#!/command/with-contenv bashio
# shellcheck shell=bash

set -e

OPTIONS_SOURCE=/data/options.json

service_port=${SERVICE_PORT:-80}
service_protocol=${SERVICE_PROTOCOL:-http}
nginx_port=${NGINX_PORT:-8080}
certfile="/ssl/$(jq -r '.certfile' $OPTIONS_SOURCE)"
keyfile="/ssl/$(jq -r '.keyfile' $OPTIONS_SOURCE)"
ingress_user=$(jq -r '.ingress_user' $OPTIONS_SOURCE)

# Generate upstream configuration
printf '{ "port": "%s" }' "$service_port" \
    | tempio \
        -template /etc/nginx/templates/upstream.gtpl \
        -out /etc/nginx/includes/upstream.conf

if jq -e '.ssl == true' $OPTIONS_SOURCE > /dev/null; then
    # Require certfile and keyfile
    #bashio::config.require 'certfile'
    #bashio::config.require 'keyfile'

    # If certfile or keyfile does not exist, generate self-signed cert
    if [ ! -f "$certfile" ] || [ ! -f "$keyfile" ]; then
        bashio::log.warning "SSL is enabled, but either certfile, keyfile or both are missing. Falling back to a self-signed certificate..."

        certfile="/data/ssl/fullchain.pem"
        keyfile="/data/ssl/privkey.pem"

        /usr/local/bin/ssl-check-generate.sh "$certfile" "$keyfile" true
    else
        /usr/local/bin/ssl-check-generate.sh "$certfile" "$keyfile" false
    fi
fi

printf '{
  "certfile": "%s",
  "keyfile": "%s",
  "port": "%s",
  "protocol": "%s",
  "ssl": %s,
  "ingress_user": "%s"
}' "$certfile" "$keyfile" "$nginx_port" "$service_protocol" "$(jq -r '.ssl' $OPTIONS_SOURCE)" "$ingress_user" \
    | tempio \
        -template /etc/nginx/templates/direct.gtpl \
        -out /etc/nginx/servers/direct.conf
