import os
import subprocess
import re
import sysrsync
from dotenv import load_dotenv

# NGINX_DIR="/etc/nginx"
# DOMAINS_TXT = "/etc/autossl/domains.txt"
# DEHYDRATED_LOC = "/etc/autossl/dehydrated.sh"

load_dotenv()
NGINX_DIR = os.getenv("NGINX_DIR")
DOMAINS_TXT = os.getenv("DOMAINS_TXT")
DEHYDRATED_LOC = os.getenv("DEHYDRATED_LOC")
REMOTE = os.getenv("REMOTE")
REMOTE_SSH_KEY = os.getenv("REMOTE_SSH_KEY")


def create_domfile():
    # Get nginx config files with "# AUTOSSL" tag, parse IDs and domains and create domains.txt file for Dehydrated
    sites_path = NGINX_DIR + "/sites"
    # It's probably not the best to use grep here, but it's really fast unlike reading files in Python directly. But what can go wrong? (lol)
    grep_out = subprocess.run(
        ["grep", "-Rh", "AUTOSSL", sites_path], capture_output=True, text=True
    )
    if grep_out.returncode == 0:
        DOMAIN_LINES = []
        for line in grep_out.stdout.splitlines():
            id = re.findall(r"\d+", line)[-1]
            domains = re.findall(r"(?<=server_name )(.*)(?=;)", line)[0]
            DOMAIN_LINES.append(domains + " > " + str(id))

        if len(DOMAIN_LINES) > 0:
            with open(DOMAINS_TXT, "w") as fp:
                for line in DOMAIN_LINES:
                    # write each item on a new line
                    fp.write("%s\n" % line)
        else:
            print("No data to write to domains.txt. \n Aborting")
            exit()
    else:
        print("Finding #AUTOSSL comments in nginx configs failed.")
        exit()


def request_cert():
    print("Requesting certificate")
    dehydrated_run = subprocess.run(
        [DEHYDRATED_LOC, "-c"], capture_output=True, text=True
    )
    if dehydrated_run.returncode != 0:
        print("Something went wrong with dehydrated.sh")
        print(dehydrated_run.stdout)
    else:
        print(
            "Certificates are successfully dehydrated. (It went OK and cert is now generated)"
        )


def reload_local_nginx():
    nginx_check = subprocess.run(["nginx", "-t"], capture_output=True, text=True)
    if nginx_check.returncode != 0:
        print("nginx config is not valid! Aborting")
        print(nginx_check.stdout)
        exit()

    nginx_reload = subprocess.run(
        ["systemctl", "reload", "nginx.service"], capture_output=True, text=True
    )
    if nginx_reload.returncode != 0:
        print("Nginx reload returned non-zero status code")
        print(nginx_reload.stdout)
        exit()


def remote_replication(remote, ssh_key):
    # Copy nginx config to second server
    sysrsync.run(
        source="/etc/nginx/",
        destination="/etc/nginx/",
        destination_ssh=remote,
        private_key=ssh_key,
        options=["-a", "--delete"],
    )
    # Copy certificates to second server
    sysrsync.run(
        source="/etc/autossl/",
        destination="/etc/autossl/",
        destination_ssh=remote,
        private_key=ssh_key,
        options=["-a", "--delete"],
    )


def remote_reload(remote, ssh_key):
    # Check and reload nginx on second server
    nginx_check = subprocess.run(
        ["ssh", "-i", ssh_key, remote, "nginx", "-t"], capture_output=True, text=True
    )
    if nginx_check.returncode != 0:
        print("Remote nginx config is not valid! Please check manually.")
        print(nginx_check.stdout)
        return False
    else:
        nginx_reload = subprocess.run(
            ["ssh", "-i", ssh_key, remote, "systemctl", "reload", "nginx.service"],
            capture_output=True,
            text=True,
        )
        if nginx_reload.returncode != 0:
            print("Remote nginx reload failed, please check manually.")
            print(nginx_reload.stdout)


def main():
    create_domfile()
    request_cert()
    reload_local_nginx()
    remote_replication(REMOTE, REMOTE_SSH_KEY)
    remote_reload(REMOTE, REMOTE_SSH_KEY)


if __name__ == "__main__":
    main()