#!/usr/bin/env sh
set -eu

# Install an idempotent daily certificate renewal cron block.

MARK_BEGIN="# BEGIN openresty-gateway cert renew"
MARK_END="# END openresty-gateway cert renew"
SCHEDULE="${SCHEDULE:-0 3 * * *}"
ROOT_DIR="$(CDPATH= cd -- "$(dirname -- "$0")/.." && pwd)"
LOG_DIR="$ROOT_DIR/logs"
CRON_LINE="$SCHEDULE cd '$ROOT_DIR' && sh scripts/renew-certs.sh >> logs/cert-renew.log 2>&1"

if ! command -v crontab >/dev/null 2>&1; then
    echo "Error: crontab is required." >&2
    exit 1
fi

mkdir -p "$LOG_DIR"

tmp_file="$(mktemp)"
trap 'rm -f "$tmp_file"' EXIT

echo "Replacing existing certificate renewal cron block if present..."
crontab -l 2>/dev/null | sed "/$MARK_BEGIN/,/$MARK_END/d" > "$tmp_file"
{
    echo "$MARK_BEGIN"
    echo "$CRON_LINE"
    echo "$MARK_END"
} >> "$tmp_file"

crontab "$tmp_file"

echo "Installed certificate renewal cron:"
echo "$CRON_LINE"