#!/bin/bash

HOSTNAME=$1

# Make the directories
mkdir -p /web/$HOSTNAME/{public,logs}

# Move over the nginx config, replace some variables
cp nginx.tpl /etc/nginx/sites-available/$HOSTNAME
sed -i "s/#HOSTNAME#/$HOSTNAME/g" /etc/nginx/sites-available/$HOSTNAME

# Enable it
pushd /etc/nginx/sites-enabled
ln -s ../sites-available/$HOSTNAME .
popd

# Reload nginx before we get a SSL cert
systemctl reload nginx

# Grab a SSL cert
certbot-auto certonly --webroot -w /web/$HOSTNAME/public -d $HOSTNAME

# Add SSL config, replace some variables
cat nginx_ssl.tpl >> /etc/nginx/sites-available/$HOSTNAME
sed -i 's/#\treturn/\treturn/g' /etc/nginx/sites-available/$HOSTNAME
sed -i '/#temp/d' /etc/nginx/sites-available/$HOSTNAME
sed -i "s/#HOSTNAME#/$HOSTNAME/g" /etc/nginx/sites-available/$HOSTNAME

# Permissions
chown www-data:web-admins -R /web/$HOSTNAME/public

# We're done
systemctl reload nginx