#!/bin/bash -x
#
# PowerDNS DNS Service

PATH=$HOME/.docker/cli-plugins:/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin

config_pdns() {
  echo -ne "\n* Configuring /federated/apps/pdns container.."

  if [ ! -d "/federated/apps/pdns" ]; then
    mkdir -p /federated/apps/pdns/data/root
  fi

cat > /federated/apps/pdns/docker-compose.yml <<EOF
services:
  pdns:
    image: pschiffe/pdns-mysql:\${IMAGE_VERSION}
    container_name: pdns
    hostname: pdns.$DOMAIN
    restart: always
    networks:
      core:
        ipv4_address: 192.168.0.11
    ports:
      - "53:53"
      - "53:53/udp"
    env_file:
      - ./.env
    volumes:
      - ./data/root:/root

networks:
  core:
    external: true
EOF

EXTERNALIP=$(get_externalip);
MYSQL_PASSWORD=`grep MYSQL_PASSWORD /federated/apps/pdnsmysql/.env | awk -F= '{ print $2 }'`
PDNS_APIKEY=$(create_password);
PDNS_WEBSERVER_PASSWORD=$(create_password);

cat > /federated/apps/pdns/.env <<EOF
IMAGE_VERSION="4.9"
PDNS_gmysql_host=pdnsmysql.$DOMAIN
PDNS_gmysql_port=3306
PDNS_gmysql_user=pdns
PDNS_gmysql_dbname=pdns
PDNS_gmysql_password=$MYSQL_PASSWORD
PDNS_primary=yes
PDNS_api=yes
PDNS_api_key=$PDNS_APIKEY
PDNSCONF_API_KEY=$PDNS_APIKEY
PDNS_webserver=yes
PDNS_webserver_allow_from=127.0.0.1,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16
PDNS_webserver_address=0.0.0.0
PDNS_webserver_password=$PDNS_WEBSERVER_PASSWORD
PDNS_version_string=anonymous
PDNS_default_ttl=1500
PDNS_allow_notify_from=0.0.0.0
PDNS_allow_axfr_ips=5.161.216.170/32
PDNS_also_notify=5.161.216.170
PDNS_disable_axfr=no
PDNS_default_soa_content=ns1.@ hostmaster.@ 0 10800 3600 604800 3600
PDNS_allow_dnsupdate_from=127.0.0.0/8,::1,192.168.0.0/16
PDNS_dnsupdate=yes
EOF
chmod 600 /federated/apps/pdns/.env

cat > /federated/apps/pdns/data/root/createrecords.sh <<EOF
#!/bin/bash -x

# Create the default domain DNS zone
curl -X POST --data '{"name":"$DOMAIN.", "kind": "Master", "masters": []}' -v -H 'X-API-Key: $PDNS_APIKEY' http://127.0.0.1:8081/api/v1/servers/localhost/zones

# Create the MX and SPF TXT record for domain
curl -X PATCH --data '{"rrsets": [ {"name": "$DOMAIN.", "type": "MX", "ttl": 86400, "changetype": "REPLACE", "records": [ {"content": "10 mail.$DOMAIN.", "disabled": false } ] } ] }' -H 'X-API-Key: $PDNS_APIKEY' http://127.0.0.1:8081/api/v1/servers/localhost/zones/$DOMAIN.
curl -X PATCH --data '{"rrsets": [ {"name": "$DOMAIN.", "type": "TXT", "ttl": 86400, "changetype": "REPLACE", "records": [ {"content": "\"v=spf1 mx a:$DOMAIN ~all\"", "disabled": false } ] } ] }' -H 'X-API-Key: $PDNS_APIKEY' http://127.0.0.1:8081/api/v1/servers/localhost/zones/$DOMAIN.

