#!/bin/bash
set -eou pipefail

# If production.{cert,key}.pem exists, prefer them. This allows
# user customization of the certificates that FastAPI uses.
# Otherwise, fallback to localhost.{cert,key}.pem, generated by `ca`.

CERT=/cache/production.cert.pem
KEY=/cache/production.key.pem

DEST_CERT=/etc/ssl/certs/web.cert.pem
DEST_KEY=/etc/ssl/private/web.key.pem

# Setup a config for our mysql db.
cp -vf conf/config.dev conf/config
sed -i "s;YOUR_AUR_ROOT;$(pwd);g" conf/config
sed -ri 's/^(host) = .+/\1 = mariadb/' conf/config
sed -ri 's/^(user) = .+/\1 = aur/' conf/config
sed -ri 's/^;?(password) = .+/\1 = aur/' conf/config

# Setup http(s) stuff.
sed -ri "s|^(aur_location) = .+|\1 = https://localhost:8444|" conf/config
sed -ri 's/^(disable_http_login) = .+/\1 = 1/' conf/config

if [ -f "$CERT" ]; then
    cp -vf "$CERT" "$DEST_CERT"
    cp -vf "$KEY" "$DEST_KEY"
else
    cat /cache/localhost.cert.pem /cache/ca.root.pem > "$DEST_CERT"
    cp -vf /cache/localhost.key.pem "$DEST_KEY"
fi

cp -vf /docker/config/nginx.conf /etc/nginx/nginx.conf

exec "$@"