#!/bin/sh

set -e # Exit on error
set -u # Exit on unset variable

if [ -r /etc/default/syncplay-server ]
then
    . /etc/default/syncplay-server
fi

if [ -z "${DOMAIN-}" ]
then
    exit 0
fi

# If the certificate being deployed is not the one for syncplay-server, exit.
found=0
for rdomain in $RENEWED_DOMAINS
do
    if [ "$rdomain" = "$DOMAIN" ]
    then
        found=1
    fi
done
if [ "$found" = "0" ]
then
    exit 0
fi

GROUP=$(systemctl show --value --property=Group syncplay-server.service)
if [ -z "${GROUP-}" ]
then
	exit 0
fi

install --mode=u=rw,g=r --group="${GROUP}" \
	/etc/letsencrypt/live/"$DOMAIN"/cert.pem \
	/etc/letsencrypt/live/"$DOMAIN"/privkey.pem \
	/etc/letsencrypt/live/"$DOMAIN"/chain.pem \
	/run/syncplay-server/ || true
