#!/bin/bash -e
set -o pipefail

function kapply() {
    for f in "$@"; do
        kubectl apply -f \
            <(envsubst "$(env | xargs printf '$%s ')" < "manifests/$f")
    done
}

function kcreatesec() {
    kubectl create secret generic --save-config --dry-run=client -oyaml "$@" | kubectl apply -f-
}

function kcreatecm() {
    kubectl create configmap --dry-run=client -oyaml "$@" | kubectl apply -f-
}

function kgseckey() {
    local sec="$1"; shift
    local key="$1"; shift

    kubectl get secret "$sec" -o jsonpath="{.data.$key}" | base64 -d
}

function kgcmkey() {
    local cm="$1"; shift
    local key="$1"; shift

    kubectl get configmap "$cm" -o jsonpath="{.data.$key}"
}

function get_synapse_key() {
    kgcmkey synapse 'homeserver\.yaml' | awk -F\" "/^\s*$1/{print \$2}" || openssl rand -hex 32
}


kapply common/db.yaml

export POSTGRES_HOST;     POSTGRES_HOST="$(kgseckey postgres-app host)"
export POSTGRES_PORT;     POSTGRES_PORT="$(kgseckey postgres-app port)"
export POSTGRES_DB;       POSTGRES_DB="$(kgseckey postgres-app dbname)"
export POSTGRES_USER;     POSTGRES_USER="$(kgseckey postgres-app user)"
export POSTGRES_PASSWORD; POSTGRES_PASSWORD="$(kgseckey postgres-app password)"

export API_SECRET;                   API_SECRET="$(get_synapse_key macaroon_secret_key)"
export TURN_SHARED_SECRET;   TURN_SHARED_SECRET="$(get_synapse_key turn_shared_secret)"
export REGISTRATION_SECRET; REGISTRATION_SECRET="$(get_synapse_key registration_shared_secret)"

kcreatecm synapse \
    --from-file=homeserver.yaml=<(envsubst "$(env | xargs printf '$%s ')" < config/homeserver.yaml) \
    --from-file=log.config=<(envsubst "$(env | xargs printf '$%s ')" < config/log.config)

kapply common/keys.yaml common/app.yaml

kubectl rollout restart statefulset app