#!/bin/bash
# Generate an nginx site config for one domain from the template.
#
# Usage:
#   sudo ./scripts/generate-nginx-conf.sh мои-товары.рф
#   sudo ./scripts/generate-nginx-conf.sh my-products.ru
#
# Writes to /etc/nginx/sites-available/<domain>.conf and symlinks to sites-enabled.
# If no argument is given, DOMAIN is read from .env.

set -euo pipefail

SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
REPO_DIR="$(dirname "$SCRIPT_DIR")"
TEMPLATE="$REPO_DIR/nginx/nginx.conf.template"

# ── resolve domain ────────────────────────────────────────────────────────────
if [ -n "${1:-}" ]; then
  DOMAIN="$1"
else
  if [ -f "$REPO_DIR/.env" ]; then
    DOMAIN_FROM_ENV=$(grep -E '^DOMAIN=' "$REPO_DIR/.env" | cut -d= -f2- | tr -d '"'"'" | head -1)
    DOMAIN="${DOMAIN:-${DOMAIN_FROM_ENV:-}}"
  fi
fi

if [ -z "${DOMAIN:-}" ]; then
  echo "ERROR: no domain specified." >&2
  echo "Usage: $0 <domain>  or set DOMAIN= in .env" >&2
  exit 1
fi

# Convert IDN/Cyrillic domain to punycode for cert paths and server_name
PUNYCODE=$(python3 -c "
import sys
d = sys.argv[1]
try:
    parts = d.split('.')
    print('.'.join(p.encode('idna').decode('ascii') for p in parts))
except Exception:
    print(d)
" "$DOMAIN" 2>/dev/null || echo "$DOMAIN")

if [ "$PUNYCODE" != "$DOMAIN" ]; then
  echo "==> IDN domain detected: $DOMAIN → $PUNYCODE"
fi

CONF_FILE="/etc/nginx/sites-available/${PUNYCODE}.conf"
ENABLED_LINK="/etc/nginx/sites-enabled/${PUNYCODE}.conf"

echo "==> Generating nginx config for: $DOMAIN ($PUNYCODE)"
DOMAIN="$PUNYCODE" envsubst '$DOMAIN' < "$TEMPLATE" | sudo tee "$CONF_FILE" > /dev/null

if [ ! -L "$ENABLED_LINK" ]; then
  sudo ln -s "$CONF_FILE" "$ENABLED_LINK"
  echo "==> Symlinked to sites-enabled"
else
  echo "==> Symlink already exists in sites-enabled"
fi

echo "==> Testing nginx config..."
sudo nginx -t

echo ""
echo "==> Config written to: $CONF_FILE"
echo "    Cert path: /etc/letsencrypt/live/$PUNYCODE/"
echo "    Reload nginx to apply: sudo systemctl reload nginx"