SCRIPT_PATH="$(dirname $(readlink -f $BASH_SOURCE))"
DOMAIN_FILES_PATH="$SCRIPT_PATH/domains"
ACMESH_CONTAINER_DATA_PATH="$SCRIPT_PATH/data"
ACMESH_LOCAL_PATH="$SCRIPT_PATH/acme.sh"

JOUR="$(date +%Y-%m-%d_%H%M)"
LOGFILENAME="logs/$JOUR.log"

DOCKER_IMAGE="neilpang/acme.sh:3.1.0"

if [ "$1" = "--help" ]
then 
  docker run --rm -it $DOCKER_IMAGE --help
#  docker rmi -f $DOCKER_IMAGE
  exit 0
fi

ls $DOMAIN_FILES_PATH/*.domain > /dev/null 2>&1
if [ $? -eq 2 ]
then
  echo "No domain file exists.
  At least one .domain file must exists at $DOMAIN_FILES_PATH.
  The file defines variables \$DOMAIN and \$SUBJECT_ALTERNATIVE_NAME."
  exit 2
fi

if [ ! -d $SCRIPT_PATH/logs ]
then mkdir -p $SCRIPT_PATH/logs
fi

if [ -f $SCRIPT_PATH/INFOMANIAK_API_TOKEN.secret ]
then source $SCRIPT_PATH/INFOMANIAK_API_TOKEN.secret
else echo "
Le token d'API d'Infomaniak est manquant.
INFOMANIAK_API_TOKEN.secret doit définir la variable INFOMANIAK_API_TOKEN=\"xxxxx\"
"
fi

if [ -f $SCRIPT_PATH/ZEROSSL.secret ]
then source $SCRIPT_PATH/ZEROSSL.secret
else echo "
Les clefs d'API de zeroSSL sont manquantes.
Le fichier ZEROSSL.secret doit définir les variables EAB_KID='xxx' et EAB_HMAC_KEY='xxx'
"
fi

for d in $(ls $DOMAIN_FILES_PATH/*.domain)
do
  source $d
  if [ -d $ACMESH_CONTAINER_DATA_PATH/$DOMAIN_ecc ]
  then ISSUE_OR_RENEW="--renew"; ACTION="Renouvellement"
  else
    ISSUE_OR_RENEW="--issue"; ACTION="Création"
	mkdir $ACMESH_CONTAINER_DATA_PATH
  fi

  echo "#######  $ACTION du certificat $DOMAIN  #######" | tee -a $SCRIPT_PATH/$LOGFILENAME

  docker run --rm  \
    -v "$ACMESH_CONTAINER_DATA_PATH":/acme.sh \
    -v "$SCRIPT_PATH/logs:/logs" \
	-e $INFOMANIAK_API_TOKEN \
    $DOCKER_IMAGE $ISSUE_OR_RENEW -d $DOMAIN -d $SUBJECT_ALTERNATIVE_NAME --server zerossl --eab-kid $EAB_KID --eab-hmac-key $EAB_HMAC_KEY --dns dns_infomaniak --log /$LOGFILENAME --log-level 2
  
  echo "#######  Déploiement du certificat $DOMAIN sur DSM  #######" | tee -a $SCRIPT_PATH/$LOGFILENAME

  if [ ! -d $ACMESH_LOCAL_PATH ]
  then git clone https://github.com/acmesh-official/acme.sh.git $ACMESH_LOCAL_PATH
  fi

  export SYNO_CERTIFICATE="$DOMAIN cert"
  # Creates the cert in DSM if it does not exist in Security/Certificate management.
  export SYNO_Create=1
  # When run locally, use an automatically created temp admin. Deletes it after use.
  # https://github.com/acmesh-official/acme.sh/wiki/deployhooks#20-deploy-the-certificate-to-synology-dsm
  export SYNO_USE_TEMP_ADMIN=1
  
  bash $ACMESH_LOCAL_PATH/acme.sh --home $ACMESH_CONTAINER_DATA_PATH -d $DOMAIN -d $SUBJECT_ALTERNATIVE_NAME --deploy --deploy-hook synology_dsm --log $SCRIPT_PATH/$LOGFILENAME

  unset DOMAIN SUBJECT_ALTERNATIVE_NAME

done

#echo "
####### Suppression de $ACMESH_LOCAL_PATH... ########
#"
#rm -rf $ACMESH_LOCAL_PATH

#echo "
####### Suppression de l'image docker... #######
#"
#docker rmi -f $DOCKER_IMAGE

exit 0