#!/bin/sh
set -e
EVENT_NAME="$1"
[ "$EVENT_NAME" = "live-updated" ] || exit 42

MAIN_HOSTNAME="{{ coturn_hostnames[0] }}"
SSL_D="{{ coturn_base_path }}/{{ coturn_realm }}/config/ssl"

while read name; do
  certdir="$ACME_STATE_DIR/live/$name"
  if [ -z "$name" -o ! -e "$certdir" ]; then
    continue
  fi
  if [ "$name" != "$MAIN_HOSTNAME" ]; then
    continue
  fi

  install -m 0644 -o root -g coturn "$certdir/fullchain" "$SSL_D/cert.pem"
  install -m 0640 -o root -g coturn "$certdir/privkey" "$SSL_D/privkey.pem"

  pod_id=$(crictl pods -q --state ready --name "^coturn-{{ coturn_realm }}-{{ ansible_nodename }}$")
  [ -n "$pod_id" ] || exit 42
  container_id=$(crictl ps -q --name '^coturn$' -p "$pod_id")
  [ -n "$container_id" ] || exit 42
  crictl stop "$container_id"

  break
done