#!/bin/bash

# this is not necessary, usually.  there is a proxy in docker/haproxy which is
# the new reverse proxy on the synology.  it has an update-tls.sh script which
# does the below but also loads it properly into the container.
# this is for debugging!

set -e
set -x

kubectl -n syno-tls replace --force -f synology-tls.yaml
kubectl -n syno-tls wait cert/syno-tls --for=condition=Ready

SECRET="$(kubectl -n syno-tls get secret syno-tls -o json)"

CRT="$(echo "$SECRET" | jq -r '.data["tls.crt"] | @base64d "\(.)"')"
KEY="$(echo "$SECRET" | jq -r '.data["tls.key"] | @base64d "\(.)"')"
CA="$( echo "$SECRET" | jq -r '.data["ca.crt"] | @base64d "\(.)"')"

echo "$KEY" > tls.key
echo "$CRT" | awk '/-----BEGIN/ {seg+=1;blk=1} seg==1&&blk {print} /------END/ {blk=0}' > tls.crt
echo "$CRT" | awk '/-----BEGIN/ {seg+=1;blk=1} seg>1&&blk {print} /------END/ {blk=0}' > int.crt
echo "$CA" > ca.crt

wait