# Create the A records for domain
for i in ns1 ns2 pdnsadmin powerdns traefik mail www computer panel nextcloud collabora jitsi matrix element vpn wireguard baserow gitea blog documentation castopod podcasts caddy calcom plane; do
  curl -X PATCH --data "{\"rrsets\": [ {\"name\": \"\$i.$DOMAIN.\", \"type\": \"A\", \"ttl\": 86400, \"changetype\": \"REPLACE\", \"records\": [ {\"content\": \"$EXTERNALIP\", \"disabled\": false } ] } ] }" -H 'X-API-Key: $PDNS_APIKEY' http://127.0.0.1:8081/api/v1/servers/localhost/zones/$DOMAIN.
done

# TEST

# Create catchall A record for domain
#curl -X PATCH --data '{"rrsets": [ {"name": "*.$DOMAIN.", "type": "A", "ttl": 86400, "changetype": "REPLACE", "records": [ {"content": "$EXTERNALIP", "disabled": false } ] } ] }' -H 'X-API-Key: $PDNS_APIKEY' http://127.0.0.1:8081/api/v1/servers/localhost/zones/$DOMAIN.

# Create CNAME record for domain to www
curl -X PATCH --data '{"rrsets": [ {"name": "*.$DOMAIN.", "type": "CNAME", "ttl": 86400, "changetype": "REPLACE", "records": [ {"content": "www.$DOMAIN.", "disabled": false } ] } ] }' -H 'X-API-Key: $PDNS_APIKEY' http://127.0.0.1:8081/api/v1/servers/localhost/zones/$DOMAIN.

pdnsutil add-record $DOMAIN @ NS ns1.$DOMAIN
pdnsutil add-record $DOMAIN @ NS ns2.$DOMAIN
pdnsutil add-record $DOMAIN @ A 86400 $EXTERNALIP

pdnsutil import-tsig-key fedcomdns hmac-sha512 2BJrbNNmy5Hl+uFO1QcvQBpXx+Kbv9IdbyrHpwK7lYWDKmgTOmJu7eR0srfRNSVpTOnK6bQWOm4BxkrrQxd6Gw==
pdnsutil activate-tsig-key $DOMAIN fedcomdns primary
EOF
chmod +x /federated/apps/pdns/data/root/createrecords.sh
 
echo -ne "done."
}
start_pdns() {
  # Start service with command to make sure it's up before proceeding
  start_service "pdns" "nc -z 192.168.0.11 8081 &> /dev/null" "7"

  # Create DNS records for newdomain
#  docker exec pdns pdnsutil create-zone $DOMAIN
#  docker exec pdns pdnsutil set-kind $DOMAIN native
#  docker exec pdns pdnsutil set-meta $DOMAIN SOA-EDIT-API DEFAULT

#  for i in ns1 ns2 powerdns traefik mail www computer panel nextcloud collabora jitsi matrix element listmonk vaultwarden vpn wireguard baserow gitea blog documentation calcom plane; do
#    docker exec pdns pdnsutil add-record $DOMAIN $i A 86400 $EXTERNALIP
#  done

#  docker exec pdns pdnsutil add-record $DOMAIN @ NS ns1.$DOMAIN_NEW
#  docker exec pdns pdnsutil add-record $DOMAIN @ NS ns2.$DOMAIN_NEW
#  docker exec pdns pdnsutil add-record $DOMAIN @ MX 86400 "10 mail.$DOMAIN"
#  docker exec pdns pdnsutil add-record $DOMAIN @ TXT 86400 "\"v=spf1 mx a:$DOMAIN ~all\""
#  docker exec pdns pdnsutil add-record $DOMAIN \* CNAME 86400 www.$DOMAIN
#  docker exec pdns pdnsutil add-record $DOMAIN @ A 86400 $EXTERNALIP

  # Run createrecords.sh inside pdns container
  docker exec pdns /root/createrecords.sh &> /dev/null
  [ $? -ne 0 ] && fail "Couldn't run createrecords.sh in /federated/apps/pdns container"

  # Remove createrecords
  rm /federated/apps/pdns/data/root/createrecords.sh

  echo -ne "done."
}