#!/usr/bin/env bash

DOMAIN='targetdisk.io'
CLOUDFLARE_SECRET_INI='/root/.super-secret/cloudflare.ini'

install_certbot() {
	[ "$1" == help ] && echo -n "Install certbot via Pip." && return 0
	[ $UID -ne 0 ] && die "ERROR: must be root!"

	mkdir -p ~/src

	pip install --user --upgrade pip
	pip install --upgrade certbot

	git clone --recurse-submodules \
		https://github.com/cloudflare/certbot-dns-cloudflare \
		~/src/certbot-dns-cloudflare

	pushd ~/src/certbot-dns-cloudflare
	python3 setup.py install
	popd  # ~/src/certbot-dns-cloudflare
}

setup_certbot() {
	[ "$1" == help ] && echo -n "Setup certbot with Cloudflare DNS." && return 0
	[ $UID -ne 0 ] && die "ERROR: must be root!"

	[ -f "$CLOUDFLARE_SECRET_INI" ] \
		|| dedcat  "ERROR: Please ensure you have a \"$CLOUDFLARE_SECRET_INI\" file!"$'\n' \
			  $'  For more information see here:\n' \
			  $'      https://developers.cloudflare.com/fundamentals/api/get-started/\n\n' \
			  $'  And here:\n' \
			   '      https://labzilla.io/blog/cloudflare-certbot'

	certbot certonly --dns-cloudflare \
		--dns-cloudflare-credentials "$CLOUDFLARE_SECRET_INI" \
		-d "$DOMAIN,*.$DOMAIN" \
		--preferred-challenges dns-01
}

# TODO: Check back when Go/Cloudflare get their heads our of their arses
install_cloudflared() {
	[ "$1" == help ] && echo -n "Setup cloudflared." && return 0
	[ $UID -ne 0 ] && die "ERROR: must be root!"

	if [ -e /etc/debian_version ]; then
		sudo mkdir -p --mode=0755 /usr/share/keyrings
		curl -fsSL https://pkg.cloudflare.com/cloudflare-main.gpg \
			| sudo tee /usr/share/keyrings/cloudflare-main.gpg >/dev/null

		echo "deb [signed-by=/usr/share/keyrings/cloudflare-main.gpg] https://pkg.cloudflare.com/cloudflared $(lsb_release -cs) main" \
			| sudo tee /etc/apt/sources.list.d/cloudflared.list

		sudo apt-get update && sudo apt-get install cloudflared
	else
		# Alpine+Cloudflare+Go made me do this
		wget -O /usr/local/bin/cloudflared \
			'https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-amd64'

		# We really should be checking a checksum/sig before doing this...
		# Oh well...
		chmod +x /usr/local/bin/cloudflared

		# If you hack Cloudflare's GitHub/devs you honestly deserve the keys to my little
		# kingdom... ¯\_(ツ)_/¯
	fi
}