#!/bin/sh

set -e

echo "**requesting cert on dns.big**" 
ssh -4 -q dns "letsencryptagain prod" 


echo 
echo "**copying cert to web.big**" 
echo 

#cp -vrp /servers/dns/root/.acme.sh/tourmentine.com_ecc/fullchain.cer /servers/web/usr/local/etc/letsencrypt/live/tourmentine.com/fullchain.pem
#cp -vrp /servers/dns/root/.acme.sh/tourmentine.com_ecc/tourmentine.com.key /servers/web/usr/local/etc/letsencrypt/live/tourmentine.com/privkey.pem
cp -vrp /servers/dns/root/.acme.sh/tourmentine.com_ecc/fullchain.cer /servers/web/etc/ssl/fullchain.pem
cp -vrp /servers/dns/root/.acme.sh/tourmentine.com_ecc/tourmentine.com.key /servers/web/etc/ssl/privkey.pem

echo 
echo "**copying cert to mail.big**" 
echo 

#cp -R -L -v /servers/web/usr/local/etc/letsencrypt/live/tourmentine.com/ /servers/mail/etc/ssl/ 
cp -vrp /servers/dns/root/.acme.sh/tourmentine.com_ecc/fullchain.cer /servers/mail/etc/ssl/fullchain.pem
cp -vrp /servers/dns/root/.acme.sh/tourmentine.com_ecc/tourmentine.com.key /servers/mail/etc/ssl/privkey.pem

echo 
echo "**copying cert to small's jails**" 
echo 

#rsync -Pa /servers/web/usr/local/etc/letsencrypt/ small:/servers/web/usr/local/etc/letsencrypt/ 
rsync -Pa /servers/web/etc/ssl/ small:/servers/web/etc/ssl/ 
rsync -Pa /servers/mail/etc/ssl/ small:/servers/mail/etc/ssl/ 

echo 
echo "**reloading services on mail.small**" 
echo 
ssh -4 -q mail.small "service postfix reload" 
ssh -4 -q mail.small "service dovecot reload" 
ssh -4 -q mail.small "prosody_reload_tls.sh" 

echo 
echo "**restarting nginx on web.small**" 
echo 
ssh -4 -q web.small "nginx -t && service nginx restart" 

echo 
echo "**reloading services on mail.big**" 
echo 
ssh -4 -q mail "service postfix reload" 
ssh -4 -q mail "service dovecot reload" 
ssh -4 -q mail "prosody_reload_tls.sh"

echo 
echo "**restarting nginx on web.big**" 
echo 
ssh -4 -q web "nginx -t && service nginx restart" 

if [ "$#" == 1 ] && [ "$1"=="report" ]
then
	echo 
	echo "**getting SSL Labs' report**" 
	echo 
	cp /salt/files/all/usr/local/share/certs/ca-root-nss.crt /usr/local/share/certs/ca-root-nss.crt
	ssllabs-scan https://tourmentine.com
fi