#!/bin/sh

os="$(cat "${__global:?}"/explorer/os)"
case "$os" in
	alpine)
		nginx_user=nginx
		nginx_certdir=/etc/nginx/ssl
		;;
	*)
		echo "This type does not support $os yet. Aborting." >&2;
		exit 1;
		;;
esac

if [ -f "${__object:?}/parameter/domain" ];
then
	domain="$(cat "${__object:?}/parameter/domain")"
else
	domain="${__object_id:?}"
fi

# Deploy simple HTTP vhost, allowing to serve ACME challenges.
__recycledcloud_nginx_vhost "301-to-https-$domain" \
	--domain "$domain" --to-https

# Obtaining TLS cert.
__uacme_account
require="__recycledcloud_nginx_vhost/301-to-https-$domain __uacme_account" \
	__uacme_obtain "$domain" --owner $nginx_user \
		--install-key-to "$nginx_certdir/$domain/privkey.pem" \
		--install-cert-to "/$nginx_certdir/$domain/fullchain.pem" \
		--renew-hook "service nginx reload"

# Deploy HTTPS nginx vhost.
if [ -f "${__object:?}/parameter/config" ]; then
	if [ "$(cat "${__object:?}/parameter/config")" = "-" ]; then
		nginx_logic="${__object:?}/stdin"
	else
		nginx_logic="${__object:?}/parameter/config"
	fi

	mkdir -p "${__object:?}/files"
	cat "$nginx_logic" > "${__object:?}/files/config"

	require="__uacme_obtain/$domain" __recycledcloud_nginx_vhost "$domain" \
		--config "${__object:?}/files/config"
else
	require="__uacme_obtain/$domain" __recycledcloud_nginx_vhost "$domain"
fi