#!/bin/bash
die() { echo >&2 "gitea: ERROR $*" ; exit 1 ; }
info() { echo >&2 "gitea: $*" ; }

DIRNAME="$(dirname $0)"
cd "$DIRNAME"

source ../env.production || die "no top level environment"
source ./env.production || die "no local environment"

DATA="../data/gitea"
SECRETS="$DATA/env.secrets"
INI="$DATA/gitea/conf/app.ini"

if [ -r "$SECRETS" ]; then
	docker-compose up -d || die "unable to start"
	exit 0
fi


GITEA_CLIENT_SECRET="$(openssl rand -hex 32)"
GITEA_ADMIN_PASSWORD="$(openssl rand -hex 8)"

info "creating new secrets $SECRETS"

mkdir -p "$DATA"
cat <<EOF > "$SECRETS"
# DO NOT CHECK IN
GITEA_CLIENT_SECRET=$GITEA_CLIENT_SECRET
GITEA_ADMIN_PASSWORD=$GITEA_ADMIN_PASSWORD
GITEA__server__ROOT_URL=https://$GITEA_HOSTNAME/
GITEA__security__INSTALL_LOCK=true
GITEA__security__SECRET_KEY=$(openssl rand -hex 32)
EOF


docker-compose down 2>/dev/null

../keycloak/client-delete gitea 2>/dev/null
../keycloak/client-create <<EOF || die "unable to create gitea client"
{
	"clientId": "gitea",
	"rootUrl": "https://$GITEA_HOSTNAME",
	"adminUrl": "https://$GITEA_HOSTNAME",
	"redirectUris": [ "https://$GITEA_HOSTNAME/*" ],
	"webOrigins": [ "https://$GITEA_HOSTNAME" ],
	"clientAuthenticatorType": "client-secret",
	"secret": "$GITEA_CLIENT_SECRET"
}
EOF

docker-compose up -d || die "unable to start container"

info "waiting for startup..."
sleep 5

info "adding oauth login"
docker-compose exec -u git gitea \
	gitea admin auth add-oauth \
	--name "keycloak" \
	--provider "openidConnect" \
	--key "gitea" \
	--secret "$GITEA_CLIENT_SECRET" \
	--auto-discover-url "https://${KEYCLOAK_HOSTNAME}/realms/${REALM}/.well-known/openid-configuration" \
	--group-claim-name "groups" \
	--admin-group "admin" \
|| die "unable to add oauth interface"