#!/bin/sh

JAVA_ARGS="-Xmx192M"
CLASSPATH="/usr/share/puppetdb/puppetdb.jar"

if [ -f /etc/default/puppetdb ]; then
	. /etc/default/puppetdb
fi

ssl_setup() {
    if [ "$(id -u)" -ne 0 ]; then
		echo "Error: must be root to execute this command."
        exit 1
    fi

	cacert="$(puppet config print cacert)"
	hostcert="$(puppet config print hostcert)"
	hostkey="$(puppet config print hostprivkey)"
    pdb_conf=/etc/puppetdb/conf.d/jetty.ini

    if [ -z "$cacert" ]; then
		echo "Error: Puppet SSL does not seem to have been bootstrapped on this system."
        echo "Run 'puppet ssl bootstrap' as root and try again."
        exit 1
    elif grep -q "^ssl-port\s*=" $pdb_conf; then
        echo "Error: config key 'ssl-port' already exists in PuppetDB configuration."
        echo "Aborting, setup may already have been done!"
        exit 1
    fi

    if command -v augtool > /dev/null; then

        set -e
        echo "Adding 'puppetdb' user to 'puppet' group ..."
        adduser puppetdb puppet

        echo "Inserting new parameters in ${pdb_conf} ..."
		augtool -Ast "Puppet.lns incl $pdb_conf" <<-EOF
			set /files${pdb_conf}/jetty/ssl-host 0.0.0.0
			set /files${pdb_conf}/jetty/ssl-port 8081
			set /files${pdb_conf}/jetty/ssl-key $hostkey
			set /files${pdb_conf}/jetty/ssl-cert $hostcert
			set /files${pdb_conf}/jetty/ssl-ca-cert $cacert
		EOF
        set +e

        echo "Modified PuppetDB config successfully."
        echo "Run 'systemctl restart puppetdb.service' for changes to take effect."
    else
        echo "Error: 'augtool', not available, install the 'augeas-tools' package and try again."
        exit 1
    fi
}

case "$1" in
    "benchmark")
        if dpkg-query -W -f='${Status}' libnippy-clojure 2>&1 | grep -q " installed"; then
            CLASSPATH="${CLASSPATH}:/usr/share/java/nippy.jar:/usr/share/java/clojure.jar:/usr/share/java/snappy-java.jar:/usr/share/java/tools.reader.jar:/usr/share/java/encore.jar:/usr/share/java/xz.jar:/usr/share/java/lz4-java.jar"
            exec /usr/bin/java $JAVA_ARGS -cp "$CLASSPATH" clojure.main -m puppetlabs.puppetdb.core "$@"
        else
            echo "Missing dependencies for benchmark subcommand: 'libnippy-clojure' ... aborting!"
            echo "Install it with \"sudo apt install libnippy-clojure\"."
            exit 1
        fi
        ;;
    "ssl-setup")
		ssl_setup
        ;;
    *)
        exec /usr/bin/java $JAVA_ARGS -cp "$CLASSPATH" clojure.main -m puppetlabs.puppetdb.core "$@"
        ;;
esac

