#!/bin/sh
[ -n "${IPKG_INSTROOT}" ] && exit 0

# Setup ACME challenge webserver (uhttpd instance on port 8402)
ACME_WEBROOT="/var/www/acme-challenge"
ACME_PORT="8402"
mkdir -p "$ACME_WEBROOT/.well-known/acme-challenge"
chmod -R 755 "$ACME_WEBROOT"

# Configure uhttpd.acme if not exists
if ! uci -q get uhttpd.acme >/dev/null 2>&1; then
	uci set uhttpd.acme=uhttpd
	uci set uhttpd.acme.listen_http="0.0.0.0:$ACME_PORT"
	uci set uhttpd.acme.home="$ACME_WEBROOT"
	uci commit uhttpd
	/etc/init.d/uhttpd restart 2>/dev/null || true
fi

# Sync existing ACME certificates on install
/usr/sbin/haproxy-sync-certs 2>/dev/null || true
exit 0
