#!/bin/sh

certbot_fullpath="$(grep "^certbot_path:" "${__object:?}/explorer/certificate-data" | cut -d ':' -f 2-)"
state=$(cat "${__object}/parameter/state")
os="$(cat "${__global:?}/explorer/os")"

if [ -z "${certbot_fullpath}" ]; then
	os_version="$(cat "${__global}/explorer/os_version")"
	# Use this, very common value, as a default. It is OS-dependent
	certbot_fullpath="/usr/bin/certbot"
	case "$os" in
		archlinux)
			__package certbot
		;;
		alpine)
			__package certbot
		;;
		debian)
			case "$os_version" in
				8*)
					__apt_source jessie-backports \
						--uri http://http.debian.net/debian \
						--distribution jessie-backports \
						--component main

					require="__apt_source/jessie-backports" __package_apt python-certbot \
						--target-release jessie-backports
					require="__apt_source/jessie-backports" __package_apt certbot \
						--target-release jessie-backports
					# Seems to be a missing dependency on debian 8
					__package python-ndg-httpsclient
				;;
				9*)
					__apt_source stretch-backports \
						--uri http://http.debian.net/debian \
						--distribution stretch-backports \
						--component main

					require="__apt_source/stretch-backports" __package_apt python-certbot \
						--target-release stretch-backports
					require="__apt_source/stretch-backports" __package_apt certbot \
						--target-release stretch-backports
				;;
				10*|11*)
					__package_apt certbot
				;;

				*)
					echo "Unsupported OS version: $os_version" >&2
					exit 1
				;;
			esac
		;;
		devuan)
			case "$os_version" in
				jessie)
					__apt_source jessie-backports \
								 --uri http://auto.mirror.devuan.org/merged \
								 --distribution jessie-backports \
								 --component main

					require="__apt_source/jessie-backports" __package_apt python-certbot \
						--target-release jessie-backports
					require="__apt_source/jessie-backports" __package_apt certbot \
						--target-release jessie-backports
					# Seems to be a missing dependency on debian 8
					__package python-ndg-httpsclient
				;;
				ascii*)
					__apt_source ascii-backports \
								 --uri http://auto.mirror.devuan.org/merged \
								 --distribution ascii-backports \
								 --component main

					require="__apt_source/ascii-backports" __package_apt certbot \
						--target-release ascii-backports
				;;
				beowulf*)
					__package_apt certbot
				;;
				*)
					echo "Unsupported OS version: $os_version" >&2
					exit 1
				;;
			esac
		;;
		freebsd)
			__package py37-certbot
			certbot_fullpath="/usr/local/bin/certbot"
		;;
		ubuntu)
			__package certbot
		;;
		*)
			echo "Unsupported os: $os" >&2
			exit 1
		;;
	esac
fi

# Other OS-dependent values that we want to set every time
LE_DIR="/etc/letsencrypt"
certbot_cronjob_state="absent"
case "$os" in
	archlinux|alpine)
		certbot_cronjob_state="present"
	;;
	freebsd)
		LE_DIR="/usr/local/etc/letsencrypt"
		# FreeBSD uses periodic(8) instead of crontabs for this
		__line "periodic.conf_weekly_certbot" \
			--file "/etc/periodic.conf" \
			--regex "^(#[[:space:]]*)?weekly_certbot_enable=.*" \
			--state "replace" \
			--line 'weekly_certbot_enable="YES"'
	;;
	*)
	;;
esac

# This is only necessary in certain OS
__cron letsencrypt-certbot \
	--user root \
	--command "${certbot_fullpath} renew -q" \
	--hour 0 \
	--minute 47 \
	--state "${certbot_cronjob_state}"

# Ensure hook directories
HOOKS_DIR="${LE_DIR}/renewal-hooks"
__directory "${LE_DIR}" --mode 0755
require="__directory/${LE_DIR}" __directory "${HOOKS_DIR}" --mode 0755

if [ -f "${__object}/parameter/domain" ]; then
	domains="$(sort "${__object}/parameter/domain")"
else
	domains="${__object_id}"
fi

# Install hooks as needed
for hook in deploy pre post; do
	# Using something unique and specific to this object
	hook_file="${HOOKS_DIR}/${hook}/${__object_id}.cdist.sh"

	# This defines hook_contents
	# shellcheck source=cdist/conf/type/__letsencrypt_cert/files/gen_hook.sh
	. "${__type}/files/gen_hook.sh"

	# Ensure hook directory exists
	require="__directory/${HOOKS_DIR}" __directory "${HOOKS_DIR}/${hook}" \
		--mode 0755
	require="__directory/${HOOKS_DIR}/${hook}" __file "${hook_file}" \
		--mode 0555 \
		--source '-' \
		--state "${hook_state}" <<EOF
${hook_contents}
EOF
done
