#!/bin/sh

set -e

USERNAME="unifi-video"
BASEDIR="/usr/lib/unifi-video"
DATA_DIR="${BASEDIR}/data"

# Default UID/GID to owner of the data directory
UNIFI_UID=${UNIFI_UID:-$(stat -L -c "%u" $DATA_DIR)}
UNIFI_GID=${UNIFI_GID:-$(stat -L -c "%u" $DATA_DIR)}

if [ "$UNIFI_UID" = 0 -o "$UNIFI_GID" = 0 ]; then
    echo "Set UNIFI_UID and UNIFI_GID in environment"
    exit 1
else
    echo "Unifi UID/GID: $UNIFI_UID $UNIFI_GID"
fi

cd ${BASEDIR}

# Create the user and group if they don't exist
if ! grep "^${USERNAME}:" /etc/group &>/dev/null; then
    addgroup -g ${UNIFI_GID} -S ${USERNAME}
fi
if ! grep "^${USERNAME}:" /etc/passwd &>/dev/null; then
    adduser -u ${UNIFI_UID} -S -h /var/lib/${USERNAME} -H -D -G ${USERNAME} ${USERNAME}
fi

mkdir -p /var/log/mongodb/logs

# Update permissions on the root directories
chown -R ${USERNAME}:${USERNAME} \
    /var/run/unifi-video \
    /var/log/unifi-video \
    /var/lib/unifi-video \
    /var/log/mongodb/logs

chown -R ${USERNAME}:${USERNAME} \
    /usr/lib/unifi-video/conf/evostream \
    /usr/lib/unifi-video/webapps \
    /usr/lib/unifi-video/conf/Catalina \
    /usr/lib/unifi-video/work

# But do not let the unifi user write the ROOT WAR
chown root:root /usr/lib/unifi-video/webapps/ROOT.war

# Setup tmpfs if the user mounted it
TMPFS_ARG=
TMPFS_DIR="/var/cache/unifi-video"
if [ -d $TMPFS_DIR ]; then
    TMPFS_ARG="-Dav.tempdir=${TMPFS_DIR}"
    chown ${USERNAME} ${TMPFS_DIR}
    chmod -R 0700 ${TMPFS_DIR}
fi

# Do the base setup and migrate files
if [ ! -f "${DATA_DIR}/system.properties" ]; then
    cp -f "${BASEDIR}/etc/system.properties" "${DATA_DIR}/system.properties"
fi

if [ -f "${DATA_DIR}/truststore" ]; then
    rm -f "${DATA_DIR}/truststore"
fi

if [ ! -f "${DATA_DIR}/ufv-truststore" ]; then
    cp -f "${BASEDIR}/etc/ufv-truststore" "${DATA_DIR}/ufv-truststore"
fi

chown -h ${USERNAME}:${USERNAME} \
    "${DATA_DIR}" \
    "${DATA_DIR}/system.properties" \
    "${DATA_DIR}/ufv-truststore"

# Cleanup mongodb lock file if it exists otherwise the controller will freeze
# forever trying to start Mongo
[ -f data/db/mongod.lock ] && rm data/db/mongod.lock

# Allow running a shell in the container
if [ ! -z "$@" ]; then
    /sbin/su-exec ${USERNAME} "$@"
else
    # Replace the current process with a scoped-down controller. The java app
    # is designed to do its own job control but it has to run with an init
    # system or it doesn't get the signals from docker.
    exec /usr/bin/dumb-init -c /sbin/su-exec ${USERNAME} /usr/lib/jvm/default-jvm/jre/bin/java \
        -cp ${BASEDIR}/lib/airvision.jar \
        -Dlog4j.configurationFile=${BASEDIR}/log4j2.json \
        ${TMPFS_ARG} \
        -Djava.library.path=${BASEDIR}/lib \
        -Djavax.net.ssl.trustStore=${DATA_DIR}/ufv-truststore \
        -Djava.security.egd=file:/dev/urandom  \
        -Xmx$(free -m | awk 'NR==2{printf "%dM\n", $2*0.26 }') \
        -Djava.awt.headless=true \
        -Dfile.encoding=UTF-8 \
        com.ubnt.airvision.Main start
fi