#!/bin/sh
set -e

echo "[Pre-Flight] Starting checks..."

# Check environment
if [ -z "$HOST_PUBLIC_IP" ]; then
    echo "[Pre-Flight] WARNING: HOST_PUBLIC_IP not set. DNS checks might be inaccurate."
fi

# Iterate site configs for DNS checks
for conf in /etc/nginx/conf.d/*.conf; do
    [ -e "$conf" ] || continue
    echo "[Pre-Flight] Checking config: $conf"
    
    # Simple extraction of server_name (naive, but works for standard configs)
    DOMAINS=$(grep -E "\s*server_name\s+" "$conf" | sed -r 's/.*server_name\s+(.*);/\1/')
    
    for domain in $DOMAINS; do
        if [ "$domain" = "_" ] || [ "$domain" = "localhost" ]; then continue; fi
        
        echo "[Pre-Flight] Validating DNS for $domain..."
        RESOLVED_IP=$(dig +short "$domain" @1.1.1.1 | tail -n 1)
        
        if [ "$RESOLVED_IP" != "$HOST_PUBLIC_IP" ]; then
            echo "[Pre-Flight] WARNING: Domain $domain resolves to $RESOLVED_IP, expected $HOST_PUBLIC_IP"
        else
            echo "[Pre-Flight] DNS OK: $domain -> $RESOLVED_IP"
        fi
    done
done

# Run SSL Renewal Check (handles its own iteration)
echo "[Pre-Flight] Running SSL renewal check..."
/scripts/renew_ssl.sh

# Setup Daily Cron for Renewal (run at 01:00)
echo "0 1 * * * /scripts/renew_ssl.sh >> /var/log/nginx/ssl_renew.log 2>&1" > /etc/crontabs/root
# Start Crond in background
crond -b -l 8

echo "[Pre-Flight] Checks complete. Starting NGINX..."
exec "$@"