#!/bin/sh
# Nginx entrypoint script that processes environment variables in config

set -e

# Default domain name (can be overridden)
DOMAIN_NAME="${DOMAIN_NAME:-default}"

# Process the template config file (which is read-only mounted)
# and create a processed version in a writable location
PROCESSED_CONFIG="/tmp/nginx.conf"

# Check if SSL certificates exist
CERT_PATH="/etc/letsencrypt/live/${DOMAIN_NAME}/fullchain.pem"
KEY_PATH="/etc/letsencrypt/live/${DOMAIN_NAME}/privkey.pem"

# Replace DOMAIN_NAME_PLACEHOLDER in the config file (if it exists)
# If no placeholder, just copy the config
if grep -q "DOMAIN_NAME_PLACEHOLDER" /etc/nginx/nginx.conf 2>/dev/null; then
    sed "s|DOMAIN_NAME_PLACEHOLDER|${DOMAIN_NAME}|g" /etc/nginx/nginx.conf > "$PROCESSED_CONFIG"
else
    cp /etc/nginx/nginx.conf "$PROCESSED_CONFIG"
fi

# If certificates don't exist, just use the config as-is (should be no-ssl config)
if [ ! -f "$CERT_PATH" ] || [ ! -f "$KEY_PATH" ]; then
    echo "WARNING: SSL certificates not found at $CERT_PATH"
    echo "Using HTTP-only configuration for ACME challenges."
fi

# Start nginx with auto-reload for certificate updates
# Reload every 6 hours OR when certbot signals a renewal
# Use the processed config file
exec /bin/sh -c "
  # Watch for certbot reload signal
  (while :; do 
    if [ -f /var/run/certbot-reload/reload ]; then
      echo 'Certificate renewed, reloading nginx...'
      nginx -s reload -c $PROCESSED_CONFIG
      rm -f /var/run/certbot-reload/reload
    fi
    sleep 60
  done) &
  # Periodic reload every 6 hours
  (while :; do sleep 6h & wait \${!}; nginx -s reload -c $PROCESSED_CONFIG; done) &
  # Start nginx with processed config
  nginx -c $PROCESSED_CONFIG -g 'daemon off;'
"