#!/bin/bash

encrypt=
destination=
while (( $# > 0 )); do
	case "$1" in
	--encrypt)
		encrypt="$2"
		shift
		;;
	--destination)
		destination="$2"
		shift
		;;
	*)
		echo "Unknown option, '$1'"
		exit 1
		;;
	esac
	shift
done

if [ "$(whoami)" != "root" ]; then
	echo "Must be running as root!"
	exit 1
fi

DIR="/tmp/bwlp-backup-$(date +%s)"

if [ -d "$DIR" ]; then
	echo "Backup already running!?"
	exit 1
fi

mkdir -p "$DIR"
cd "$DIR" || exit 1

trap 'rm -rf -- "$DIR"' EXIT

mysqldump --defaults-extra-file=/etc/mysql/debian.cnf --add-locks --add-drop-database --default-character-set=utf8mb4 --databases openslx > openslx.sql
RET1=$?
mysqldump --defaults-extra-file=/etc/mysql/debian.cnf --add-locks --add-drop-database --default-character-set=utf8mb4 --databases sat > sat.sql
RET2=$?
if (( RET1 != 0 || RET2 != 0 )); then
	echo "Database dump failed with exit code $RET1/$RET2"
	exit 1
fi

FILELIST=(
	"/opt/openslx/configs"
	"/etc/lighttpd/server.pem"
	"/etc/lighttpd/chain.pem"
	"/etc/lighttpd/pub-cert.pem"
)

tar --ignore-failed-read -k -c -p -z -f "files.tgz" "${FILELIST[@]}"
RET=$?
if (( RET != 0 )); then
	echo "WARNING: filesystem-tar exited with code $RET - backup might be incomplete!"
fi

ext="tgz"
tmpfile="/tmp/bwlp-${RANDOM}-$(date +%s)-backup.${ext}"
tar -k -c -z -f "backup.tgz" "files.tgz" "openslx.sql" "sat.sql"
RET=$?
if ! [ -f "backup.tgz" ]; then
	echo "Creating backup.tgz failed!"
	exit 1
fi
if (( RET != 0 )); then
	echo "WARNING: final tar exited with code $RET - backup might be incomplete!"
fi

chmod 0600 "backup.tgz"
if ! mv "backup.tgz" "$tmpfile"; then
	echo "ERROR: Could not move backup.tgz to $tmpfile"
	exit 1
fi

if [ -n "$encrypt" ]; then
	if ! openssl enc -aes-256-cbc -pbkdf2 -pass "env:$encrypt" -in "${tmpfile}" -out "${tmpfile}.aes" \
			&& ! openssl enc -aes-256-cbc -pass "env:$encrypt" -in "${tmpfile}" -out "${tmpfile}.aes"; then
		rm -f -- "$tmpfile"
		echo "Error encrypting backup with openssl"
		exit 1
	fi
	rm -f -- "$tmpfile"
	ext="${ext}.aes"
	tmpfile="${tmpfile}.aes"
fi

if [ -z "$destination" ]; then
	# No destination given, as this is for download, give www-data user access to file
	FILE="${tmpfile}"
	chown www-data "${tmpfile}"
else
	FILE="${destination}.${ext}"
	dir="${destination%/*}"
	for usr in "" "dmsd" "dnbd3" "FAIL"; do
		[ "$usr" = "FAIL" ] && break
		if [ -z "$usr" ]; then
			mkdir -p "$dir"
			mv "$tmpfile" "$FILE" && break
		else
			chown "$usr:$(id -g "$usr")" "$tmpfile"
			sudo -n -u "$usr" mkdir -p "$dir"
			sudo -n -u "$usr" cp "$tmpfile" "$FILE" && break
		fi
	done
	if [ "$usr" = "FAIL" ] || ! [ -s "$FILE" ]; then
		echo "Moving backup to '$FILE' failed."
		exit 1
	fi
fi

chmod 0600 "$FILE"

echo "Location: $FILE"
exit 0