#!/bin/bash
# ═══════════════════════════════════════════════════════
# TheKetoBay — First-Time SSL Setup
# Run ONCE before full deployment
# Usage: ./ssl-setup.sh youremail@example.com
# ═══════════════════════════════════════════════════════

set -e
DOMAIN="theketobay.com"
EMAIL=${1:-"admin@theketobay.com"}

echo "🔒 Setting up SSL for $DOMAIN"

# Start nginx with HTTP only first
docker compose -f infrastructure/docker-compose.yml up -d nginx

echo "⏳ Waiting for nginx..."
sleep 3

# Get certificate
docker compose -f infrastructure/docker-compose.yml run --rm certbot \
  certbot certonly \
  --webroot \
  --webroot-path=/var/www/certbot \
  -d $DOMAIN \
  -d www.$DOMAIN \
  --email $EMAIL \
  --agree-tos \
  --no-eff-email

echo "✅ SSL certificate obtained!"
echo "🔄 Reloading nginx with HTTPS..."
docker compose -f infrastructure/docker-compose.yml restart nginx

echo "✅ SSL setup complete!"