#!/bin/bash

set -e

## Switch apache userdir module on:
$ROOTCMD a2enmod userdir

## Create certificate and enable ssl (cf. make-ssl-cert):
CERT="/etc/ssl/certs/ssl-cert-snakeoil.pem"
KEY="/etc/ssl/private/ssl-cert-snakeoil.key"
CONF="/etc/apache2/ssl-crt.cnf"
TEMPLATE="${target}/usr/share/ssl-cert/ssleay.cnf"
HostName="${HOSTNAME}.intern"

## Overwrite existing certificate only when installing:
if [ "$FAI_ACTION" != "install" ] && [ "$CONVERT" != "true" ] ; then
    if [ -f $target/$CERT ] && [ -f $target/$KEY ]; then
        echo "$CERT and $KEY exists, exiting!"
        exit 0
    fi
fi

sed -e s#@HostName@#"$HostName"# $TEMPLATE > ${target}/$CONF
echo "subjectAltName=DNS:$HostName,DNS:www.intern,DNS:syslog.intern,DNS:print.intern" >> ${target}/$CONF

$ROOTCMD openssl req -config $CONF -new -x509 -days 7000 -nodes -out $CERT -keyout $KEY

$ROOTCMD chmod 644 $CERT
$ROOTCMD chmod 640 $KEY $CONF
$ROOTCMD chown root:ssl-cert $KEY

HASHNAME=$(dirname $CERT)/$($ROOTCMD openssl x509 -hash -noout -in $CERT)
$ROOTCMD ln -vsf $CERT $HASHNAME

$ROOTCMD a2enmod ssl
$ROOTCMD a2ensite default-ssl
