#!/bin/bash

# Проверим, что серверный домен передан как параметр
if [ -z "$1" ]; then
  echo "Usage: $0 <server_domain>"
  exit 1
fi

SERVER_DOMAIN=$1
SAFE_DIR="/data/secrets/safe"
DOMAIN_DIR="/data/secrets/$SERVER_DOMAIN"
KEYS_FILE="$SAFE_DIR/keys.env"
ARCHIVE_FILE="$SAFE_DIR/$SERVER_DOMAIN.tar.gz"

trap 'echo -e "\033[31mSomething went wrong\033[0m"; exit 1' ERR
set -e

export DEBIAN_FRONTEND=noninteractive

# Функция генерации пароля
generate_password() {
  tr -dc 'a-z0-9' < /dev/urandom | head -c20
}

# Проверяем наличие ключа в keys.env и получаем его
KEY_VAR=$(echo "$SERVER_DOMAIN" | tr '.' '_')

if grep -q "^$KEY_VAR=" "$KEYS_FILE"; then
  PASSWORD=$(grep "^$KEY_VAR=" "$KEYS_FILE" | cut -d '=' -f2)
  echo "Password for $SERVER_DOMAIN already exists."
else
  PASSWORD=$(generate_password)
  echo "$KEY_VAR=$PASSWORD" >> "$KEYS_FILE"
  echo "Generated new password for $SERVER_DOMAIN."
fi

# Упаковываем и шифруем архив
#tar -czf - -C "$DOMAIN_DIR" . | openssl enc -aes-256-cbc -e -out "$ARCHIVE_FILE" -pass pass:"$PASSWORD"

tar -czf - -C "$DOMAIN_DIR" . | openssl enc -aes-256-cbc -e -out "$ARCHIVE_FILE" -pass pass:"$PASSWORD" -pbkdf2 -iter 100000

trap - ERR
echo "Encrypted archive created at $ARCHIVE_FILE"