#!/usr/bin/env bash
set -e

source .env

if [[ "$SSL_MODE" != "letsencrypt" ]]; then
    exit 0
fi

GREEN='\033[0;32m'
NC='\033[0m'

echo "[LE] Requesting certificate for ${GITEA_DOMAIN}..."

docker compose --profile letsencrypt run --rm certbot certonly \
    --webroot \
    --webroot-path /var/www/certbot \
    -d "$GITEA_DOMAIN" \
    --email "$LETSENCRYPT_EMAIL" \
    --agree-tos \
    --no-eff-email \
    --force-renewal

echo -e "${GREEN}[LE] Certificate obtained. Regenerating Nginx config...${NC}"

# Re-run setup-ssl to write the HTTPS config now that certs exist
./scripts/setup-ssl.sh

echo "[LE] Reloading Nginx..."
docker exec gitea-nginx nginx -s reload

echo -e "${GREEN}[LE] Done. HTTPS is active.${NC}"