#!/bin/bash

if [ ! -e "${TASKDDATA}/config" ]; then

    # Initialise
    taskd init

    # Create PKI directory and copy scripts
    mkdir "${TASKDDATA}/pki"
    cp /usr/share/taskd/pki/generate* "${TASKDDATA}/pki"

    # Write variables for PKI
    cat >"${TASKDDATA}/pki/vars" <<- EOF
        BITS=4096
        EXPIRATION_DAYS=365
        ORGANIZATION="${PKI_OU:-Unknown}"
        CN="${PKI_CN:-Unknown}"
        COUNTRY="${PKI_COUNTRY:-Unknown}"
        STATE="${PKI_STATE:-Unknown}"
        LOCALITY="${PKI_LOCALITY:-Unknown}"
EOF

    # Generate certs
    cd "${TASKDDATA}/pki"
    ./generate

    # Configure the server to use the new certs
    taskd config --force client.cert "${TASKDDATA}/pki/client.cert.pem"
    taskd config --force client.key "${TASKDDATA}/pki/client.key.pem"
    taskd config --force server.cert "${TASKDDATA}/pki/server.cert.pem"
    taskd config --force server.key "${TASKDDATA}/pki/server.key.pem"
    taskd config --force server.crl "${TASKDDATA}/pki/server.crl.pem"
    taskd config --force ca.cert "${TASKDDATA}/pki/ca.cert.pem"

    # Listen on the default port
    taskd config --force server 0.0.0.0:53589
fi

taskd server --data "${TASKDDATA}"