#!/bin/bash

SSL_DIR="/etc/nginx/ssl"
SITES_ENABLED="/etc/nginx/sites-enabled"
mkdir -p "$SSL_DIR"

# Function to generate self-signed certificate for a domain
generate_cert() {
    local domain=$1
    local cert_dir="$SSL_DIR/$domain"
    
    mkdir -p "$cert_dir"
    
    openssl req -x509 -nodes -days 365 -newkey rsa:2048 \
        -keyout "$cert_dir/self-signed.key" \
        -out "$cert_dir/self-signed.crt" \
        -subj "/CN=$domain"
    
    chmod 600 "$cert_dir/self-signed.key"
    echo "Generated self-signed certificate for $domain"
}

# Function to extract server names from nginx config files
extract_domains() {
    grep -h "server_name" "$SITES_ENABLED"/* 2>/dev/null | \
    sed 's/server_name//g' | \
    tr -d ';' | \
    tr ' ' '\n' | \
    grep -v '^$' | \
    sort -u
}

# If domains are provided as arguments, use those
if [ $# -gt 0 ]; then
    echo "Generating certificates for specified domains..."
    for domain in "$@"; do
        generate_cert "$domain"
    done
# If DOMAINS env variable is set, use that
elif [ -n "$DOMAINS" ]; then
    echo "Generating certificates from DOMAINS environment variable..."
    IFS=',' read -ra DOMAIN_LIST <<< "$DOMAINS"
    for domain in "${DOMAIN_LIST[@]}"; do
        generate_cert "$domain"
    done
# Otherwise, try to extract domains from sites-enabled
else
    echo "No domains specified. Attempting to extract from sites-enabled..."
    while IFS= read -r domain; do
        if [ -n "$domain" ]; then
            generate_cert "$domain"
        fi
    done < <(extract_domains)
fi