#!/bin/bash

# GATEWAY_REPOSITORY_LOCATION (path on vm)
# GATEWAY_REPOSITORY (path on gitea)
# TRAEFIK_USER
# TRAEFIK_BINARY
# TRAEFIK_VERSION
# TRAEFIK_CONF

source /opt/gateway/env.sh

if ! id -u $TRAEFIK_USER >/dev/null 2>&1; then
    adduser \
        --system \
        --shell /bin/bash \
        --gecos 'Traefik reverse proxy user' \
        --group \
        --disabled-password \
        --home /home/$TRAEFIK_USER \
        $TRAEFIK_USER
fi

if [ ! -f $TRAEFIK_BINARY ]; then
    wget -O /tmp/traefik.tar.gz "https://github.com/traefik/traefik/releases/download/$TRAEFIK_VERSION/traefik_${TRAEFIK_VERSION}_linux_amd64.tar.gz"
    tar -zxvf /tmp/traefik.tar.gz -C /usr/local/bin traefik
    chmod +x $TRAEFIK_BINARY
fi

mkdir -p /etc/traefik/certs
touch /etc/traefik/acme.json
chown $TRAEFIK_USER:$TRAEFIK_USER /etc/traefik/acme.json
chmod 600 /etc/traefik/acme.json
setcap 'cap_net_bind_service=+ep' /usr/local/bin/traefik

git clone https://gitea.aldon.fr/$GATEWAY_REPOSITORY.git $GATEWAY_REPOSITORY_LOCATION

cat > "$TRAEFIK_CONF" <<EOF
entryPoints:
  web:
    address: ":80"
  websecure:
    address: ":443"
providers:
  file:
    directory: $GATEWAY_REPOSITORY_LOCATION
    watch: true
api:
  dashboard: false
  insecure: false
log:
  level: INFO
accessLog: {}
certificatesResolvers:
  letsencrypt:
    acme:
      email: julien.aldon@wanadoo.fr
      storage: /etc/traefik/acme.json
      httpChallenge:
        entryPoint: web
EOF

systemctl enable traefik.service
systemctl start traefik.service