#!/usr/bin/env bash
set -euo pipefail

APP_DIR="/srv/ip-ua"
IMAGE_NAME="ip-ua"
CONTAINER_NAME="ip-ua"
NGINX_SITE="/etc/nginx/sites-available/ip-ua"
NGINX_LINK="/etc/nginx/sites-enabled/ip-ua"
CERT_DIR="/etc/nginx/certs"
CERT_KEY="$CERT_DIR/ip-ua.key"
CERT_CRT="$CERT_DIR/ip-ua.crt"

mkdir -p "$APP_DIR" "$CERT_DIR"

if [ ! -d "$APP_DIR/.git" ]; then
  git clone git@git.ornot.ru:alexanderOrNot/testRepo.git "$APP_DIR"
fi

cd "$APP_DIR"
git fetch --all
git reset --hard origin/main

docker build -t "$IMAGE_NAME:latest" .
docker rm -f "$CONTAINER_NAME" >/dev/null 2>&1 || true
docker run -d --name "$CONTAINER_NAME" -p 18080:8080 "$IMAGE_NAME:latest"

if [ ! -f "$CERT_KEY" ] || [ ! -f "$CERT_CRT" ]; then
  openssl req -x509 -nodes -newkey rsa:2048 -days 3650 \
    -keyout "$CERT_KEY" -out "$CERT_CRT" \
    -subj "/CN=my-vpn.local"
fi

cat > "$NGINX_SITE" <<'CONF'
server {
    listen 80 default_server;
    listen [::]:80 default_server;
    server_name _;

    location / {
        proxy_pass http://127.0.0.1:18080;
        proxy_http_version 1.1;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}

server {
    listen 443 ssl default_server;
    listen [::]:443 ssl default_server;
    server_name _;

    ssl_certificate     /etc/nginx/certs/ip-ua.crt;
    ssl_certificate_key /etc/nginx/certs/ip-ua.key;

    location / {
        proxy_pass http://127.0.0.1:18080;
        proxy_http_version 1.1;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}
CONF

ln -sf "$NGINX_SITE" "$NGINX_LINK"
rm -f /etc/nginx/sites-enabled/default
nginx -t
systemctl reload nginx