#!/bin/bash

HOST="gwx"
TLD="freifunk-gera-greiz.de"
FQDN="$HOST.$TLD"
LABEL="DATA"

CERT_DIR=/$LABEL/CERTS
CERT_NGINX=/$LABEL/etc/ssl/nginx
GETREPO=""
GETUSER=""
GETPASS=""

function getCurrentVersion() {
# Get hash from latest revision
  git log --format=format:%H -1
}

cd $CERT_DIR

if [ -z "$GETREPO" ]; then
  GIT_REVISION=0
  GIT_NEW_REVISION=1
  cd $FQDN
elif [ ! -d "$FQDN" ]; then
  GIT_REVISION=0
  git clone "https://$GETUSER:$GETPASS@$GETREPO"
  cd $FQDN
  GIT_NEW_REVISION=$(getCurrentVersion)
else
  cd $FQDN
  GIT_REVISION=$(getCurrentVersion)
  git commit -m "CRON: auto commit"
  git fetch
  git merge origin/master -m "Auto Merge"
  GIT_NEW_REVISION=$(getCurrentVersion)
fi

echo "old: $GIT_REVISION"
echo "new: $GIT_NEW_REVISION"

if [ $GIT_REVISION != $GIT_NEW_REVISION ]
then
  echo "Update Nginx certificate..."
  mkdir -p $CERT_NGINX
  cp $CERT_DIR/$FQDN/$FQDN-fullchain.pem $CERT_NGINX/nginx.pem
  cp $CERT_DIR/KEYS/$FQDN-key.pem $CERT_NGINX/nginx.key
  chown nginx:nginx $CERT_NGINX/nginx.*
  chmod 444 $CERT_NGINX/nginx.pem
  chmod 400 $CERT_NGINX/nginx.key
  echo "Restarting Nginx..."
  systemctl is-active --quiet nginx && systemctl restart nginx
fi

exit 0