#!/bin/sh

# Update system and install required packages
dnf update -y
dnf install -y python3-pip git cronie nginx certbot python3-certbot-nginx postgresql15.x86_64 awscli

# Start and enable crond service
systemctl start crond
systemctl enable crond

cd /home/ec2-user

git clone ${REPO_URL}
cd iptv-manager-service

# Install Python packages with --ignore-installed to prevent conflicts with RPM packages
pip3 install --ignore-installed -r requirements.txt

# Retrieve DB credentials from SSM Parameter Store
export DB_HOST=$(aws ssm get-parameter --name "/iptv-manager/DB_HOST" --query "Parameter.Value" --output text)
export DB_NAME=$(aws ssm get-parameter --name "/iptv-manager/DB_NAME" --query "Parameter.Value" --output text)
export DB_USER=$(aws ssm get-parameter --name "/iptv-manager/DB_USER" --query "Parameter.Value" --output text)
export DB_PASSWORD=$(aws ssm get-parameter --name "/iptv-manager/DB_PASSWORD" --query "Parameter.Value" --output text)

# Set PGPASSWORD for psql to use
export PGPASSWORD=$DB_PASSWORD

# Wait for PostgreSQL to be ready
echo "Waiting for PostgreSQL to start..."
until psql -h $DB_HOST -U $DB_USER -d postgres -c '\q'; do
  sleep 1
done
echo "PostgreSQL is ready."

# Create database if it does not exist
DB_EXISTS=$(psql -h $DB_HOST -U $DB_USER -d postgres -tc "SELECT 1 FROM pg_database WHERE datname = '$DB_NAME';")
if [ -z "$DB_EXISTS" ]; then
    echo "Creating database $DB_NAME..."
    psql -h $DB_HOST -U $DB_USER -d postgres -c "CREATE DATABASE $DB_NAME;"
    echo "Database $DB_NAME created."
fi

# Run database migrations
alembic upgrade head

# Create systemd service file
cat << 'EOF' > /etc/systemd/system/iptv-manager.service
[Unit]
Description=IPTV Manager Service
After=network.target

[Service]
Type=simple
User=ec2-user
WorkingDirectory=/home/ec2-user/iptv-manager-service
ExecStart=/usr/local/bin/uvicorn app.main:app --host 127.0.0.1 --port 8000
EnvironmentFile=/etc/environment
Restart=always

[Install]
WantedBy=multi-user.target
EOF

# Ensure root has a crontab before installing acme.sh
crontab -u root -l >/dev/null 2>&1 || (echo "" | crontab -u root -)

# Install and configure acme.sh
curl https://get.acme.sh | sh -s email="${LETSENCRYPT_EMAIL}"

# Configure acme.sh to use DNS API for FreeDNS
. "/.acme.sh/acme.sh.env"
"/.acme.sh"/acme.sh --issue --dns dns_freedns -d ${DOMAIN_NAME} -d *.${DOMAIN_NAME}
sudo mkdir -p /etc/nginx/ssl
"/.acme.sh"/acme.sh --install-cert -d ${DOMAIN_NAME} -d *.${DOMAIN_NAME} \
    --key-file /etc/nginx/ssl/${DOMAIN_NAME}.pem \
    --fullchain-file /etc/nginx/ssl/cert.pem \
    --reloadcmd "service nginx force-reload"

# Create nginx config
cat << EOF > /etc/nginx/conf.d/iptvManager.conf
server {
    listen 80;
    server_name ${DOMAIN_NAME} *.${DOMAIN_NAME};
    return 301 https://\$host\$request_uri;
}

server {
    listen 443 ssl;
    server_name ${DOMAIN_NAME} *.${DOMAIN_NAME};

    ssl_certificate /etc/nginx/ssl/cert.pem;
    ssl_certificate_key /etc/nginx/ssl/${DOMAIN_NAME}.pem;

    location / {
        proxy_pass http://127.0.0.1:8000;
        proxy_set_header Host \$host;
        proxy_set_header X-Real-IP \$remote_addr;
        proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto \$scheme;
    }
}
EOF

# Start nginx service
systemctl enable nginx
systemctl start nginx
systemctl enable iptv-manager
systemctl start iptv-manager