#!/bin/sh


set -e


#-------------------------------------------------------------------------


check_mod()
{
    mod=$1 ; shift
    own=$1 ; shift

    echo "Checking file or directory $@ for mod $mod and owner $own"
    if [ -d "$@" -o -f "$@" ] ; then
        chmod $mod "$@"
        chown $own "$@"
    fi
}

check_exist()
{
    what=$1 ; shift
    mod=$1 ; shift
    own=$1 ; shift

    case $what in
        -f)
            echo "Checking if file $@ exists"
            [ ! -f "$@" ] && mkdir -p "${@%/*}" && touch "$@"
            ;;
        -d)
            echo "Checking if directory $@ exists"
            [ ! -d "$@" ] && mkdir -p "$@"
            ;;
        *)
            ;;
    esac
    check_mod $mod $own $@
}


#-------------------------------------------------------------------------


post_install()
{
    TVM_ID="2025442"
    LB_TOPIC_PRE="monitoring/hw/prestable/nginx"
    LB_TOPIC_PROD="monitoring/hw/production/nginx"
    UNI_CONF="/etc/yandex/unified_agent/conf.d/010-solomon-nginx.yml"
    UNI_DIR="/var/run/unified_agent"
    UNI_CACHE_DIR="/var/cache/unified_agent"
    UNI_SECFILE="/Berkanavt/keys/solomon/logbroker_secret"

    if [ -f $UNI_SECFILE ] ; then
        mv $UNI_SECFILE ${UNI_SECFILE}.tvm
        check_mod 400 unified_agent:unified_agent ${UNI_SECFILE}.tvm
    fi
    check_exist -d 755 unified_agent:unified_agent $UNI_DIR
    check_exist -d 700 unified_agent:unified_agent $UNI_CACHE_DIR
    check_exist -d 700 root:root /etc/nginx/ssl

    chmod 400 /etc/nginx/ssl/*
    chown syslog /Berkanavt/nginx/logs/*


    ENV_FILE="/etc/solomon/env"
    ND="/etc/nginx"
    SE="$ND/sites-enabled"
    SA="$ND/sites-available"
    CONF="solomon_front"
    SSL="ssl_config"
    MRR="mirrors_conf"
    CONFFILE="$ND/nginx-solomon.conf"
    NGINX_DEFAULTS="/etc/default/nginx"


    echo "CONFFILE=$CONFFILE" > $NGINX_DEFAULTS
    echo "ulimit -n 16384" >> $NGINX_DEFAULTS


    if [ -r "$ENV_FILE" ] ; then
        env="$(cat $ENV_FILE)"
        echo "Got $env environment"
    else
        echo "Cannot read environment file $ENV_FILE"
        exit 1
    fi
    case $env in
        testing|prestable)
            for f in solomon_cert solomon_key ; do
                /usr/local/bin/secrets decrypt \
                    --in /Berkanavt/solomon/configs/ssl.${f}.${env} \
                    --out /etc/nginx/ssl/${f}.pem \
                    --user root
            done
            ln -sf $SA/${SSL}_test $ND/${SSL}
            ln -sf $SA/${MRR}_test $ND/${MRR}
            sed "s#LB_TOPIC#${LB_TOPIC_PRE}#; s#TVM_ID#${TVM_ID}#" ${UNI_CONF}.yandex > ${UNI_CONF}.tmp
            mv ${UNI_CONF}.tmp $UNI_CONF
            ;;
        production)
            for f in solomon_cert solomon_key solomon_dhparam ; do
                /usr/local/bin/secrets decrypt \
                    --in /Berkanavt/solomon/configs/ssl.${f}.${env} \
                    --out /etc/nginx/ssl/${f}.pem \
                    --user root
            done
            ln -sf $SA/${SSL}_prod $ND/${SSL}
            ln -sf $SA/${MRR}_prod $ND/${MRR}
            sed "s#LB_TOPIC#${LB_TOPIC_PROD}#; s#TVM_ID#${TVM_ID}#" ${UNI_CONF}.yandex > ${UNI_CONF}.tmp
            mv ${UNI_CONF}.tmp $UNI_CONF
            ;;
        *)
            echo "Cannot determine environment: $env"
    esac
    ln -sf $SA/$CONF $SE/$CONF

    if nginx -qt -c $CONFFILE ; then
        nginx -s reload -c $CONFFILE
    else
        echo "Configuration failed"
    fi

    systemctl reload-or-restart unified-agent 2>&1 || true
}


#-------------------------------------------------------------------------


case "$1" in
    configure)
        post_install || true
    ;;

    abort-upgrade|abort-remove|abort-deconfigure)
    ;;

    *)
        echo "postinst was called with unknown argument '$1'" >&2
        exit 1
    ;;
esac

#DEBHELPER#

exit 0
