#!/bin/sh
#/ Usage: ghe-backup-encrypted-s3

GIT_BACKUP_VERSION="3.0.0"

# Exit immediately if a command exits with a non-zero status.
set -e

# Assume the current directory is the root.
GHE_SECURE_BACKUP_ROOT="$(pwd)"

# The backup config file. This may be set in the environment.
: ${GHE_SECURE_BACKUP_CONFIG:="$GHE_SECURE_BACKUP_ROOT/../etc/ghe-secure-backup.conf"}

# Source in the backup config file from the local working copy location first
# and then falling back to the system location.
config_found=false
for f in "$GHE_SECURE_BACKUP_CONFIG" "/opt/twitch/ghe-secure-backup/etc/ghe-secure-backup.conf"; do
    if [ -f "$f" ]; then
        GHE_SECURE_BACKUP_CONFIG="$f"
        . "$GHE_SECURE_BACKUP_CONFIG"
        config_found=true
        break
    fi
done

# Check that the config file exists before we source it in.
if ! $config_found; then
    echo "Error: No GHE secure backup configuration file found. Tried:" 1>&2
    echo " - $GHE_SECURE_BACKUP_CONFIG" 1>&2
    echo " - /opt/twitch/ghe-secure-backup/etc/ghe-secure-backup.conf" 1>&2
    exit 2
fi

# Check that GHE_S3_BUCKET is set.
if [ -z "$GHE_S3_BUCKET" ]; then
    echo "Error: GHE_S3_BUCKET not set in config file." 1>&2
    exit 2
fi

# Check that GHE_PGP_RECIPIENT is set.
if [ -z "$GHE_PGP_RECIPIENT" ]; then
    echo "Error: GHE_PGP_RECIPIENT not set in config file." 1>&2
    exit 2
fi

# Check that GHE_HOSTNAME is set.
if [ -z "$GHE_HOSTNAME" ]; then
    echo "Error: GHE_HOSTNAME not set in config file." 1>&2
    exit 2
fi

# Check that GHE_ARCHIVE_DIR is set.
if [ -z "$GHE_ARCHIVE_DIR" ]; then
    echo "Error: GHE_ARCHIVE_DIR not set in config file." 1>&2
    exit 2
fi

# Check that GHE_DATA_DIR is set.
if [ -z "$GHE_DATA_DIR" ]; then
    echo "Error: GHE_DATA_DIR not set in config file." 1>&2
    exit 2
fi

# File and path variables
CURRENT_DATE="$(date +"%Y%m%dT%H%M%S")"
ARCHIVE="ghe-secure-backup-${CURRENT_DATE}.tar.gpg"
ARCHIVE_PATH="$GHE_ARCHIVE_DIR"/"$ARCHIVE"

# Remove old encrypted archives to free up space
#touch "$GHE_ARCHIVE_DIR"/will_delete_in_next_line
#rm -r "$GHE_ARCHIVE_DIR"/*
OLD_ARCHIVES=$(ls -1 /mnt/ghe_secure_backup/archive/ghe-secure-backup-*.tar.gpg | sort | head -n -2)
if [ -n "$OLD_ARCHIVES" ]; then
    echo ">>> Removing old encrypted archives..."
    echo $OLD_ARCHIVES | xargs rm -v
fi

# Create our backup files
echo ">>> Starting to call ghe-backup ... (`date`)"
github-backup-utils-v$GIT_BACKUP_VERSION/bin/ghe-backup

# Package our files by the date
echo ">>> Packaging and Encrypting files ... (`date`)"
CURRENT_DATA_DIR=$(readlink -f $GHE_DATA_DIR/current)
tar c "$CURRENT_DATA_DIR" | gpg -e -r "$GHE_PGP_RECIPIENT" > "$ARCHIVE_PATH"

echo ">>> Copying the gpg file to the s3 bucket ... (`date`)"
aws s3 cp "$ARCHIVE_PATH" s3://"$GHE_S3_BUCKET"/"$ARCHIVE" --sse


# only directories that start with a year (this should work until 2999, hopefully Twitch and bash are still around)
OLD_DATADIRS=$(ls -d1 $GHE_DATA_DIR/2* | sort | head -n -2)
if [ -n "$OLD_DATADIRS" ]; then
    echo ">>> Removing old backup data... (`date`)"
    echo $OLD_DATADIRS | xargs rm -rf
fi
