#!/bin/sh /etc/rc.common
# SecuBox HAProxy Service
# Copyright (C) 2025 CyberMind.fr

START=90
STOP=10
USE_PROCD=1

NAME="haproxy"
PROG="/usr/sbin/haproxyctl"
ACME_WEBROOT="/var/www/acme-challenge"
ACME_PORT="8402"

# Setup ACME challenge webserver for certificate issuance
# HAProxy routes /.well-known/acme-challenge/ to this server
setup_acme_webserver() {
	# Create ACME challenge directory
	mkdir -p "$ACME_WEBROOT/.well-known/acme-challenge"
	chmod -R 755 "$ACME_WEBROOT"

	# Configure uhttpd instance for ACME if not exists
	if ! uci -q get uhttpd.acme >/dev/null 2>&1; then
		uci set uhttpd.acme=uhttpd
		uci set uhttpd.acme.listen_http="0.0.0.0:$ACME_PORT"
		uci set uhttpd.acme.home="$ACME_WEBROOT"
		uci commit uhttpd
		/etc/init.d/uhttpd restart 2>/dev/null || true
	fi

	# Ensure uhttpd is listening on ACME port
	if ! netstat -tln 2>/dev/null | grep -q ":$ACME_PORT "; then
		/etc/init.d/uhttpd restart 2>/dev/null || true
	fi
}

start_service() {
	local enabled
	config_load haproxy
	config_get enabled main enabled '0'

	[ "$enabled" = "1" ] || return 0

	# Ensure ACME challenge webserver is configured and running
	setup_acme_webserver

	# Sync ACME certificates to HAProxy format before starting
	/usr/sbin/haproxy-sync-certs 2>/dev/null || true

	procd_open_instance
	procd_set_param command "$PROG" service-run
	procd_set_param respawn 3600 5 0
	procd_set_param stdout 1
	procd_set_param stderr 1
	procd_set_param pidfile /var/run/haproxy.pid
	procd_close_instance
}

stop_service() {
	"$PROG" service-stop
}

reload_service() {
	"$PROG" reload
}

restart_service() {
	stop
	start
}

service_triggers() {
	procd_add_reload_trigger "haproxy"
}