#!/bin/bash
#
# vmail-stack
# https://git.stack-source.com/msb/vmail-stack
# Copyright (c) 2023 Matthew Saunders Brown <matthewsaundersbrown@gmail.com>
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)

# load include file
source $(dirname $0)/vmail.sh

help()
{
  thisfilename=$(basename -- "$0")
  echo "$thisfilename"
  echo "Enable SSL (TLS) in dovecot (POP/IMAP) for given domain"
  echo ""
  echo "usage: $thisfilename -d <domain> [-h]"
  echo ""
  echo "  -h          Print this help."
  echo "  -d <domain> Domain to enable dovecot for."
  echo ""
  echo "              Let's Encrypt certificate must already exist. If need be run this first:"
  echo "              letsencrypt-certonly.sh -d mail.<domain>"
}

vmail:getoptions "$@"

# check for domain
if [[ -z $domain ]]; then
  echo "ERROR: domain name is required"
  exit 1
else
  # set vars
  maildomain="mail.$domain"
  pemfile="$maildomain.pem"
  confile="$maildomain.conf"
fi

# check that letsencrypt cert exists
if [ ! -f /etc/ssl/letsencrypt/$pemfile ]; then
  echo "Let's Encrypt cert for $maildomain does not exist, create that first:"
  exit 1
fi

# create dovecot config & restart
if [ ! -f "/etc/dovecot/sites.d/$confile" ]; then
  echo "local_name \"mail.$domain imap.$domain pop.$domain smtp.$domain\" {" > /etc/dovecot/sites.d/$confile
  echo "  ssl_cert = </etc/ssl/letsencrypt/$pemfile" >> /etc/dovecot/sites.d/$confile
  echo "  ssl_key = </etc/ssl/letsencrypt/$pemfile" >> /etc/dovecot/sites.d/$confile
  echo "}" >> /etc/dovecot/sites.d/$confile
  systemctl --quiet try-reload-or-restart dovecot
fi