#!/bin/sh


set -e


#-------------------------------------------------------------------------


check_mod()
{
	mod=$1 ; shift
	own=$1 ; shift

	echo "Checking file or directory $@ for mod $mod and owner $own"
	if [ -d "$@" -o -f "$@" ] ; then
		chmod $mod "$@"
		chown $own "$@"
	fi
}

check_exist()
{
	what=$1 ; shift
	mod=$1 ; shift
	own=$1 ; shift

	case $what in
		-f)
			echo "Checking if file $@ exists"
			[ ! -f "$@" ] && mkdir -p "${@%/*}" && touch "$@"
			;;
		-d)
			echo "Checking if directory $@ exists"
			[ ! -d "$@" ] && mkdir -p "$@"
			;;
		*)
			;;
	esac
	check_mod $mod $own $@
}


#-------------------------------------------------------------------------


post_install()
{
	LB_TOPIC_PRE="yc.monitoring.cloud/nginx/preprod"
	LB_TOPIC_PROD="yc.monitoring.cloud/nginx/prod"
	UNI_CONF="/etc/yandex/unified_agent/conf.d/010-solomon-nginx.yml"
	UNI_DIR="/var/run/unified_agent"
	UNI_CACHE_DIR="/var/cache/unified_agent"
	ENV_FILE="/etc/solomon/env"
	ND="/etc/nginx"
	SE="$ND/sites-enabled"
	SA="$ND/sites-available"
	SSLDIR="$ND/ssl"
	CONF="solomon.conf"
	CONFFILE="$ND/nginx-solomon.conf"
	NGINX_DEFAULTS="/etc/default/nginx"


	check_exist -d 755 unified_agent:unified_agent $UNI_DIR
	check_exist -d 700 unified_agent:unified_agent $UNI_CACHE_DIR
	check_exist -d 700 root:root $SSLDIR
	check_exist -d 755 root:root $SE
	check_exist -d 755 root:root $SA
	chmod 400 $SSLDIR/* || true
	chown syslog /Berkanavt/nginx/logs/*


	echo "CONFFILE=$CONFFILE" > $NGINX_DEFAULTS
	echo "ulimit -n 16384" >> $NGINX_DEFAULTS

	if [ -r "$ENV_FILE" ] ; then
		env="$(cat $ENV_FILE)"
		echo "Got $env environment"
	else
		echo "Cannot read environment file $ENV_FILE"
		exit 1
	fi
	case $env in
		cloud-preprod)
			sed "s#LB_TOPIC#${LB_TOPIC_PRE}#" ${UNI_CONF}.yandex > ${UNI_CONF}.tmp
			mv ${UNI_CONF}.tmp $UNI_CONF
			;;
		cloud-prod)
			sed "s#LB_TOPIC#${LB_TOPIC_PROD}#" ${UNI_CONF}.yandex > ${UNI_CONF}.tmp
			mv ${UNI_CONF}.tmp $UNI_CONF
			;;
		*)
			echo "Cannot determine environment: $env"
	esac
	ln -sf $SA/$CONF $SE/$CONF

	/usr/local/bin/secrets decrypt \
		--in /Berkanavt/solomon/configs/lb_jwt.${env}.secrets \
		--out /Berkanavt/solomon/secrets/lb_jwt.secret \
		--user unified_agent

	for f in monitoring_api_cert monitoring_api_key default_cert default_key monitoring_private_api_key monitoring_private_api_cert ; do
		/usr/local/bin/secrets decrypt \
			--in /Berkanavt/solomon/configs/ssl.${f}.${env} \
			--out /etc/nginx/ssl/${f}.pem \
			--user root
	done

	if nginx -qt -c $CONFFILE ; then
		if pgrep nginx >/dev/null ; then
			nginx -s reload -c $CONFFILE
		fi
	else
		echo "Configuration failed"
	fi

	systemctl reload-or-restart unified-agent 2>&1 || true
}


#-------------------------------------------------------------------------


case "$1" in
	configure)
		post_install
	;;

	abort-upgrade|abort-remove|abort-deconfigure)
	;;

	*)
		echo "postinst was called with unknown argument '$1'" >&2
		exit 1
	;;
esac

#DEBHELPER#

exit 0
