#!/bin/sh


set -e


#-------------------------------------------------------------------------


check_mod() {
	mod=$1 ; shift
	own=$1 ; shift

	echo "Checking file or directory $@ for mod $mod and owner $own"
	if [ -d "$@" -o -f "$@" ] ; then
		chmod $mod "$@"
		chown $own "$@"
	fi
}

check_exist() {
	what=$1 ; shift
	mod=$1 ; shift
	own=$1 ; shift

	case $what in
		-f)
			echo "Checking if file $@ exists"
			[ ! -f "$@" ] && mkdir -p "${@%/*}" && touch "$@"
			;;
		-d)
			echo "Checking if directory $@ exists"
			[ ! -d "$@" ] && mkdir -p "$@"
			;;
		*)
			;;
	esac
	check_mod $mod $own $@
}


#-------------------------------------------------------------------------


post_install() {
	SEC_SCRIPT="/usr/local/bin/getsecrets.py"
	SEC_CACHE="/dev/shm/secret.cache"

	for DIR in /Berkanavt/keys/grafana /etc/nginx/ssl ; do
		check_exist -d 755 root:root $DIR
	done

	if [ "$SUDO_USER" = "z2" ] ; then
		export SUDO_USER="robot-skc"
	fi

	ENVFILE="/etc/solomon/env"
	if [ -r $ENVFILE ] ; then
		e=$(cat $ENVFILE 2>/dev/null)

		case $e in
			"testing")
				SSL_KEY_ID="7F001B8DB903B7BA32FE22B99C0002001B8DB9"
				TVM_SEC="sec-01ep7g7hhkq7gss7401s9czwe2"
				TVM_ID="2024579"
				;;
			"production")
				SSL_KEY_ID="116703D741AA57632ECAEEFE"
				TVM_SEC="sec-01eprs47rhjzdthv7hmvmad5d1"
				TVM_ID="2024699"
				;;
			*)
				echo "Cannot determine environment"
				exit 1
				;;
		esac
	fi
	BBPROXY_TVM_FILE="/Berkanavt/keys/bbproxy.tvm"
	BBPROXY_GRAFANA_FMT='{{
	"Id": '$TVM_ID',
	"Secret": "{value}"
}}'
	GRAFANA_FMT='grafana:{value[0]}
grafana-web:{value[1]}'

	SSL_SECRET=$(yav list secrets -q $SSL_KEY_ID --compact | awk 'FNR == 3 {print $1}')
	if [ -z "$SSL_SECRET" ] ; then
		echo "No secrets found for $SSL_KEY_ID!"
		exit 1
	fi
	echo "Using sec id '$SSL_SECRET'"
	rm -vf $SEC_CACHE
	$SEC_SCRIPT -i $SSL_SECRET -c $SEC_CACHE -f /etc/nginx/ssl/grafana_cert.pem -p 400 -k ${SSL_KEY_ID}_certificate --format "{value}"
	$SEC_SCRIPT -i $SSL_SECRET -c $SEC_CACHE -f /etc/nginx/ssl/grafana_key.pem  -p 400 -k ${SSL_KEY_ID}_private_key --format "{value}"
	$SEC_SCRIPT -i $TVM_SEC -f $BBPROXY_TVM_FILE -p 400 -o nobody:nogroup -k client_secret --format "$BBPROXY_GRAFANA_FMT"
	$SEC_SCRIPT -i sec-01ef28b0rv42gtykxc485vc3wd -f /Berkanavt/keys/grafana/grafana.secrets -p 440 -k grafana,grafana-webadmin --format "$GRAFANA_FMT"
	rm -vf $SEC_CACHE
}


#-------------------------------------------------------------------------


case "$1" in
	configure)
		post_install
	;;

	abort-upgrade|abort-remove|abort-deconfigure)
	;;

	*)
		echo "postinst was called with unknown argument '$1'" >&2
		exit 1
	;;
esac

#DEBHELPER#

exit 0
