#!/bin/bash

if [ "$(id -u)" != "0" ]; then
    echo -e "\033[31mThis script requires superuser rights\033[0m"
    exit 0
fi

LE_DIR="/data/secrets/$SERVER_DOMAIN/letsencrypt"
BACKUP_DIR="/backups/letsencrypt"
ARCHIVE_FILE="$BACKUP_DIR/$SERVER_DOMAIN.tar.gz"

# load ACME_BACKUP_PASSWORD
SECRETS_PATH=/data/secrets/$SERVER_DOMAIN/$SERVER_DOMAIN.env

trap 'echo -e "\033[31macme.sh: Something went wrong\033[0m"; exit 1' EXIT
set -e

export DEBIAN_FRONTEND=noninteractive

source $SECRETS_PATH

echo 'check BACKUP_DIR...'
mkdir -p "$BACKUP_DIR"

tar -czf - -C "$LE_DIR" . | openssl enc -aes-256-cbc -e -out "$ARCHIVE_FILE" -pass pass:"$ACME_BACKUP_PASSWORD" -pbkdf2 -iter 100000

trap - EXIT
echo "$LE_DIR backuped successfully to $ARCHIVE_FILE"