#!/sbin/openrc-run

description="Step CA"
description_check="Verify configuration"

pidfile="/run/$RC_SVCNAME.pid"
command="/usr/bin/step-ca"
command_args="/etc/step-ca/config/ca.json --password-file=/etc/step-ca/password.txt"
command_background="yes"
command_user="step-ca:step-ca"
start_stop_daemon_args="--stdout /var/log/$RC_SVCNAME/${RC_SVCNAME}.log --stderr /var/log/$RC_SVCNAME/${RC_SVCNAME}.err"
extra_commands="checkconfig"

required_files="/etc/step-ca/config/ca.json /etc/step-ca/password.txt"

depend() {
	use logger dns
	after entropy networking
}

start_pre() {
	checkconfig

	command_args="${command_args} ${EXTRA_ARGS}"

	if [ "x${ENTROPY_COUNT}" != "x" ]; then
		command_args="${command_args} -e ${ENTROPY_COUNT}"
	fi
}

checkconfig() {
	if [ ! -d /var/log/step-ca ]; then
		mkdir -p /var/log/step-ca
		chown step-ca:step-ca /var/log/step-ca
		chmod 700 /var/log/step-ca
	fi

	if [ ! -f /etc/step-ca/config/ca.json ]; then
		ewarn "CA configuration file is missing"
	fi

	if [ ! -f /etc/step-ca/password.txt ]; then
		ewarn "CA password file is missing"
	fi
}