#!/usr/bin/env python3
# SPDX-FileCopyrightText: 2024 Matthew Fennell <matthew@fennell.dev>
#
# SPDX-License-Identifier: AGPL-3.0-only

import argparse
import logging
import subprocess
import tomllib

parser = argparse.ArgumentParser()
parser.add_argument("--env", required=True, choices=["prod", "nonprod"])
args = parser.parse_args()


def main() -> None:
    with open("/etc/opt/acme/config.toml", "rb") as config_file:
        full_config = tomllib.load(config_file)

        config = full_config["config"]
        domains = full_config["domains"]

        for domain in domains.values():
            subdomain_list = domain["domains"]
            subdomain_requests = [
                request
                for subdomain in subdomain_list
                for request in ("--domains", subdomain)
            ]
            command = (
                [
                    "lego",
                    "--accept-tos",
                    "--email",
                    config["acme_email"],
                    "--dns",
                    domain["provider"],
                    "--server",
                    config[f"acme_server_{args.env}"],
                    "--dns.disable-cp",
                ]
                + subdomain_requests
                + [
                    "renew",
                    "--reuse-key",
                    "--renew-hook",
                    domain[f"renew_script_{args.env}"],
                ]
            )
            environment = {
                "DESEC_POLLING_INTERVAL": str(config["timeout_seconds"]),
                "DESEC_TOKEN": config["desec_token"],
                "MYTHICBEASTS_PASSWORD": config["mythic_beasts_secret"],
                "MYTHICBEASTS_POLLING_INTERVAL": str(config["timeout_seconds"]),
                "MYTHICBEASTS_USERNAME": config["mythic_beasts_key_id"],
            }
            logging.info(f"Running command {command}")
            subprocess.run(command, env=environment)


if __name__ == "__main__":
    main()