#!/usr/bin/env bash
#
# Copy dehydrated generated certs into /var/local/certificates and
# set required ownership and permissions. Also restart local services
# as appropriate.

action=$1
shift

deploy_cert() {
    cp -a /var/lib/dehydrated/certs/* /var/local/certificates/
    chown -R root:ssl-cert /var/local/certificates/
    find /var/local/certificates/ -type d -print0 | xargs -0 chmod g+rx
    find /var/local/certificates/ -type f -print0 | xargs -0 chmod g+r

    DOMAIN="$1"
    case $DOMAIN in
        "mail.lunch.org.uk")
            systemctl restart exim4
            systemctl reload dovecot
            ;;
    esac
}

case $action in
    deploy_cert)
        deploy_cert "$@"
        ;;
esac