# Copyright (C) 2016 axsentis GmbH, Stefan Knoblich <s.knoblich@axsentis.de>

EAPI="7"

inherit git-r3 autotools

EGIT_CLONE_TYPE="shallow"
EGIT_REPO_URI="https://github.com/stknob/acme-utils.git"
EGIT_COMMIT="${PV}"

DESCRIPTION="ACME certificate helper scripts"
LICENSE="MIT"
KEYWORDS="amd64 x86"
SLOT="0"
IUSE="+apache2"

RDEPEND="
	app-admin/pwgen
	dev-lang/python
	dev-libs/openssl
	net-misc/wget
	net-dns/bind-tools
"
DEPEND="${RDEPEND}
	acct-group/acme
	acct-user/acme"

src_prepare() {
	eapply_user
	eautoreconf || die "reconf failed"

	# Update user/group
	sed -i -e '/^\(ACME_USER\|ACME_GROUP\)/s:letsencrypt:acme:' \
		"acme.conf.in" || die "Failed to update user/group"
}

src_configure() {
	econf \
		--sysconfdir="/etc/acme" \
		--with-certdir="/etc/ssl/acme" \
		--with-challengedir="/var/www/acme-challenge" \
		|| die "econf failed"
}

src_install() {
	default_src_install

	# Create hook dirs
	keepdir "/etc/acme/create.d"
	keepdir "/etc/acme/pre.d"
	keepdir "/etc/acme/renew.d"
	keepdir "/etc/acme/post.d"

	# Create cert + challenge directory
	keepdir "/etc/ssl/acme"
	keepdir "/var/www/acme-challenge"

	# Fix permissions
	chown -R root:acme "${D}/etc/acme"
	chmod    750       "${D}/etc/acme"
	chown -R root:root "${D}/etc/acme/create.d"
	chmod    750       "${D}/etc/acme/create.d"
	chown -R root:root "${D}/etc/acme/pre.d"
	chmod    750       "${D}/etc/acme/pre.d"
	chown -R root:root "${D}/etc/acme/renew.d"
	chmod    750       "${D}/etc/acme/renew.d"
	chown -R root:root "${D}/etc/acme/post.d"
	chmod    750       "${D}/etc/acme/post.d"
	chmod    640       "${D}/etc/acme/acme.conf"
	chown -R root:acme "${D}/etc/ssl/acme"
	chmod    750       "${D}/etc/ssl/acme"
	chown    acme:root "${D}/var/www/acme-challenge"
	chmod    751       "${D}/var/www/acme-challenge"

	# Server-specific config snippts
	if use apache2
	then
		insinto "/etc/apache2/modules.d"
		newins  "${FILESDIR}/apache-challenge.conf" "99_acme-challenge.conf"
	fi
}

pkg_postinst() {
	einfo "Use \"emerge =${CATEGORY}/${PF} --config\" to run the initial setup"

	use apache2 && \
		einfo "To enable apache2 support, set \"-D ACME\" in /etc/conf.d/apache2"
}

pkg_config() {
	local my_account_key="/etc/acme/account.key"

	[[ -f "${my_account_key}" ]] && {
		eerror "Existing account key found, aborting"
		die
	}

	einfo "Creating ACME account key..."
	/usr/sbin/acme-setup-account \
		|| die "Failed to generate account key"

	# Fix permissions
	einfo "Setting directory and file permissions..."
	chown -R root:acme "/etc/acme"
	chmod    750       "/etc/acme"
	chown -R root:root "/etc/acme/create.d"
	chmod    750       "/etc/acme/create.d"
	chown -R root:root "/etc/acme/pre.d"
	chmod    750       "/etc/acme/pre.d"
	chown -R root:root "/etc/acme/renew.d"
	chmod    750       "/etc/acme/renew.d"
	chown -R root:root "/etc/acme/post.d"
	chmod    750       "/etc/acme/post.d"
	chmod    640       "/etc/acme/acme.conf"
	chmod    440       "${my_account_key}"
	chown -R root:acme "/etc/ssl/acme"
	chmod    750       "/etc/ssl/acme"
	chown    acme:root "/var/www/acme-challenge"
	chmod    751       "/var/www/acme-challenge"
}