#!/bin/bash

#
# Update /home/jketreno/letsencrypt
#
/usr/bin/rsync -aprl --delete /home/jketreno/docker/webserver/cron/etc/letsencrypt/ /home/jketreno/letsencrypt/
mapfile -t paths < <(find /home/jketreno/docker/webserver/keys/cron/etc/letsencrypt -maxdepth 1 -type d | tail -n +2)
for path in "${paths[@]}"; do
  dir=$(basename "${path}")
  /usr/bin/rsync -aprl "${path}/" "/home/jketreno/letsencrypt/${dir}/"
done

#
# Change ownership so files can be read
#
chown -R jketreno: /home/jketreno/letsencrypt

#
# Update cert on media.ketrenos.com
#
/usr/bin/rsync -e "/usr/bin/ssh -i /home/jketreno/.ssh/media" -aprl --delete /home/jketreno/letsencrypt/ root@media.ketrenos.com:/etc/letsencrypt/
/usr/bin/ssh -i /home/jketreno/.ssh/media root@media.ketrenos.com "chown -R root:root /etc/letsencrypt"
/usr/bin/ssh -i /home/jketreno/.ssh/media root@media.ketrenos.com "systemctl restart nginx"

#
# Update mail VM
#
echo "update mail /etc/letsencrypt"
/usr/bin/rsync -e "/usr/bin/ssh -i /home/jketreno/.ssh/email" -aprl --delete /home/jketreno/letsencrypt/ root@email.ketrenos.com:/etc/letsencrypt/
/usr/bin/ssh -i /home/jketreno/.ssh/email root@email.ketrenos.com "chown -R root:root /etc/letsencrypt"
/usr/bin/ssh -i /home/jketreno/.ssh/email root@email.ketrenos.com "/usr/sbin/service postfix restart ; /usr/bin/doveadm reload"

#
# Update cert on opnsense.ketrenos.com
#
/usr/bin/scp -q -i keys/letsencrypt/opnsense-letsencrypt /home/jketreno/letsencrypt/live/ketrenos.com/{fullchain,privkey}.pem letsencrypt@opnsense.ketrenos.com:.
/usr/bin/ssh -i keys/letsencrypt/opnsense-letsencrypt letsencrypt@opnsense.ketrenos.com sudo ./update-cert.sh fullchain.pem privkey.pem