "systemctl reload nginx"
    echo "Configuration updated successfully!"
else
    echo "Nginx configuration test failed. Restoring backup..."
    ssh $SERVER_USER@$SERVER_IP "cp -f /etc/nginx/sites-available/boilerhaus.org.conf.bak /etc/nginx/sites-available/boilerhaus.org.conf 2>/dev/null || true"
    echo "Backup restored. Please check the configuration and try again."
fi

# Make sure the site is enabled
echo "Ensuring site is enabled..."
ssh $SERVER_USER@$SERVER_IP "ln -sf /etc/nginx/sites-available/boilerhaus.org.conf /etc/nginx/sites-enabled/boilerhaus.org.conf"

# Run Certbot to ensure SSL certificates are set up for all domains
echo "Running Certbot to ensure SSL certificates are set up..."
ssh $SERVER_USER@$SERVER_IP "certbot --nginx -d boilerhaus.org -d www.boilerhaus.org -d cloud.boilerhaus.org -d git.boilerhaus.org -d bw.boilerhaus.org --non-interactive --agree-tos --email admin@boilerhaus.org"

echo "Done!"