#!/bin/bash -e
# Regenerate self-signed TLS/SSL cert & key

[[ -n "$_TURNKEY_INIT" ]] && exit 0

[[ -e $INITHOOKS_CONF ]] && . $INITHOOKS_CONF

_hook=$(basename $0)

fatal() { echo "FATAL: [$_hook] $@" 1>&2 ; exit 1 ; }
info() { echo "INFO: [$_hook] $@" ; }

# Check for 'turnkey-make-ssl-cert' - should be provided by
# turnkey-ssl package.
turnkey_make_ssl_cert=$(which turnkey-make-ssl-cert) \
    || fatal "turnkey-make-ssl-cert executable not found."

# As of v17.0 a predefined 4096 bits default dhparams file is provided. Please
# see https://github.com/turnkeylinux/tracker/issues/1653 for more info.
info "Generating SSL/TLS cert & key."
$turnkey_make_ssl_cert --default --force

# Restart relevant services
SERVICES="\
    nginx
    apache2
    lighttpd
    tomcat9"

info "Restarting relevant services."
for service in $SERVICES; do
    service="${service}.service"
    if systemctl list-units --full --all | grep -Fq $service; then
        info "$service found; (re)starting..."
        if systemctl is-active --quiet $service; then
            systemctl restart --quiet $service
        else
            systemctl start --quiet $service
        fi
    fi
done

# final tidy up
update-ca-certificates

exit 0
