#!/bin/bash

set -e
{% set ns = namespace(tls_dir=None) %}  
{% for machine in machined.machines %}
{% if not ns.tls_dir %}
{% set nor_machine = machine|normalize_family %}
{% set ns.tls_dir = machined['machine_' + nor_machine]['tls_dir_' + nor_machine] %}
{% endif %}
{% endfor %}
{% if ns.tls_dir %}
{% set dst_dir = machined['machine_' + rougail_variable|normalize_family]['config_dir_' + rougail_variable|normalize_family] %}
{% set src_dir = ns.tls_dir + "/machines/" + rougail_variable %}
{% if 'certificates' in extra_variables and rougail_variable in extra_variables['certificates'] %}
if [ -d "{{ dst_dir }}" ] && [ -d "{{ src_dir }}" ]; then
{% for certificate in extra_variables['certificates'][rougail_variable] %}
{% set files = [certificate.name] %}
{% if certificate.provider == 'self-signed' %}
{{ files.append(certificate.authority) }}
{% endif %}
{% if 'private' in certificate %}
{{ files.append(certificate.private) }}
{% endif %}
{% for file in files %}
    src_file="{{ src_dir }}{{ file}}"
    dst_file="{{dst_dir}}{{ file }}"
    dst_dir=$(dirname "$dst_file")
    mkdir -p "$dst_dir"
# ne fonctionne pas avec revprox :/
#    a=1
#    while [ ! -f "$src_file" ]; do
#        a=$((a+1));
#        if [ $a = 120 ]; then
#            break
#        fi 
#        sleep 1
#    done
    cp -f "$src_file" "$dst_file"
    chown root: "$dst_file"
    chmod 700 "$dst_file"

{% endfor %}
{% endfor %}
fi
{% endif %}
{% endif %}
exit 0