#!/bin/bash
#
# Dump Traefik certs and install into containers that need them

if ! command -v traefik-certs-dumper &> /dev/null; then
	failcheck "FAILED - traefik-certs-dumper tool not installed"
fi

fail() {
  echo -ne "\n\nFAILED - $1\n\n"
  exit 2;
}

. /etc/federated

if [[ "${PLUS}" != "true" ]]; then
  echo -ne "\n* Dumping certs from traefik into /federated/certs.new.."
  traefik-certs-dumper file --version v2 --source /federated/apps/traefik/data/letsencrypt/acme.json --dest /federated/certs.new &> /dev/null
  [ $? -ne 0 ] && fail "Couldn't dump certs from traefik-certs-dumper into certs.new"
  echo -ne "done."

  diff /federated/certs.new/certs/$DOMAIN.crt /federated/certs/certs/$DOMAIN.crt &> /dev/null
  if [ $? -eq 0 ]; then
    echo -ne "\n* The certificates are the same (we are not restarting services)."
  else
    echo -ne "\n* The certificates are NOT the same (we will restart services)."
    MATCH="no"
  fi

  echo -ne "\n* Moving certs from /federated/certs.new into /federated/certs.."
  cp /federated/certs.new/certs/$DOMAIN.crt /federated/certs/certs/$DOMAIN.crt
  [ $? -ne 0 ] && fail "Couldn't move /federated/certs.new to /federated/certs"
  cp /federated/certs.new/private/$DOMAIN.key /federated/certs/private/$DOMAIN.key
  [ $? -ne 0 ] && fail "Couldn't move /federated/certs.new to /federated/certs"
  rm -rf /federated/certs.new
  echo -ne "done."

  echo -ne "\n* Installing certs into /federated/apps that use it.."
  # Install into PostgreSQL container
  cp /federated/certs/certs/$DOMAIN.crt /federated/apps/postgresql/data/var/lib/postgresql/server.crt
  cp /federated/certs/private/$DOMAIN.key /federated/apps/postgresql/data/var/lib/postgresql/server.key
  chown 999 /federated/apps/postgresql/data/var/lib/postgresql/server.crt /federated/apps/postgresql/data/var/lib/postgresql/server.key
  chmod 600 /federated/apps/postgresql/data/var/lib/postgresql/server.crt /federated/apps/postgresql/data/var/lib/postgresql/server.key

  # Install into LDAP container
  cp /federated/certs/certs/$DOMAIN.crt /federated/certs/private/$DOMAIN.key /federated/apps/ldap/data/certs/

  # Install into Mail container
  cp /federated/certs/certs/$DOMAIN.crt /federated/certs/private/$DOMAIN.key /federated/apps/mail/data/root/certs/

  # Install into Collabora container
  #cp /federated/certs/certs/$DOMAIN.crt /federated/certs/private/$DOMAIN.key /federated/apps/collabora/data/root/certs/
  #chown 104 /federated/apps/collabora/data/root/certs/*

  # Install into Matrix container
  cp /federated/certs/certs/$DOMAIN.crt /federated/certs/private/$DOMAIN.key /federated/apps/matrix/data/matrix/
  chmod 644 /federated/apps/matrix/data/matrix/$DOMAIN.crt /federated/apps/matrix/data/matrix/$DOMAIN.key
  echo -ne "done.\n"

  if [ "$MATCH" = "no" ]; then
    echo "\n* Restarting services that use the certificate.."
    /federated/bin/stop postgresql
    /federated/bin/stop ldap
    /federated/bin/stop mail
    /federated/bin/stop matrix
    /federated/bin/start postgresql
    /federated/bin/start ldap 
    /federated/bin/start mail 
    /federated/bin/start matrix
    echo -ne "done.\n"
  fi

  echo -ne "\n\n"
else
  echo -ne "\n* Dumping certs from traefik into /federated/certs.."
  traefik-certs-dumper file --version v2 --source /federated/apps/traefik/data/letsencrypt/httpacme.json --dest /federated/certs &> /dev/null
  [ $? -ne 0 ] && fail "Couldn't dump certs from traefik-certs-dumper into certs"
  echo -ne "done."
  echo -ne "\n\n"
fi