#!/usr/bin/env bash
set -e

echo "Downloading OlaizRootCA.crt..."
rm -f /usr/local/share/ca-certificates/OlaizRootCA.crt
wget https://mirrors.fermino.me/OlaizRootCA.crt -O /usr/local/share/ca-certificates/OlaizRootCA.crt

echo "Updating system chain of trust..."
update-ca-certificates

echo "Testing chain of trust..."
stat /etc/ssl/certs/OlaizRootCA.pem
#curl https://ca.home.fermino.me/acme/acme/directory > /dev/null

echo "Patching /lib/systemd/system/pvedaemon.service..."
cat /lib/systemd/system/pvedaemon.service | grep -q OlaizRootCA.pem || cat <<EOF >> /lib/systemd/system/pvedaemon.service
[Service]
Environment="HTTPS_CA_FILE=/etc/ssl/certs/OlaizRootCA.pem"
EOF
systemctl daemon-reload
systemctl restart pvedaemon.service

rm -f proxmox-add-olaiz-root-ca.sh

echo "Ok :)"
exit 0