#!/usr/bin/env sh

LEGO_WORKING_PATH="/opt/services/.lego/"

set -e

domain="$1"

action="$2" # either "run" or "renew"
if [ -z "$action" ] || [ -z "$domain" ]; then
    echo "Usage: $0 <domain> <run|renew>"
    exit 1
fi
if [ "$action" != "run" ] && [ "$action" != "renew" ]; then
    echo "Usage: $0 <domain> <run|renew>"
    exit 1
fi

export ACME_DNS_API_BASE="https://acme.serguzim.me/"
export ACME_DNS_STORAGE_PATH="$LEGO_WORKING_PATH/acme-dns.json"

lego -a --email "tobias@msrg.cc" \
    --path "$LEGO_WORKING_PATH" \
    --dns "acme-dns" \
    --domains "$domain" \
    "$action"

# Copy registry.serguzim.me files to harbor data directory
if [ "$domain" = "registry.serguzim.me" ]; then
	echo "Deploying certificates for registry.serguzim.me"
	sudo cp "$LEGO_WORKING_PATH/certificates/registry.serguzim.me.crt" /opt/services/harbor/data/secret/cert/server.crt
	sudo cp "$LEGO_WORKING_PATH/certificates/registry.serguzim.me.key" /opt/services/harbor/data/secret/cert/server.key
fi

# Copy db.serguzim.me files to postgresql data directory
if [ "$domain" = "db.serguzim.me" ]; then
	echo "Deploying certificates for db.serguzim.me"
	sudo cp "$LEGO_WORKING_PATH/certificates/db.serguzim.me.crt" /var/lib/postgres/data/server.crt
	sudo cp "$LEGO_WORKING_PATH/certificates/db.serguzim.me.key" /var/lib/postgres/data/server.key
	sudo -u postgres pg_ctl -D /var/lib/postgres/data/ reload
fi