#!/bin/sh -e

ROOT_DIR="/Berkanavt/jaeger"
ENV_FILE="$ROOT_DIR/etc/jaeger.environment"

T_USER="user_tracing"
T_GROUP="group_tracing"

SEC_OAUTH="/Berkanavt/keys/tracing/ydb.oauth"
SEC_CACHE="/dev/shm/secret.cache"
SEC_SCRIPT="/usr/local/bin/getsecrets.py -c $SEC_CACHE"
SEC_PATH="/etc/nginx/ssl"

BBPROXY_TVM_FILE="/Berkanavt/keys/bbproxy.tvm"
BBPROXY_TVM_FMT='{{
    "Id": 2025402,
    "Secret": "{value}"
}}'


case "$1" in
	configure)
		/bin/chmod 440 ${ENV_FILE}

		if [ "$SUDO_USER" = "z2" ] ; then
			export SUDO_USER="robot-skc"
		fi
		rm -vf $SEC_CACHE
		$SEC_SCRIPT -i sec-01dmjfzn46m7wfs725tdmwz12w -f $SEC_OAUTH -o $T_USER:$T_GROUP -p 400 -k oauth_ydb --format "{value}"
		SSL_SECRET="sec-01fnbkregxh9pzvcghx4k0myky"
		SSL_KEY_ID="7F0019ACE778DA66F3D61DFD7200020019ACE7"
		$SEC_SCRIPT -i $SSL_SECRET -f ${SEC_PATH}/jaeger_cert.pem -p 400 -k ${SSL_KEY_ID}_certificate --format "{value}"
		$SEC_SCRIPT -i $SSL_SECRET -f ${SEC_PATH}/jaeger_key.pem -p 400 -k ${SSL_KEY_ID}_private_key --format "{value}"
		TVM_SECRET="sec-01esny81yxm021k2e246hwe83c"
		$SEC_SCRIPT -i $TVM_SECRET -f $BBPROXY_TVM_FILE -p 400 -o nobody:nogroup -k client_secret --format "$BBPROXY_TVM_FMT"
		rm -vf $SEC_CACHE

		sed -i "s/OAUTH-YDB-TOKEN/$(cat $SEC_OAUTH 2>/dev/null)/" $ENV_FILE

		ND="/etc/nginx"
		SE="$ND/sites-enabled"
		SA="$ND/sites-available"
		CONF="jaeger_nginx"
		CONFFILE="$ND/nginx-tracing.conf"
		NGINX_DEFAULTS="/etc/default/nginx"

		echo "CONFFILE=$CONFFILE" > $NGINX_DEFAULTS
		ln -sf $SA/$CONF $SE/$CONF

		if nginx -qt -c $CONFFILE ; then
			nginx -s reload -c $CONFFILE
		else
			echo "Configuration failed"
		fi

		/bin/systemctl daemon-reload
		for APP in jaeger-query yandex-solomon-agent ; do
			if ! /bin/systemctl enable ${APP} ; then
				echo "Cannot enable ${APP} service!"
			fi
			if ! /bin/systemctl restart ${APP} ; then
				echo "Cannot restart ${APP} service!"
			fi
		done
	;;
	*)
		;;
esac
