#!/bin/bash
set -e

DOMAIN="reserve.xn--15t503c5up.com"
EMAIL="admin@${DOMAIN}"
DEPLOY_DIR="/root/android-resever"

echo "=========================================="
echo "  Android RE Wiki 部署脚本"
echo "  域名: ${DOMAIN}"
echo "=========================================="

cd "${DEPLOY_DIR}"

# Ensure LLM proxy environment file exists
if [ ! -f ".env" ]; then
  echo "❌ 缺少 .env 文件，请先配置 LLM_BASE_URL / LLM_API_KEY"
  exit 1
fi

# Step 1: 启动 Nginx（HTTP only，用于 ACME 验证）
echo "[1/5] 启动 Nginx (HTTP) + LLM Proxy..."
cp nginx/conf.d/default.conf nginx/conf.d/active.conf
docker compose up -d nginx llm-proxy
sleep 3

# Step 2: 申请 Let's Encrypt 证书
echo "[2/5] 申请 SSL 证书..."
docker compose run --rm certbot certonly \
  --webroot \
  --webroot-path=/var/www/certbot \
  --email "${EMAIL}" \
  --agree-tos \
  --no-eff-email \
  --force-renewal \
  -d "${DOMAIN}"

# Step 3: 切换到 HTTPS 配置
echo "[3/5] 切换到 HTTPS 配置..."
cp nginx/conf.d/default-ssl.conf nginx/conf.d/active.conf

# Step 4: 重载 Nginx
echo "[4/5] 重载 Nginx 使用 HTTPS..."
docker compose restart nginx
sleep 3

# Step 5: 验证
echo "[5/5] 验证服务状态..."
docker compose ps
echo ""
echo "✅ 部署完成！"
echo "   访问: https://${DOMAIN}"
echo ""

# 设置证书自动续期 cron
echo "[+] 设置证书自动续期..."
(crontab -l 2>/dev/null; echo "0 3 * * * cd ${DEPLOY_DIR} && docker compose run --rm certbot renew --quiet && docker compose exec nginx nginx -s reload") | sort -u | crontab -
echo "✅ 自动续期已配置 (每天 03:00 检查)"