#!/bin/bash
# Create a dummy tor instance to generate keys and hostname if needed
# !!! SUDO IS USED HERE TO SEE IF A FILE OWNED BY 100:100 IN THIS REPO EXISTS !!!
if ! sudo [ -e ./tor/data/docker-mailserver/hostname ]
then
    echo "Setting up Tor hidden service..."
    mkdir -p ./tor/{config,data}
    # !!! SUDO IS USED HERE TO CHANGE THE OWNERSHIP OF TOR'S DATA DIRECTORY SO THAT IT CAN BE USED BY THE CONTAINER !!!
    sudo chown -R 100:100 ./tor/data
    docker run -d --rm --name tor -v ./tor/data:/var/lib/tor -v ./tor/config:/etc/tor dockurr/tor
    echo "Waiting for service to initialize..."
    sleep 5
    docker stop tor
    echo "Finished setting up Tor hidden service."
else
    echo "Using existing Tor hidden service configuration."
fi

# Get hidden service address
# !!! SUDO IS USED HERE TO READ THE ONION HOSTNAME FROM A FILE SET TO BE OWNED BY USER 100 IN THE PREVIOUS SECTION !!!
# TODO: Find a way to do this without sudo!
export HIDDEN_SERVICE_ADDRESS="$(sudo cat ./tor/data/docker-mailserver/hostname)"

# Generate transport maps
echo "Creating transport map..."
# !!! SUDO IS USED HERE TO CLEAR ANY EXISTING TRANSPORT MAPS !!!
# !!! SUDO IS NOT USED ANYWHERE ELSE IN THIS SCRIPT !!!
sudo rm ./docker-mailserver/transport
echo "$HIDDEN_SERVICE_ADDRESS        smtp:[127.0.0.1]" > ./docker-mailserver/transport
while read -r pseudonym onion
do
    echo "$pseudonym        smtptor:[$onion]" >> ./docker-mailserver/transport
done < known_servers
echo "*        discard" >> ./docker-mailserver/transport
echo "Done creating transport map."

# Generate keys for encrypted storage if needed
if ! [ -e ./docker-mailserver/certs/pubkey.pem ] || ! [ -e ./docker-mailserver/certs/privkey.pem ]
then
    echo "Creating encryption keys..."
    openssl ecparam -name prime256v1 -genkey| openssl pkey -out ./docker-mailserver/certs/privkey.pem
    openssl pkey -in ./docker-mailserver/certs/privkey.pem -pubout -out ./docker-mailserver/certs/pubkey.pem
    echo "Finished creating encryption keys."
else
    echo "Using existing encryption keys."
fi

# Generate SSL certificates if needed
if ! [ -e ./docker-mailserver/config/ssl/demoCA/cacert.pem ]
then
    echo "Creating SSL certificates..."
    docker run -d --rm --user "$(id -u):$(id -g)" -v ./docker-mailserver/config/ssl:/tmp/step-ca/ --workdir /tmp/step-ca \
        --entrypoint /tmp/step-ca/generate-certs.sh -e HIDDEN_SERVICE_ADDRESS=$HIDDEN_SERVICE_ADDRESS smallstep/step-ca
    echo "Finished creating SSL certificates."
else
    echo "Using existing SSL certificates."
fi

# Start the containers
echo "Starting containers..."
docker compose up -d
echo "Finished starting containers."
echo "Hidden service address: $HIDDEN_SERVICE_ADDRESS"