#!/bin/bash

# Prereqs
# Setup private key between members

SERVERS=(
{% for host in groups['haproxy'] %}
{{ hostvars[host].ansible_host }}
{% endfor %}
)
VIRTUAL_IP=( {{ haproxy_shared_ip }} )
USER={{ haproxy_certbot_user }}
PRIVATE_KEY={{ haproxy_private_key }}

TARFILE=letsencrypt.tar
TARFILE_COMPRESS=$TARFILE'.gz'

if [[ $(hostname -I)[*] =~ $VIRTUAL_IP ]]; then
    echo "Current master - Processing renewals"
    /usr/local/bin/certbot renew

    # tar the letsencrypt directory for transferring to other members with symlinks
    tar cfP $TARFILE /etc/letsencrypt/

    # Compress the file for transfer
    gzip -f9 $TARFILE

    # Update the other members of the cluster
    for SERVER in "${SERVERS[@]}"
    do
        if [[ ! $(hostname -I)[*] =~ $SERVER ]]; then
            # Transfer the files to the backup server
            sudo -u $USER scp -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -i $PRIVATE_KEY $TARFILE_COMPRESS $USER@$SERVER:~

            # Deploy the current letsencrypt config/certs
            sudo -u $USER ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -i $PRIVATE_KEY $USER@$SERVER "sudo rm -rf /etc/letsencrypt; sudo tar xzfP $TARFILE_COMPRESS && sudo rm $TARFILE_COMPRESS;sudo systemctl reload haproxy"
        fi
    done

    rm $TARFILE_COMPRESS
fi

if [ -d "/etc/letsencrypt/live/" ]; then
    for Cert in /etc/letsencrypt/live/*/ ;
    do
            echo Processing $Cert
            cd $Cert
            cat fullchain.pem privkey.pem | dd status=none of="/etc/haproxy/ssl/$(basename $Cert).pem"
    done
    systemctl reload haproxy
fi