#!/bin/sh

yum update -y
yum install -y python3-pip git
amazon-linux-extras install nginx1

pip3 install --upgrade pip
pip3 install certbot certbot-nginx

cd /home/ec2-user

git clone https://git.fiorinis.com/Home/iptv-updater-aws.git
cd iptv-updater-aws

pip3 install -r requirements.txt

# Create systemd service file
cat << 'EOF' > /etc/systemd/system/iptv-updater.service
[Unit]
Description=IPTV Updater Service
After=network.target

[Service]
Type=simple
User=ec2-user
WorkingDirectory=/home/ec2-user/iptv-updater-aws
ExecStart=/usr/local/bin/uvicorn app.main:app --host 127.0.0.1 --port 8000
EnvironmentFile=/etc/environment
Restart=always

[Install]
WantedBy=multi-user.target
EOF

# Install and configure acme.sh
curl https://get.acme.sh | sh -s email=stefano@fiorinis.com

# Configure acme.sh to use DNS API for FreeDNS
. "/root/.acme.sh/acme.sh.env"
acme.sh --issue --dns dns_freedns -d ${DOMAIN_NAME} -d *.${DOMAIN_NAME}
sudo mkdir -p /etc/nginx/ssl
acme.sh --install-cert -d ${DOMAIN_NAME} -d *.${DOMAIN_NAME} \
    --key-file /etc/nginx/ssl/${DOMAIN_NAME}.pem \
    --fullchain-file /etc/nginx/ssl/cert.pem \
    --reloadcmd "service nginx force-reload"

# Create nginx config
cat << 'EOF' > /etc/nginx/conf.d/iptvUpdater.conf
server {
    listen 80;
    server_name ${DOMAIN_NAME} *.${DOMAIN_NAME};
    return 301 https://$host$request_uri;
}

server {
    listen 443 ssl;
    server_name ${DOMAIN_NAME} *.${DOMAIN_NAME};

    ssl_certificate /etc/nginx/ssl/cert.pem;
    ssl_certificate_key /etc/nginx/ssl/${DOMAIN_NAME}.pem;

    location / {
        proxy_pass http://127.0.0.1:8000;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}
EOF

# Start nginx service
systemctl enable nginx
systemctl start nginx
systemctl enable iptv-updater
systemctl start iptv-updater