#!/usr/bin/env sh


# define variables

# mesh domain provider
provider="mesh.cat"

# mesh domain provider port for dns acme challenge
acme_challenge_port="53536"

# temporary working directory
twd="/tmp"

# whoami service
whoami_url="https://ygg.mesh.cat/whoami"

# enable proxychains?
proxychains=false


# internal function to check if a command exists
_exists() {
  cmd="$1"
  if [ -z "$cmd" ] ; then
    echo "Usage: _exists cmd"
    return 1
  fi
  if type command >/dev/null 2>&1 ; then
    command -v $cmd >/dev/null 2>&1
  else
    type $cmd >/dev/null 2>&1
  fi
  ret="$?"
  return $ret
}

# check if we got wget/curl
_get=""
_get_is=""
if _exists curl && [ "${ACME_USE_WGET:-0}" = "0" ]; then
  _get="curl -s -L"
  _get_is="curl"
elif _exists wget ; then
  _get="wget -O -"
  _get_is="wget"
else
  echo "Sorry, you must have curl or wget installed first."
  echo "Please install either of them and try again."
  exit 1
fi

# check if we got dnsmasq
if _exists dnsmasq --help ; then
  echo "dnsmasq is available."
else
  echo "Sorry, you must have dnsmasq installed first."
  echo "Please install dnsmasq and try again."
  exit 1
fi
echo ""

# get my subdomain
domain=`$_get "$whoami_url"`
if [ $? -ne 0 ]; then
  echo "Error: could not fetch my domain."
  exit 1
fi
provider_regex=`echo "$provider" | sed 's/\./\\\./g'`
domain_regex="^[a-zA-Z0-9]+\\.$provider_regex$"
echo $domain_regexp
if echo "$domain" | grep -qE "$domain_regex"; then
  echo "Got domain: $domain"
  echo ""
else
  echo "Error: Received string does not match the expected format."
  exit 1
fi

# define acme.sh's url
if [ -z "$BRANCH" ]; then
  BRANCH="master"
fi
_url="https://raw.githubusercontent.com/acmesh-official/acme.sh/$BRANCH/acme.sh"

# if acme.sh does not exist install it
if [ ! -e "$HOME/.acme.sh/acme.sh" ]; then
  cd $twd
  $_get "$_url" | sh -s -- --install-online --nocron
fi

# define acme.sh command
acme_cmd="$HOME/.acme.sh/acme.sh --log"
if [ "$proxychains" = true ] ; then
  if _exists proxychains ; then
    acme_cmd="proxychains -q $acme_cmd"
  else
    echo "Error: proxychains enabled but not found."
    exit 1
  fi
fi

# register zerossl account
$acme_cmd \
  --register-account \
  -m admin@$domain \
  --server zerossl

# get challenge
timestamp=`date +"%Y%m%d%H%M%S"`
long_flag="--yes-I-know-dns-manual-mode-enough-go-ahead-please"
challenge_file=$twd/acme_challenge.$timestamp.txt
$acme_cmd --issue \
  -d "$domain" \
  --dns $long_flag \
  > $challenge_file
cat $challenge_file
echo ""

# extract TXT value
txt_value=`cat $challenge_file | grep 'TXT' | sed -n "s/.*\x27\(.*\)\x27$/\1/p"`
rm $challenge_file
echo TXT value is $txt_value
echo ""

# launch dnsmasq
touch $twd/dnsm.tmp.cnf \
  && dnsmasq \
    --conf-file=/tmp/dnsm.tmp.cnf \
    -k -d -D -b -R -n -h -q \
    -p $acme_challenge_port \
    --txt-record="_acme-challenge.$domain,$txt_value" &
dnsmasq_pid=$!
echo dnsmasq PID: $dnsmasq_pid
echo ""
sleep 5

# issue certificate
$acme_cmd --renew \
  -d "$domain" \
  --dns $long_flag

# kill dnsmasq
kill $dnsmasq_pid

rm $twd/dnsm.tmp.cnf

echo "Job finished."
echo "Remember to create a cron job to run this script once a month."

exit