#!/usr/bin/env bash

set -euo pipefail

domain="$(ls /etc/letsencrypt/live | grep -v README | head -n1)" || true

if [[ -n "${DISABLE_TLS:-}" ]]; then
    echo "Disabling TLS due to DISABLE_TLS=${DISABLE_TLS}" >&2
elif [[ -z "${domain}" ]]; then
    echo "No certs installed in /etc/letsencrypt/live, disabling TLS" >&2
else
    echo "Detected cert for domain: ${domain}, enabling TLS" >&2
    export TLS=1
    TLS_PRIVATE_KEY="$(base64 "/etc/letsencrypt/live/${domain}/privkey.pem")"
    TLS_CERTIFICATE="$(base64 "/etc/letsencrypt/live/${domain}/fullchain.pem")"
    export TLS_PRIVATE_KEY TLS_CERTIFICATE
    if [[ "${domain}" == riju.codes ]]; then
        echo "Domain is riju.codes, enabling analytics" >&2
        export ANALYTICS=1
    else
        echo "Domain is not riju.codes, disabling analytics" >&2
    fi
fi

if [[ -n "${DETACH:-}" ]]; then
    extra_args="-d"
elif [[ -t 1 ]]; then
    extra_args="-it"
else
    extra_args=
fi

port_args="${PORT_MAPPING:--p 0.0.0.0:80:6119 -p 0.0.0.0:443:6120}"
image_name="${IMAGE_NAME:-riju:app}"
container_name="${CONTAINER_NAME:-riju-prod}"

if docker container inspect ${container_name} &>/dev/null; then
    docker stop ${container_name}
fi

docker run --rm ${port_args} ${extra_args} \
       -e TLS -e TLS_PRIVATE_KEY -e TLS_CERTIFICATE -e ANALYTICS \
       -h riju --name "${container_name}" \
       "${image_name}"