#!/bin/sh

# Update system and install required packages
dnf update -y
dnf install -y python3-pip git cronie nginx certbot python3-certbot-nginx

# Start and enable crond service
systemctl start crond
systemctl enable crond

cd /home/ec2-user

git clone ${REPO_URL}
cd iptv-updater-aws

# Install Python packages with --ignore-installed to prevent conflicts with RPM packages
pip3 install --ignore-installed -r requirements.txt

# Run database migrations
alembic upgrade head

# Seed initial priorities
python3 -c "from app.utils.database import SessionLocal; from app.models.db import Priority; db = SessionLocal(); db.add_all([Priority(id=100, description='High'), Priority(id=200, description='Medium'), Priority(id=300, description='Low')]); db.commit()"

# Create systemd service file
cat << 'EOF' > /etc/systemd/system/iptv-updater.service
[Unit]
Description=IPTV Updater Service
After=network.target

[Service]
Type=simple
User=ec2-user
WorkingDirectory=/home/ec2-user/iptv-updater-aws
ExecStart=/usr/local/bin/uvicorn app.main:app --host 127.0.0.1 --port 8000
EnvironmentFile=/etc/environment
Restart=always

[Install]
WantedBy=multi-user.target
EOF

# Ensure root has a crontab before installing acme.sh
crontab -u root -l >/dev/null 2>&1 || (echo "" | crontab -u root -)

# Install and configure acme.sh
curl https://get.acme.sh | sh -s email="${LETSENCRYPT_EMAIL}"

# Configure acme.sh to use DNS API for FreeDNS
. "/.acme.sh/acme.sh.env"
"/.acme.sh"/acme.sh --issue --dns dns_freedns -d ${DOMAIN_NAME} -d *.${DOMAIN_NAME}
sudo mkdir -p /etc/nginx/ssl
"/.acme.sh"/acme.sh --install-cert -d ${DOMAIN_NAME} -d *.${DOMAIN_NAME} \
    --key-file /etc/nginx/ssl/${DOMAIN_NAME}.pem \
    --fullchain-file /etc/nginx/ssl/cert.pem \
    --reloadcmd "service nginx force-reload"

# Create nginx config
cat << EOF > /etc/nginx/conf.d/iptvUpdater.conf
server {
    listen 80;
    server_name ${DOMAIN_NAME} *.${DOMAIN_NAME};
    return 301 https://\$host\$request_uri;
}

server {
    listen 443 ssl;
    server_name ${DOMAIN_NAME} *.${DOMAIN_NAME};

    ssl_certificate /etc/nginx/ssl/cert.pem;
    ssl_certificate_key /etc/nginx/ssl/${DOMAIN_NAME}.pem;

    location / {
        proxy_pass http://127.0.0.1:8000;
        proxy_set_header Host \$host;
        proxy_set_header X-Real-IP \$remote_addr;
        proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto \$scheme;
    }
}
EOF

# Start nginx service
systemctl enable nginx
systemctl start nginx
systemctl enable iptv-updater
systemctl start iptv-updater