#!/bin/bash
# Phase 2: Set up certificate synchronization

set -euo pipefail

SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
PROJECT_ROOT="$(cd "$SCRIPT_DIR/../.." && pwd)"

if [ -f "$PROJECT_ROOT/.env" ]; then
    set +euo pipefail
    source "$PROJECT_ROOT/.env" 2>/dev/null || true
    set -euo pipefail
fi

PRIMARY_HOST="${PRIMARY_HOST:-192.168.11.11}"
SECONDARY_HOST="${SECONDARY_HOST:-192.168.11.12}"

# Colors
GREEN='\033[0;32m'
BLUE='\033[0;34m'
NC='\033[0m'

log_info() { echo -e "${BLUE}[INFO]${NC} $1"; }
log_success() { echo -e "${GREEN}[✓]${NC} $1"; }

log_info "Setting up certificate synchronization..."

# Test sync script
log_info "Testing certificate sync..."
bash "$SCRIPT_DIR/sync-certificates.sh" || {
    log_warn "Initial sync failed (may be expected if certificates don't exist yet)"
}

# Set up cron job on primary
log_info "Setting up automated certificate sync (cron job)..."
CRON_CMD="*/5 * * * * $PROJECT_ROOT/scripts/npmplus/sync-certificates.sh >> /var/log/npmplus-cert-sync.log 2>&1"

# Check if cron job already exists
if ssh -o StrictHostKeyChecking=no root@"$PRIMARY_HOST" "crontab -l 2>/dev/null | grep -q 'sync-certificates.sh'"; then
    log_info "Cron job already exists"
else
    ssh -o StrictHostKeyChecking=no root@"$PRIMARY_HOST" "(crontab -l 2>/dev/null; echo '$CRON_CMD') | crontab -"
    log_success "Cron job added to primary host"
fi

log_success "Phase 2 complete: Certificate sync configured"