#!/usr/bin/env bash

playbook_add()
{
	info "webserver/add" "Installing packages"
	pkg install \
		certbot \
		goaccess \
		logrotate \
		nginx

	info "webserver/add" "Create nginx user account"
	groupadd "$(config "nginx.group")"
	useradd \
		--home-dir /var/www \
		--gid "$(config "nginx.group")" \
		--system \
		--shell /sbin/nologin \
		"$(config "nginx.user")"

	info "webserver/add" "Cleaning up whatever the package manager did"
	rm -frv -- "$(config "fs.etcdir")/nginx"

	info "webserver/add" "Creating desired directory structure"
	mkdir -pv -- \
		"$(config "fs.etcdir")/nginx" \
		"$(config "fs.etcdir")/nginx/sites-available.d" \
		"$(config "fs.etcdir")/nginx/sites-available.d/http" \
		"$(config "fs.etcdir")/nginx/sites-available.d/https" \
		"$(config "fs.etcdir")/nginx/sites-available.d/revproxy" \
		"$(config "fs.etcdir")/nginx/sites-enabled.d" \
		"$(config "fs.etcdir")/nginx/sites-enabled.d/http" \
		"$(config "fs.etcdir")/nginx/sites-enabled.d/https" \
		"$(config "fs.etcdir")/nginx/sites-enabled.d/revproxy" \
		"$(config "fs.etcdir")/nginx/snippets.d" \
		"$(config "fs.logdir")/nginx/access" \
		/var/www

	info "webserver/add" "Generating dhparam.pem"
	openssl dhparam -out "$(config "fs.etcdir")/nginx/dhparam.pem" 4096

	info "webserver/add" "Running sync to get all configuration going"
	playbook_sync

	svc enable nginx
	svc start nginx
}

playbook_sync()
{
	local snippets
	local sites

	notice "$BASHTARD_PLAYBOOK" "Updating logrotate"
	file_template "logrotate.conf" \
		user="$(config "nginx.user")" \
		group="$(config "nginx.group")" \
		> "$(config "fs.etcdir")/logrotate.d/nginx"

	notice "$BASHTARD_PLAYBOOK" "Configure goaccess service"
	mkdir -pv /etc/systemd/system
	file_template "goaccess.service" \
		user="$(config "nginx.user")" \
		group="$(config "nginx.group")" \
		> "/etc/systemd/system/goaccess@.service"

	notice "webserver/sync" "Updating nginx.conf"
	file_template "nginx.conf" \
		etc="$(config "fs.etcdir")" \
		user="$(config "nginx.user")" \
		> "$(config "fs.etcdir")/nginx/nginx.conf"

	notice "webserver/sync" "Updating mime.types"
	file_template "mime.types" \
		etc="$(config "fs.etcdir")" \
		> "$(config "fs.etcdir")/nginx/mime.types"

	notice "webserver/sync" "Updating cert.sh"
	file_template "cert.sh" \
		> "$(config "fs.bindir")/cert.sh" \
		&& chmod +x "$(config "fs.bindir")/cert.sh"

	for path in "$BASHTARD_ETCDIR/playbooks.d/$BASHTARD_PLAYBOOK/share/snippets.d"/*.conf
	do
		snippet="$(basename "$path")"

		notice "webserver/sync" "Updating snippet $snippet"
		file_template "snippets.d/$snippet" \
			> "$(config "fs.etcdir")/nginx/snippets.d/$snippet"
	done

	for sites_dir in "$BASHTARD_ETCDIR/playbooks.d/$BASHTARD_PLAYBOOK/share/sites.d"/*
	do
		dir="$(basename "$sites_dir")"

		for path_site in "$sites_dir"/*
		do
			site="$(basename "$path_site")"

			notice "webserver/sync" "Updating site $dir/$site"
			file_template "sites.d/$dir/$site" \
				> "$(config "fs.etcdir")/nginx/sites-available.d/$dir/$site"
		done
	done

	notice "webserver/sync" "Set nginx permissions to www user"
	chown -R "$(config "nginx.user"):$(config "nginx.group")" "$(config "fs.etcdir")/nginx"

	notice "webserver/sync" "Renewing Let's Encrypt certificates"
	certbot renew --no-random-sleep-on-renew

	notice "webserver/sync" "Set Let's Encrypt permissions to www user"
	chown -R "$(config "nginx.user"):$(config "nginx.group")" "$(config "fs.etcdir")/letsencrypt"

	[[ "$BASHTARD_COMMAND" == "add" ]] && return

	svc reload nginx
}

playbook_del()
{
	# Stop and remove the service
	svc stop nginx
	svc disable nginx

	# Clean up resources
	pkg uninstall nginx
	rm -fr -- /etc/nginx "$(config "fs.bindir")/cert.sh" /var/www/.acme
	userdel www
	groupdel www
}