#!/bin/bash

if [ -z "$DOMAIN_NAME" ]; then
  echo "Fehler: DOMAIN_NAME ist nicht gesetzt."
  echo "Bitte setzen Sie die Variable mit: export DOMAIN_NAME='IhreDomain.de'"
  exit 1  # Skript mit Fehlercode beenden
fi
AWS_REGION="us-east-2"
EMAIL_PREFIX="emails/"
S3_BUCKET_NAME=$(echo "$DOMAIN_NAME" | tr '.' '-' | awk '{print $0 "-emails"}')
# Ersetzen Sie alle Punkte durch Bindestriche und erstellen Sie den RULE_NAME
RULE_NAME="store-$(echo "$DOMAIN_NAME" | tr '.' '-')-to-s3"

# ------------------------
# 1. S3 Bucket erstellen
# ------------------------
echo "S3 Bucket erstellen..."
aws s3api create-bucket \
  --bucket ${S3_BUCKET_NAME} \
  --region ${AWS_REGION} \
  --create-bucket-configuration LocationConstraint=${AWS_REGION}

# Öffentlichen Zugriff blockieren
aws s3api put-public-access-block \
  --bucket ${S3_BUCKET_NAME} \
  --public-access-block-configuration "BlockPublicAcls=true,IgnorePublicAcls=true,BlockPublicPolicy=true,RestrictPublicBuckets=true"

# Lebenszyklus-Konfiguration hinzufügen
aws s3api put-bucket-lifecycle-configuration \
  --bucket ${S3_BUCKET_NAME} \
  --lifecycle-configuration '{
    "Rules": [
      {
        "ID": "DeleteOldEmails",
        "Status": "Enabled",
        "Expiration": {
          "Days": 90
        },
        "Filter": {
          "Prefix": ""
        }
      }
    ]
  }'
  
echo "S3 Bucket Policy hinzufügen..."
aws s3api put-bucket-policy \
  --bucket ${S3_BUCKET_NAME} \
  --policy '{
    "Version": "2012-10-17",
    "Statement": [
      {
        "Effect": "Allow",
        "Principal": {
          "Service": "ses.amazonaws.com"
        },
        "Action": [
          "s3:PutObject",
          "s3:GetBucketLocation",
          "s3:ListBucket"
        ],
        "Resource": [
          "arn:aws:s3:::'${S3_BUCKET_NAME}'",
          "arn:aws:s3:::'${S3_BUCKET_NAME}'/*"
        ]
      }
    ]
  }'

# ------------------------  
# 2. SES Domain-Identität erstellen
# ------------------------
echo "SES Domain-Identität erstellen..."
aws sesv2 create-email-identity \
  --email-identity ${DOMAIN_NAME} \
  --region ${AWS_REGION}

# DKIM-Signierung aktivieren
aws sesv2 put-email-identity-dkim-attributes \
  --email-identity ${DOMAIN_NAME} \
  --signing-enabled \
  --region ${AWS_REGION}

# Mail-From-Domain konfigurieren
aws sesv2 put-email-identity-mail-from-attributes \
  --email-identity ${DOMAIN_NAME} \
  --mail-from-domain "mail.${DOMAIN_NAME}" \
  --behavior-on-mx-failure USE_DEFAULT_VALUE \
  --region ${AWS_REGION}

# --------------------------
# Receive Emails
# -------------------------
# 3. Receipt Rule Set erstellen
echo "Receipt Rule for bizmatch ruleset erstellen..."
    
aws ses create-receipt-rule --rule-set-name "bizmatch-ruleset" --rule '{
  "Name": "'"${RULE_NAME}"'",
  "Enabled": true,
  "ScanEnabled": true,
  "Actions": [{
    "S3Action": {
      "BucketName": "'"${S3_BUCKET_NAME}"'",
      "ObjectKeyPrefix": "emails/"
    }
  }],
  "TlsPolicy": "Require"
}'