#!/bin/bash

USER=nginx

SECRET_FILES=(
    /etc/yandex/disk-secret-keys.yaml
    /etc/yandex/disk-stat-token
    /etc/yandex/mpfs/admins_overrides.yaml
    /etc/yandex/mpfs/access_overrides.yaml
    /etc/yandex/certificates-check.yaml
    /etc/yandex/disk/log-reader/application-secret.properties
    /etc/nginx/keys/tvm-asymmetric.public
)

MPFS_DIRS=(
    /var/log/mpfs
    /var/run/mpfs
    /var/lib/mpfs
    /etc/nginx/keys
)

# extract mpfs tar file from sandbox
# there should be connected application sandbox resource
MPFS_ARCHIVE=$(ls  -1 /mpfs/)
cd / && tar -zxf /mpfs/"$MPFS_ARCHIVE" --exclude='etc/monrun/*' --exclude='etc/logrotate.d/*' --exclude='etc/nginx/*'
logger -t 'disk-init' "Unpack mpfs. Exit code $?"


# MPFS postinstall
gid="-g 58"
getent group 58 >/dev/null 2>&1 && gid=""
uid="-u 58"
getent passwd 58 >/dev/null 2>&1 && uid=""

getent group ${USER} >/dev/null 2>&1 || groupadd $gid ${USER} >/dev/null 2>&1
getent passwd ${USER} >/dev/null 2>&1 || useradd -s /bin/bash -m -g ${USER} $uid ${USER} >/dev/null 2>&1


if [ ! -L /usr/lib/python2.7/dist-packages/mpfs ]; then
    ln -s /usr/share/pyshared/mpfs /usr/lib/python2.7/dist-packages/mpfs
fi

if [ ! -L /usr/lib/python2.7/dist-packages/python_mpfs_disk-0.1.egg-info ]; then
    ln -s /usr/share/pyshared/python_mpfs_disk-0.1.egg-info /usr/lib/python2.7/dist-packages/python_mpfs_disk-0.1.egg-info
fi

if [ ! -d /var/lib/mpfs/spoolers/zookeeper_config_cache ]; then
    mkdir -p /var/lib/mpfs/spoolers/zookeeper_config_cache
fi


# create /etc/nginx/keys dir
mkdir -p /etc/nginx/keys
chmod 0750 /etc/nginx/keys


# move files with secrets
mv /secrets/disk_secret_keys/disk-secret-keys.yaml /etc/yandex/disk-secret-keys.yaml
mv /secrets/mpfs_secrets/tvm-asymmetric.public /etc/nginx/keys/tvm-asymmetric.public
mv /secrets/mpfs_secrets/disk-mpfs-token /etc/yandex/disk-mpfs-token
mv /secrets/mpfs_secrets/access_overrides.yaml /etc/yandex/mpfs/access_overrides.yaml
mv /secrets/log-reader_secrets/application-secret.properties /etc/yandex/disk/log-reader/application-secret.properties


# remove default nginx log config
rm /etc/nginx/conf.d/01-access-tskv.conf


# set dir permissons
for mpfs_dir in "${MPFS_DIRS[@]}"; do
    chown -R ${USER}:${USER} "$mpfs_dir"
done

# set secret files permissions
for secret_file in "${SECRET_FILES[@]}"; do
    chown ${USER}:${USER} "$secret_file"
    chmod 0440 "$secret_file"
done

# set logfile permissions
touch /var/log/mpfs/uwsgi-tskv.log
chown ${USER}:${USER} /var/log/mpfs/uwsgi-tskv.log
chmod 0644 /var/log/mpfs/uwsgi-tskv.log

# Replace hardcoded UWSGI parameters in configs with ENV variables. Fix in package/tar in future.
sed -i 's/^processes \= [0-9]\+$/processes \= \$\(UWSGI_PROC_NUM)/g' /etc/yandex/mpfs/uwsgi/uwsgi-disk.conf.*
sed -i 's/^listen \= [0-9]\+$/listen \= \$\(UWSGI_LISTEN_QUEUE)/g' /etc/yandex/mpfs/uwsgi/uwsgi-disk.conf.*

# redirect MPFS to specific rabbitmq (only unsupported DCs)
RABBIT_DC="${DEPLOY_NODE_DC:-}"
if [[ $RABBIT_DC == "vla" ]]; then
    RABBIT_DC="${REDIRECT_UNSUPPORTED_FOR_RABBIT_DC_TO:-}"
fi
export RABBIT_DC
envsubst '${RABBIT_DC}' </etc/yandex/mpfs/supervisor-backend.tmpl >/etc/yandex/supervisor/conf.d/backend.conf

echo "prestart hook executer successfully"
