#!/bin/bash

# Certbot installation and creation supporting Raspbian and Ubuntu.
# Certificate can be created/updated as "certonly" only.

readonly toolName=certbot

sq_aptOpt=

seq_config() {
  if ! initSeqConfig "${seq_configName:?}" "${seq_configTemplate:?}" ; then
    # End if no configuration file exists
    dry || return 1
  fi
  
  ## Apt cmdline option to suppress user interaction
  interactive || sq_aptOpt="-y"

  return 0
}

step_1_info() { echo "Install $toolName for letsencrypt"; }
step_1_alias() { echo "install"; }
step_1() {
  local osName=
  local distName=

  if [ "$(which lsb_release)" == "" ] ; then
    warning -e "Cannot detect OS. Assuming Ubuntu"
    osName="Ubuntu"
  else  
    osName=$(lsb_release -is)
    distName=$(lsb_release -cs)
  fi

  if [ "$osName" == "" ] ; then
    warning -e "Error dedecting OS. Assuming Ubuntu"
    osName="Ubuntu"
  fi

  echo " [I] Detected OS: $osName $distName"

  if [ "$osName" == "Ubuntu" ] ; then
    exe apt-get update
    exe apt-get install software-properties-common ${sq_aptOpt}
    saveReturn $?
    exe add-apt-repository universe ${sq_aptOpt}
    saveReturn $?
    exe add-apt-repository ppa:certbot/certbot ${sq_aptOpt}
    saveReturn $?
    exe apt-get update

    exe apt-get install $toolName ${sq_aptOpt}
    saveReturn $?
    endReturn "$toolName installation for $osName failed"
  elif [ "$osName" == "Raspbian" ] || [ "${osName}" == "Debian" ] ; then
    info "Install ${toolName} from OS repository"
    exe apt update
    exe apt install certbot
    endReturn "$toolName installation for $osName failed"
  fi
}

step_2_info() { echo "Create or update letsencrypt certificate"; }
step_2_alias() { echo "update"; }
step_2() {
  endIfEmpty CERTBOT_DOMAINS "No domain list found. Check configuration"
  endIfEmpty CERTBOT_WEBROOT "Invalid web root. Check configuration"
  endIfEmpty CERTBOT_MAIL "Invalid mail address. Check configuration"

  exe certbot certonly --webroot -w "$CERTBOT_WEBROOT" --rsa-key-size 4096 --expand --agree-tos \
    -m "$CERTBOT_MAIL" ${CERTBOT_DOMAINS[@]/#/-d }
}

step_10_info() { echo 'Print certificate information'; }
step_10_alias() { echo 'info'; }
step_10() {
  exe openssl x509 -text -noout -in "/etc/letsencrypt/live/${CERTBOT_DOMAINS[0]}/cert.pem"
}

# shellcheck disable=SC2034 # Appears unused
readonly sqr_minVersion=16
# shellcheck disable=SC1091 # Don't follow this source
. /usr/local/bin/sequencer.sh