#!/command/with-contenv bash
# shellcheck shell=bash

#Creating needed folders and files if they don't already exist
if [ ! -d /config/.secrets ]
then
    mkdir /config/.secrets
fi

if [ ! -d /config/letsencrypt ]
then
    mkdir /config/letsencrypt
fi

if [ ! -d /config/letsencrypt/keys ]
then
    mkdir /config/letsencrypt/keys
fi

if [ ! -d /config/logs ]
then
    mkdir /config/logs
fi

if [ ! -f /config/logs/renew.log ]
then
    touch /config/logs/renew.log
fi

if [ ! -f /config/.crontab.txt ]
then
    touch /config/.crontab.txt
fi

if [ ! -f /config/.secrets/cloudflare.ini ]
then
    touch /config/.secrets/cloudflare.ini
fi

if [ -n "$CLOUDFLARE_TOKEN" ]
then
    echo "Cloudflare token is present"

    echo "dns_cloudflare_api_token = $CLOUDFLARE_TOKEN" > /config/.secrets/cloudflare.ini

fi

if [ ! -s /config/.secrets/cloudflare.ini ]
then
    echo "cloudflare.ini is empty - please add your Cloudflare credentials or API key before continuing. This can be done as an ENV var, or by editing the file directly"

    exit 22
fi

#Securing cloudflare.ini to supress warnings
chmod 600 /config/.secrets/cloudflare.ini

echo "Creating certificates, or attempting to renew if they already exist"

if [[ $STAGING = true ]] 
then
    echo "Using staging endpoint - THIS SHOULD BE USED FOR TESTING ONLY"
    certbot certonly --staging --non-interactive --config-dir /config/letsencrypt --work-dir /config/.tmp --logs-dir /config/logs --key-path /config/letsencrypt/keys --expand --agree-tos --dns-cloudflare --dns-cloudflare-propagation-seconds $PROPOGATION_TIME --dns-cloudflare-credentials /config/.secrets/cloudflare.ini --email $EMAIL -d $DOMAINS
    echo "Creation/renewal attempt complete"
elif [[ $STAGING = false ]] 
then
    echo "Using production endpoint"
    certbot certonly --non-interactive --config-dir /config/letsencrypt --work-dir /config/.tmp --logs-dir /config/logs --key-path /config/letsencrypt/keys --expand --agree-tos --dns-cloudflare --dns-cloudflare-propagation-seconds $PROPOGATION_TIME --dns-cloudflare-credentials /config/.secrets/cloudflare.ini --email $EMAIL -d $DOMAINS
    echo "Creation/renewal attempt complete"
else
    echo "Unrecognised option for STAGING variable - check your configuration"

    exit 22
fi

if [[ $GENERATE_DHPARAM = true ]] && [[ ! -s /config/letsencrypt/keys/ssl-dhparams.pem ]]
then
    echo "Generating Diffie-Hellman keys, saved to /config/letsencrypt/keys"
    openssl dhparam -out /config/letsencrypt/keys/ssl-dhparams.pem 4096
fi

echo "$INTERVAL /certbot-renew.sh >> /config/logs/renew.log" > /config/.crontab.txt

echo "Starting automatic renewal job. Schedule is $INTERVAL"
crontab /config/.crontab.txt