#!/bin/bash

set -e

echo "========================================="
echo "二级域名配置部署脚本"
echo "========================================="

echo ""
echo "步骤1: 验证DNS解析..."
echo "检查 *.f.novalon.cn 解析..."

if nslookup git.f.novalon.cn | grep -q "139.155.109.62"; then
    echo "✓ DNS解析正常"
else
    echo "✗ DNS解析未生效，请等待DNS传播"
    exit 1
fi

echo ""
echo "步骤2: 上传Nginx配置..."
if [ -f "nginx-wildcard.conf" ]; then
    scp nginx-wildcard.conf root@139.155.109.62:/home/novalon/docker-app/nginx.conf
    echo "✓ Nginx配置已上传"
else
    echo "✗ 找不到nginx-wildcard.conf文件"
    exit 1
fi

echo ""
echo "步骤3: 上传SSL证书申请脚本..."
if [ -f "scripts/setup-wildcard-ssl.sh" ]; then
    scp scripts/setup-wildcard-ssl.sh root@139.155.109.62:/home/novalon/docker-app/
    ssh root@139.155.109.62 "chmod +x /home/novalon/docker-app/setup-wildcard-ssl.sh"
    echo "✓ SSL证书申请脚本已上传"
else
    echo "✗ 找不到setup-wildcard-ssl.sh文件"
    exit 1
fi

echo ""
echo "步骤4: 申请通配符SSL证书..."
echo "注意: 需要腾讯云API密钥"
echo ""
echo "请在服务器上执行以下命令:"
echo "ssh root@139.155.109.62"
echo "export TENCENTCLOUD_SECRET_ID=your-secret-id"
echo "export TENCENTCLOUD_SECRET_KEY=your-secret-key"
echo "cd /home/novalon/docker-app && ./setup-wildcard-ssl.sh"
echo ""
echo "或者直接运行 (需要提供密钥):"
read -p "是否现在申请证书? (需要腾讯云API密钥) [y/N]: " confirm

if [ "$confirm" = "y" ] || [ "$confirm" = "Y" ]; then
    read -p "请输入腾讯云Secret ID: " secret_id
    read -p "请输入腾讯云Secret Key: " secret_key
    
    ssh root@139.155.109.62 "export TENCENTCLOUD_SECRET_ID='$secret_id' && export TENCENTCLOUD_SECRET_KEY='$secret_key' && cd /home/novalon/docker-app && ./setup-wildcard-ssl.sh"
fi

echo ""
echo "========================================="
echo "部署完成!"
echo "========================================="
echo ""
echo "后续步骤:"
echo "1. 如果未自动申请证书，请手动执行SSL证书申请脚本"
echo "2. 重启Nginx容器: docker restart novalon-nginx"
echo "3. 测试访问:"
echo "   - https://git.f.novalon.cn"
echo "   - https://ci.f.novalon.cn"
echo "   - https://registry.f.novalon.cn"
echo "========================================="