#!/bin/sh

set -e

apt-get -y install uacme
adduser --system --home /var/lib/acme --group --no-create-home acme
mkdir /var/lib/acme
chown acme: /var/lib/acme
read -p 'ACME account email: ' acme_email
sudo -u acme -g acme uacme -c /var/lib/acme -y new "$acme_email"

hook_program="/usr/share/uacme/uacme.sh"

read -p 'Setup nginx for ACME? (Y/n): ' yn
case $yn in
	[nN] )
		 break;;
	* )
		apt-get -y install nginx-light
		mkdir /var/lib/acme/challenge
		chown acme:www-data /var/lib/acme/challenge
		chmod 2750 /var/lib/acme/challenge
		printf 'location /.well-known/acme-challenge/ {\n\talias /var/lib/acme/challenge/;\n}\n' > /etc/nginx/snippets/acme.conf
		mkdir /usr/local/share/uacme
		cp /usr/share/uacme/uacme.sh /usr/local/share/uacme
		sed -i 's/\/var\/www\/\.well-known\/acme-challenge/\/var\/lib\/acme\/challenge/' /usr/local/share/uacme/uacme.sh
		sed -i 's/^E_BADARGS=85$/E_BADARGS=85\n\numask 0027/' /usr/local/share/uacme/uacme.sh
		hook_program="/usr/local/share/uacme/uacme.sh"
esac

printf "\nComand to get certs:\nuacme -c /var/lib/acme -h $hook_program issue DOMAIN(s) && RELOADCMD(s)\n"