#!/bin/bash

# usage: $0 apache2|nginx

if ! test "$BASH_VERSION"; then echo "error: shell is not bash" >&2; exit 1; fi
shopt -s inherit_errexit 2>/dev/null ||: # ignore fail in bash < 4.4
set -eE -o pipefail
trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?. PIPESTATUS: ${PIPESTATUS[*]}" >&2' ERR
[[ $EUID == 0 ]] || exec sudo -E "${BASH_SOURCE[0]}" "$@"

t=$1

if apt-cache show python3-certbot-apache &>/dev/null; then
  pyver=3
fi
pkgs=(certbot python${pyver}-certbot-${t%2})
if ! dpkg -s -- ${pkgs[@]} 2>&1 | grep -Fx "Status: install ok installed" &> /dev/null; then
  apt-get -y install --purge --auto-remove ${pkgs[@]}
fi
# Make a version of the certbot timer that emails me.
if [[ -e /a/bin/log-quiet/sysd-mail-once ]]; then
  x=/systemd/system/certbot
  md5=$(md5sum /lib$x.timer /lib$x.service 2>/dev/null) ||:
  sed -r -f - /lib$x.timer <<'EOF' >/etc${x}mail.timer
s,^Description.*,\0 mail version,
EOF
  sed -r -f - /lib$x.service <<'EOF' > /etc${x}mail.service
s,(ExecStart=).*,\1/a/bin/log-quiet/sysd-mail-once certbotmail /usr/bin/certbot renew,
EOF
  if [[ $md5sum != "$(md5sum /lib$x.timer /lib$x.service)" ]]; then
    systemctl daemon-reload
  fi
  systemctl stop certbot.timer
  systemctl disable certbot.timer
  systemctl start certbotmail.timer
  systemctl enable certbotmail.timer
fi