#!/bin/bash -e
set -o pipefail

function kapply() {
    for f in "$@"; do
        kubectl apply -f <(envsubst < "manifests/$f")
    done
}; export -f kapply

function kcreatesec() {
    kubectl create secret generic --dry-run=client -oyaml "$@" | kubectl replace -f-
}; export -f kcreatesec

function kcreatecm() {
    kubectl create configmap --dry-run=client -oyaml "$@" | kubectl replace -f-
}; export -f kcreatecm

function kgseckey() {
    local sec="$1"; shift
    local key="$1"; shift

    if ! kubectl get secret "$sec" -ojson | jq -re ".data.\"$key\" // empty" | base64 -d; then
        return 1
    fi
}; export -f kgseckey

function kgcmkey() {
    local cm="$1";  shift
    local key="$1"; shift

    if ! kubectl get configmap "$cm" -ojson | jq -re ".data.\"$key\" // empty"; then
        return 1
    fi
}; export -f kgcmkey

function get_synapse_key() {
    kgcmkey synapse 'homeserver\.yaml' | awk -F\" "/^\s*$1/{print \$2}" || openssl rand -hex 32
}


kapply common/db.yaml

export POSTGRES_HOST;     POSTGRES_HOST="$(kgseckey postgres-app host)"
export POSTGRES_PORT;     POSTGRES_PORT="$(kgseckey postgres-app port)"
export POSTGRES_DB;       POSTGRES_DB="$(kgseckey postgres-app dbname)"
export POSTGRES_USER;     POSTGRES_USER="$(kgseckey postgres-app user)"
export POSTGRES_PASSWORD; POSTGRES_PASSWORD="$(kgseckey postgres-app password)"

export API_SECRET;                   API_SECRET="$(get_synapse_key macaroon_secret_key)"
export TURN_SHARED_SECRET;   TURN_SHARED_SECRET="$(get_synapse_key turn_shared_secret)"
export REGISTRATION_SECRET; REGISTRATION_SECRET="$(get_synapse_key registration_shared_secret)"

kcreatecm synapse \
    --from-file=homeserver.yaml=<(envsubst "$(env | xargs printf '$%s ')" < config/homeserver.yaml) \
    --from-file=log.config=<(envsubst "$(env | xargs printf '$%s ')" < config/log.config)

kapply common/keys.yaml common/app.yaml

kubectl rollout restart statefulset app