#!/bin/sh
if [ ! -d /run/nginx ]; then
  mkdir -p /run/nginx
  mkdir -p /run/nginx/challenges
  chown -R nginx /run/nginx
fi

# cleanup and copy nginx configuration file from embedded template
if [ -f /etc/nginx/conf.d/default.conf ]; then
  rm /etc/nginx/conf.d/default.conf
fi
cp /etc/templates/nginx.conf /etc/nginx/nginx.conf

# handle preparing to run ssl
if [ -n ENABLE_SSL ]; then
  NGINX_CONF_TEMPLATE=/etc/templates/nginx_site_ssl.conf
  if [ ! -f /data/ssl/cert.crt ] || [ ! -f /data/ssl/cert.key ]; then
    # we need to obtain certificates from ACME
    if [ ! -f /data/ssl/account.key ]; then
      # there is no account key so create one
      openssl genrsa 4096 > /data/ssl/account.key
    fi

    openssl genrsa 4096 > /data/ssl/cert.key
    openssl req -new -sha256 -key /data/ssl/cert.key -subj "/CN=$DOMAIN" > /data/ssl/domain.csr

    # we need to start nginx with special configuration file
    cp /etc/templates/nginx_site_letsencryptinit.conf /etc/nginx/conf.d/gitea.conf
    nginx -c /etc/nginx/nginx.conf -g 'daemon off;' &
    pid="$!"

    python3 -m acme_tiny --account-key /data/ssl/account.key --csr /data/ssl/domain.csr --acme-dir /run/nginx/challenges > /data/ssl/cert.crt

    if ! kill -s TERM "$pid" || ! wait "$pid"; then
      echo >&2 'nginx process failed while attempting to get certification'
      exit 1
    fi
  fi
else
  NGINX_CONF_TEMPLATE=/etc/templates/nginx_site_nossl.conf
fi

# avoiding race condition and waiting for gitea configuration file to be prepared by its own startup script
while [ ! -f /data/gitea/conf/app.ini ]; do
  echo "Gitea configuration is still not ready waiting 10 seconds..."
  sleep 10
done

GITEA_DOMAIN=${DOMAIN:-$(iniget /data/gitea/conf/app.ini server DOMAIN)}
GITEA_DOMAIN=${GITEA_DOMAIN:-"localhost"} envsubst '${GITEA_DOMAIN}' < $NGINX_CONF_TEMPLATE > /etc/nginx/conf.d/gitea.conf