#!/bin/sh

# Open Infrastructure: service-tools

# Copyright (C) 2014-2022 Daniel Baumann <daniel.baumann@open-infrastructure.net>
#
# SPDX-License-Identifier: GPL-3.0+
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program.  If not, see <https://www.gnu.org/licenses/>.

set -e

if grep -r -qs -E '^ntsserver(cert|key)' /etc/chrony
then
	echo -n "   + chrony (workaround):"

	# https://bugs.debian.org/1013882
	HOST="$(cat /etc/hostname)"

	cp -L "/var/lib/dehydrated/certs/${HOST}/fullchain.pem" /etc/chrony/cert.pem
	cp -L "/var/lib/dehydrated/certs/${HOST}/privkey.pem" /etc/chrony/key.pem

	chown _chrony:_chrony /etc/chrony/cert.pem /etc/chrony/key.pem

	if service chrony status > /dev/null 2>&1
	then
		service chrony restart
	fi

	echo " done."
fi