#!/bin/bash
set -euo pipefail

# ============================================================
# Jefflix VPN Rollback Script
# Restores public access to *.jefflix.lol
# ============================================================

echo "========================================"
echo "  Jefflix VPN Rollback"
echo "========================================"
echo ""

# Restore Cloudflare tunnel config
if [ -f /root/cloudflared/config.yml.backup-jefflix-vpn ]; then
    cp /root/cloudflared/config.yml.backup-jefflix-vpn /root/cloudflared/config.yml
    docker restart cloudflared
    echo "✓ Cloudflare tunnel config restored and restarted"
else
    echo "⚠ No backup found at /root/cloudflared/config.yml.backup-jefflix-vpn"
fi

# Restore Headscale config
if [ -f /opt/apps/headscale-deploy/config/config.yaml.backup-jefflix-vpn ]; then
    cp /opt/apps/headscale-deploy/config/config.yaml.backup-jefflix-vpn /opt/apps/headscale-deploy/config/config.yaml
    cd /opt/apps/headscale-deploy && docker compose restart headscale
    echo "✓ Headscale config restored and restarted"
else
    echo "⚠ No Headscale backup found"
fi

# Stop CoreDNS (optional — it doesn't hurt to leave it running)
if docker ps --format '{{.Names}}' | grep -q jefflix-dns; then
    cd /opt/apps/jefflix-dns && docker compose down
    echo "✓ CoreDNS stopped"
fi

echo ""
echo "Rollback complete. Public access to *.jefflix.lol should be restored."
echo "Verify: curl -I https://movies.jefflix.lol"