#!/bin/bash

# Run this script with a cron job every month on the 1st day at 2:00 AM
# crontab -e
# 0 2 1 * * /home/moeny/AppFlowy-Cloud/check-and-renew-certs.sh >> /var/log/cert-renewal.log 2>&1

set -e

# Configuration
COMPOSE_FILE="/home/moeny/AppFlowy-Cloud/docker-compose.yml"
CERTBOT_COMPOSE_FILE="/home/moeny/AppFlowy-Cloud/docker-compose.certbot.yml"
DEPLOY_TRIGGER="/etc/letsencrypt/deploy-hook-triggered"

# Ensure we're in the right directory
cd "$(dirname "$COMPOSE_FILE")"

# Set environment variables to ensure non-interactive operation
export DEBIAN_FRONTEND=noninteractive
export PYTHONUNBUFFERED=1

# Run certbot container with explicit non-interactive settings and timeout
echo "[$(date)] Starting certificate renewal check..."
if timeout --signal=KILL 5m docker compose -f "$CERTBOT_COMPOSE_FILE" run --rm --no-deps \
    -e TERM=dumb \
    -e PYTHONUNBUFFERED=1 \
    --no-TTY \
    < /dev/null \
    certbot; then
    echo "[$(date)] Certbot completed successfully"
else
    exit_code=$?
    if [ $exit_code -eq 137 ]; then  # SIGKILL exit code
        echo "[$(date)] ERROR: Certbot timed out after 5 minutes, killing container..."
        # Find and kill any hanging certbot containers
        docker ps --filter "name=certbot" -q | xargs -r docker kill
    else
        echo "[$(date)] ERROR: Certbot failed with exit code $exit_code"
    fi
    exit 1
fi

# Check if certificates were renewed
if [ -f "$DEPLOY_TRIGGER" ]; then
    echo "[$(date)] Certificates were renewed, restarting nginx..."
    docker compose -f "$COMPOSE_FILE" restart nginx
    sudo rm "$DEPLOY_TRIGGER"
    echo "[$(date)] Nginx restarted successfully"
else
    echo "[$(date)] No certificate renewal needed"
fi