#!/bin/bash
set -x
# Certbot wrapper with S3 persistence support

CERTBOT_CERTNAME=$1
CERTBOT_EMAIL=$2
CERTBOT_DOMAIN=$3
CERTBOT_BACKEND=$4

LETSENCRYPT_PATH=/etc/letsencrypt

if [ -z "$CERTBOT_BACKEND" -o -z "$CERTBOT_EMAIL" -o -z "$CERTBOT_DOMAIN" -o -z "$CERTBOT_CERTNAME" ]; then
  echo "CertbotBackend, CertbotEmail,Certbot_CertName or CertbotDomain are missing!"
  exit 1
fi

function sync_to_s3 {
    local links="$LETSENCRYPT_PATH/links.txt"
    local expr=$(sed 's@\/@\\\/@g' <<< "'$LETSENCRYPT_PATH/")

    find /etc/letsencrypt/ -type l | xargs -I% sh -c "echo -n \'; readlink -fn %; echo \"' '%'\"" | sed -e "s/$expr/'/g" > "$links"

    aws s3 --no-follow-symlinks sync "$LETSENCRYPT_PATH" "$CERTBOT_BACKEND"
}

function sync_from_s3 {
    local s3location=$CERTBOT_BACKEND
    local links="$LETSENCRYPT_PATH/links.txt"
    local currDir=$(pwd)

    aws s3 sync "$s3location" "$LETSENCRYPT_PATH"

    if [ -f $links ]; then
      cd "$LETSENCRYPT_PATH"
      xargs -I% sh -c "ln -f -s $LETSENCRYPT_PATH/%" < "$links"
      cd "$currDir"
    fi
}


sync_from_s3

certbot certonly \
  --non-interactive \
  --dns-route53 \
  --agree-tos \
  --email $CERTBOT_EMAIL \
  --domain $CERTBOT_DOMAIN \
  --cert-name $CERTBOT_CERTNAME && \
  sync_to_s3