#!/usr/bin/env python3
import argparse
import os
import subprocess
import sys
from pathlib import Path

# ============================================================
# 手动指定要管理的站点配置文件（脚本同目录下）
# ============================================================
NGINX_SITES = [
    "gogongxt.com",
    "git.gogongxt.com",
    "images.gogongxt.com",
    "chat.gogongxt.com",
    "nas.gogongxt.com",
    "tools.gogongxt.com",
    "code.gogongxt.com",
]

# ============================================================
# 常量配置
# ============================================================
NGINX_AVAILABLE = Path("/etc/nginx/sites-available")
NGINX_ENABLED = Path("/etc/nginx/sites-enabled")
LOCAL_DIR = Path(__file__).parent.resolve()  # 当前脚本所在目录


# ============================================================
# 权限检查
# ============================================================
def require_root():
    if os.geteuid() != 0:
        print("⚠️ 需要root权限，正在使用sudo重新执行...")
        try:
            os.execvp("sudo", ["sudo", sys.executable] + sys.argv)
        except Exception as e:
            print(f"❌ 无法自动提升权限: {e}")
            sys.exit(1)


# ============================================================
# 工具函数
# ============================================================
def run(cmd, check=True):
    print(f"🔹 执行命令: {' '.join(cmd)}")
    result = subprocess.run(cmd, check=check)
    return result.returncode == 0


def ensure_dirs():
    for d in (NGINX_AVAILABLE, NGINX_ENABLED):
        d.mkdir(parents=True, exist_ok=True)


# ============================================================
# 安装 / 卸载操作
# ============================================================
def install_nginx_configs():
    ensure_dirs()
    print(f"📦 开始安装 {len(NGINX_SITES)} 个 Nginx 配置文件...")

    for name in NGINX_SITES:
        src = LOCAL_DIR / name
        dest_available = NGINX_AVAILABLE / name
        dest_enabled = NGINX_ENABLED / name

        if not src.exists():
            print(f"⚠️ 跳过：未找到配置文件 {src}")
            continue

        print(f"🔹 安装配置: {src.name}")

        # 删除已存在的目标文件/链接
        if dest_available.exists() or dest_available.is_symlink():
            print(f"🔸 删除旧的可用配置: {dest_available}")
            dest_available.unlink(missing_ok=True)

        # 创建 sites-available 的软链接
        run(["sudo", "ln", "-s", str(src), str(dest_available)])

        # 删除已存在的启用链接
        if dest_enabled.exists() or dest_enabled.is_symlink():
            print(f"🔸 删除旧的启用链接: {dest_enabled}")
            dest_enabled.unlink(missing_ok=True)

        # 创建 sites-enabled 的软链接
        run(["sudo", "ln", "-s", str(dest_available), str(dest_enabled)])

    print("🔍 检查 Nginx 配置语法...")
    if run(["sudo", "nginx", "-t"], check=False):
        print("✅ 配置检查通过，正在重启 Nginx...")
        run(["sudo", "systemctl", "restart", "nginx"])
    else:
        print("❌ nginx 配置错误，请手动修复后重试。")
        sys.exit(1)

    print("✅ 所有配置已安装完成！")


def uninstall_nginx_configs():
    ensure_dirs()
    print(f"🗑️ 开始卸载 {len(NGINX_SITES)} 个 Nginx 配置文件...")

    for name in NGINX_SITES:
        dest_available = NGINX_AVAILABLE / name
        dest_enabled = NGINX_ENABLED / name

        print(f"🔹 卸载配置: {name}")
        if dest_enabled.exists() or dest_enabled.is_symlink():
            print(f"🗑️ 删除启用链接: {dest_enabled}")
            dest_enabled.unlink(missing_ok=True)
        if dest_available.exists() or dest_available.is_symlink():
            print(f"🗑️ 删除可用配置链接: {dest_available}")
            dest_available.unlink(missing_ok=True)

    print("🔍 检查 Nginx 配置语法...")
    if run(["sudo", "nginx", "-t"], check=False):
        print("✅ 配置检查通过，正在重启 Nginx...")
        run(["sudo", "systemctl", "restart", "nginx"])
    else:
        print("⚠️ Nginx 配置检测未通过，请检查。")

    print("✅ 卸载完成。")


# ============================================================
# 证书生成逻辑
# ============================================================
def generate_cert(domain=None):
    if domain:
        print(f"🔹 为域名 {domain} 生成或更新证书（standalone 模式）...")
        cmd = ["sudo", "certbot", "certonly", "--standalone", "-d", domain]
    else:
        print("🔹 为所有 Nginx 域名生成证书...")
        cmd = ["sudo", "certbot", "certonly", "--nginx"]

    run(cmd, check=False)
    print("✅ 证书任务完成。")


# ============================================================
# CLI 主入口
# ============================================================
if __name__ == "__main__":
    parser = argparse.ArgumentParser(
        description="Manage Nginx site configs and certificates"
    )
    group = parser.add_mutually_exclusive_group(required=True)
    group.add_argument("--install", action="store_true", help="Install Nginx configs")
    group.add_argument(
        "--uninstall", action="store_true", help="Uninstall Nginx configs"
    )
    group.add_argument(
        "--cert",
        nargs="?",
        const=True,
        help="Generate SSL certs (optionally specify domain)",
    )

    args = parser.parse_args()

    require_root()

    if args.install:
        install_nginx_configs()
    elif args.uninstall:
        uninstall_nginx_configs()
    elif args.cert:
        if args.cert is True:
            generate_cert(None)
        else:
            generate_cert(args.cert)