#!/bin/bash

set -eu

mkdir -p /app/data/data /app/data/configs /run/synapse

if [[ ! -f /app/data/configs/homeserver.yaml ]]; then
    echo "==> Detected first run"

    python3 -m synapse.app.homeserver \
        --server-name ${CLOUDRON_APP_DOMAIN} \
        --config-path /app/data/configs/homeserver.yaml \
        --config-directory /app/data/configs \
        --data-directory /app/data/data \
        --generate-config \
        --report-stats=no 

    # fix logging configuration
    cp /app/pkg/homeserver.yaml.template /app/data/configs/homeserver.yaml
    mv /app/data/configs/${CLOUDRON_APP_DOMAIN}.log.config /app/data/configs/log.config
    yq w -i /app/data/configs/homeserver.yaml log_config /app/data/configs/log.config
    yq w -i /app/data/configs/log.config handlers.file.filename /run/synapse/homeserver.log

    mv /app/data/configs/${CLOUDRON_APP_DOMAIN}.signing.key /app/data/configs/signing.key

    # this is set at installation time and not changed after
    server_name=$(python -c "from publicsuffix2 import get_sld; print(get_sld('${CLOUDRON_APP_DOMAIN}'));")
    yq w -i /app/data/configs/homeserver.yaml server_name "${CLOUDRON_APP_DOMAIN}"

    yq w -i /app/data/configs/homeserver.yaml registration_shared_secret "$(pwgen -1s 64)"
fi

echo "==> Configuring synapse"
yq w -i /app/data/configs/homeserver.yaml public_baseurl "${CLOUDRON_APP_ORIGIN}"

# tls
yq w -i /app/data/configs/homeserver.yaml tls_certificate_path "/app/data/configs/${CLOUDRON_APP_DOMAIN}.tls.crt"
yq w -i /app/data/configs/homeserver.yaml tls_private_key_path "/app/data/configs/${CLOUDRON_APP_DOMAIN}.tls.key"

# database
yq w -i /app/data/configs/homeserver.yaml database.args.user "${CLOUDRON_POSTGRESQL_USERNAME}"
yq w -i /app/data/configs/homeserver.yaml database.args.password "${CLOUDRON_POSTGRESQL_PASSWORD}"
yq w -i /app/data/configs/homeserver.yaml database.args.database "${CLOUDRON_POSTGRESQL_DATABASE}"
yq w -i /app/data/configs/homeserver.yaml database.args.host "${CLOUDRON_POSTGRESQL_HOST}"

# email
yq w -i /app/data/configs/homeserver.yaml email.smtp_host "${CLOUDRON_MAIL_SMTP_SERVER}"
yq w -i /app/data/configs/homeserver.yaml email.smtp_port "${CLOUDRON_MAIL_SMTP_PORT}"
yq w -i /app/data/configs/homeserver.yaml email.smtp_user "${CLOUDRON_MAIL_SMTP_USERNAME}"
yq w -i /app/data/configs/homeserver.yaml email.smtp_pass "${CLOUDRON_MAIL_SMTP_PASSWORD}"
yq w -i /app/data/configs/homeserver.yaml email.notif_from "%(app)s <${CLOUDRON_MAIL_FROM}>"

# ldap
yq w -i /app/data/configs/homeserver.yaml 'password_providers[0].config.uri' "${CLOUDRON_LDAP_URL}"
yq w -i /app/data/configs/homeserver.yaml 'password_providers[0].config.start_tls' false
yq w -i /app/data/configs/homeserver.yaml 'password_providers[0].config.base' "${CLOUDRON_LDAP_USERS_BASE_DN}"
yq w -i /app/data/configs/homeserver.yaml 'password_providers[0].config.bind_dn' "${CLOUDRON_LDAP_BIND_DN}"
yq w -i /app/data/configs/homeserver.yaml 'password_providers[0].config.bind_password' "${CLOUDRON_LDAP_BIND_PASSWORD}"
yq w -i /app/data/configs/homeserver.yaml 'password_providers[0].config.filter' "(objectClass=user)"

# turn
yq w -i /app/data/configs/homeserver.yaml turn_uris "[\"turn:${CLOUDRON_TURN_SERVER}:${CLOUDRON_TURN_TLS_PORT}?transport=udp\", \"turn:${CLOUDRON_TURN_SERVER}:${CLOUDRON_TURN_TLS_PORT}?transport=tcp\"]"
yq w -i /app/data/configs/homeserver.yaml turn_shared_secret "${CLOUDRON_TURN_SECRET}"

# fix permissions
echo "==> Fixing permissions"
chown -R cloudron.cloudron /app/data /run/synapse

echo "==> Starting synapse"
gosu cloudron:cloudron python3 -m synapse.app.homeserver --config-path /app/data/configs/homeserver.yaml