#!/bin/bash

. ./env.sh
set -e

mkdir -p $DATA_FOLDER

if systemctl --user list-units --full --all | grep -q "vaultwarden-${CONTAINER_NAME}.service"; then
  systemctl --user stop vaultwarden-${CONTAINER_NAME}.service
fi

if podman container exists "$CONTAINER_NAME"; then
    echo "Stop and delete existing container $CONTAINER_NAME"
    if podman inspect -f '{{.State.Running}}' "$CONTAINER_NAME" | grep -q true; then
        podman stop "$CONTAINER_NAME"
    fi
    podman rm "$CONTAINER_NAME"
fi

podman create \
    --name vaultwarden \
    --restart=unless-stopped \
    -e DOMAIN=https://$DOMAIN \
    -e SHOW_PASSWORD_HINT=true \
    -e SMTP_HOST=$SMTP_HOST \
    -e SMTP_FROM=$SMTP_FROM \
    -e SMTP_PORT=$SMTP_PORT \
    -e SMTP_SECURITY=$SMTP_SECURITY \
    -e SMTP_USERNAME=$SMTP_USERNAME \
    -e SMTP_PASSWORD=$SMTP_PASSWORD \
    -p $PORT:80 \
    -v $DATA_FOLDER:/data \
    docker.io/vaultwarden/server:latest

podman generate systemd \
    --new \
    --name $CONTAINER_NAME \
    --files \
    --container-prefix=vaultwarden \
    --restart-policy=always

mkdir -p $USER_SYSTEMD
mv vaultwarden-$CONTAINER_NAME.service $USER_SYSTEMD
systemctl --user daemon-reload
systemctl --user enable --now vaultwarden-$CONTAINER_NAME.service

sudo loginctl enable-linger $USER

# generate haproxy blocks
sudo mkdir -p $SERVICE_DIR
echo "crt $SSL_PATH/fullchain.pem" | sudo tee $SERVICE_DIR/cert.block > /dev/null
ACL_CFG=$(cat <<EOF
acl is_vw hdr(host) -i $DOMAIN
use_backend vw_backend if is_vw
EOF
)
echo "$ACL_CFG" | sudo tee $SERVICE_DIR/acl.block > /dev/null
BACKEND_CFG=$(cat <<EOF
backend vw_backend
    mode http
    option httpchk GET /
    option forwardfor
    # Set the Source IP in the X-Real-IP header
    http-request set-header X-Real-IP %[src]
    server vwhttp 127.0.0.1:$PORT alpn http/1.1 check
EOF
)
echo "$BACKEND_CFG" | sudo tee $SERVICE_DIR/backend.block > /dev/null

echo "Generate backup script"
BACKUP_FILE="vw_backup.sh"
cp backup.sh $BACKUP_FILE
sed -i "s|^SOURCE=\"\"|SOURCE=\"$VW_FOLDER\"|" "$BACKUP_FILE"
sed -i "s|^LOCAL_BACKUP=\"\$HOME/.local/backup/\"|LOCAL_BACKUP=\"\$HOME/.local/backup/$CONTAINER_NAME\"|" "$BACKUP_FILE"
sed -i "s|^REMOTE=\"\"|REMOTE=\"$BACKUP_REMOTE\"|" "$BACKUP_FILE"
sed -i "s|===container-service===|vaultwarden-${CONTAINER_NAME}.service|g" "$BACKUP_FILE"
mv $BACKUP_FILE $VW_FOLDER
crontab -l | grep -v "$VW_FOLDER/$BACKUP_FILE" | crontab -
(crontab -l 2>/dev/null; echo "0 2 * * * $VW_FOLDER/$BACKUP_FILE") | crontab -

echo "Deploy completed, manually run haproxy to generate new config."

# on local, allow ufw port from wireguard
echo "Manually config backup remote."