#!/bin/bash

set -euo pipefail

. driglibash-base
here="$(where)"

# For some variables
. /etc/jeancloud.env
set -a
. "$here/.env"
set +a

# Test secret presence
[ ! -f "$DATA_DIR/rfc2136.ini" ] && echo "$0 Missing file '$DATA_DIR/rfc2136.ini'" && exit 1

export tmp="$(mktemp -d)"
mkdir -p "$tmp/{work,logs}"

# If there is some args, populate a fake service file
if [ "$#" -ge 1 ] && [ -n "$1" ] ; then
	servicefile="$(mktemp)"
	for service in "$@" ; do
		echo "$service _" >> "$servicefile"
	done
fi

echo "For each service, read all possible domains"
while read line ; do
	read -r service target < <(echo "$line")

	# TODO remove
	( [ "$service" = collectif-arthadie.fr ] || [[ "$service" == *oma-radio.fr ]] ) && continue

	# removo dummy cert
	dummy_cert.sh "$service" remove

	[ -d "$DATA_DIR/certs/live/$service" ] && echo "Already exists, thats a job for renew : $service" && continue

	# acme
	"$here/acme-dns.sh" "$service"

	# Replace dummy cert if letsencrypt failed
	[ "$?" -ne 0 ] && dummy_cert.sh "$service" add
done < "$servicefile"

echo "Push certs to other servers"
for srv in $(host -t TXT shlago.jean-cloud.org ns.jean-cloud.org | grep -Po 'descriptive text "\K[^"]+' | tr ',' ' ' | tr ' ' '\n') ; do
	server="$srv.jean-cloud.org"
	echo "-- $server"
	rsync -avz -e "ssh -i '$DATA_DIR/certs.priv' -p 45985" "$DATA_DIR/certs" "certs@$server:$DATA_DIR/certs"
done