cozy-init

#!/bin/bash

set -e

# Remove old CouchDB admin
if [ "$(tail -n1 /etc/couchdb/local.ini | awk '{ print $1 }')" != ";admin" ]; then
    sed -i '$ d' /etc/couchdb/local.ini
fi

if [ "$NODE_ENV" == "development" ]; then
    # In development: ensure that DS will not start with CouchDB credentials
    rm -f /etc/cozy/couchdb.login
else
    # In production: configure a new CouchDB admin
    new_admin=$(pwgen -1)
    new_password=$(pwgen -1)
    echo "$new_admin = $new_password" >> /etc/couchdb/local.ini
    echo "$new_admin" > /etc/cozy/couchdb.login
    echo "$new_password" >> /etc/cozy/couchdb.login
fi
supervisorctl restart couchdb

# Reset controller token
pwgen -1 > /etc/cozy/controller.token
chown cozy-home /etc/cozy/controller.token
chmod 700 /etc/cozy/controller.token
supervisorctl restart cozy-controller

# Regenerate SSL certificates
if [ "$DISABLE_SSL" == "true" ]; then
    rm -f /etc/nginx/sites-enabled/cozy-ssl
    ln -sf /etc/nginx/sites-available/cozy /etc/nginx/sites-enabled/
else
    rm -f /etc/nginx/sites-enabled/cozy
    ln -sf /etc/nginx/sites-available/cozy-ssl /etc/nginx/sites-enabled/

    if [ -z "$DOMAIN" ]; then
        DOMAIN=localhost
    fi
    openssl dhparam -out /etc/cozy/dh2048.pem -outform PEM -2 2048
    openssl req -x509 -nodes -newkey rsa:2048 -keyout /etc/cozy/server.key -out /etc/cozy/server.crt -days 3650 -subj "/CN=$DOMAIN"
    chown cozy:cozy /etc/cozy/server.key
    chmod 600 /etc/cozy/server.key
fi
supervisorctl restart nginx

# Restart cozy-controller when CouchDB is available
while ! curl -s 127.0.0.1:5984; do sleep 5; done
cozy-monitor restart-cozy-stack

rm -f /etc/supervisor/conf.d/cozy-init.conf