#!/bin/bash
# Purpose: decrypt ngcp configuration archive
################################################################################

set -e
set -u
set -o pipefail

# helper functions {{{
# sadly we can't source ${FUNCTIONS}/main as we are missing a bunch of
# configuration files that are supposed to be available, therefore
# provide the main functions we need for successfull execution of the
# decrypt function

timestamp_replacementchars='' # unset by default

console_output() {
  if [ -z "${TIME_FORMAT:-}" ] ; then
    printf -- "$*"
    return 0
  fi

  local timestamp
  timestamp="$(date "$TIME_FORMAT")"

  # indent depending on number of characters in date output
  timestamp_replacementchars="$(printf -- "%s: " "$timestamp" | sed 's/./ /g')"
  printf -- "$timestamp: $*"
}

log_info() {
  logger -t ngcpcfg -- "$*"
  console_output "$*\n"
}

# info without ending newline
log_info_n() {
  logger -t ngcpcfg -- "$*"
  console_output "$*"
}

log_warn() {
  logger -t ngcpcfg -- "Warning: $*"
  console_output "Warning: $*\n"
}

log_error() {
  logger -t ngcpcfg -- "Error: $*"
  console_output "Error: $*\n" >&2
}

log_debug() {
  if [ -n "${DEBUG:-}" ] ; then
    logger -t ngcpcfg -- "Debug: $*"
    console_output "DEBUG: $*\n"
  fi
}
# }}}

setup_shared_config() {
  if ! [ -d /mnt/glusterfs/mgmt-share ] ; then
    log_warn "Looks like glusterfs is not running, can not install it automatically.

Please execute the following command on one node
as soon as glusterfs share is mounted again:

  git clone --bare /etc/ngcp-config /mnt/glusterfs/ngcpcfg-share
  /usr/share/ngcp-ngcpcfg/helper/restore-permissions /mnt/glusterfs/ngcpcfg-share

"
    return 0
  fi

  if [ -d /mnt/glusterfs/ngcpcfg-share ] ; then
    log_info "Shared storage exists already, ignoring request to (re)install it."
  else
    log_info "Copying git repository to shared storage."
    git clone --bare /etc/ngcp-config /mnt/glusterfs/ngcpcfg-share | sed "s/^/$timestamp_replacementchars/"
    /usr/share/ngcp-ngcpcfg/helper/restore-permissions /mnt/glusterfs/ngcpcfg-share
  fi
}

# main script
if ! type -p gpg &>/dev/null ; then
  log_error "gpg binary not found, exiting."
  exit 1
fi

RC=0
TARGZ=/etc/ngcp-config-crypted.tgz

# ensure created files can be read by root only
umask 066

if ! gpg -d "$TARGZ".gpg > "$TARGZ" ; then
  log_error "Error while decrypting ${TARGZ}.gpg"
  RC=1
else
  cd / # important to extract files at according place
  if tar zxf "$TARGZ" ; then
    log_info "Successfully restored configuration archive ${TARGZ}.gpg"
    log_info "Now you should be able to run 'ngcpcfg apply' again."
  else
    log_error "Error while restoring ${TARGZ}.gpg"
    RC=1
  fi
fi

# only for PRO/CARRIER
if [ -r /usr/share/ngcp-ngcpcfg/functions/ha_features ] ; then
  setup_shared_config
else
  log_info "Ignoring shared configuration (PRO/CARRIER only)."
fi

# don't leave the unencrypted archive behind
rm -f "$TARGZ"

exit "$RC"

## END OF FILE #################################################################
