#!/bin/sh
set -e

systemctl daemon-reload

# Enable the service but don't start on a fresh install — the operator
# still needs to write /etc/anchorage/anchorage.yaml (start from
# /etc/anchorage/anchorage.yaml.example) and provision the JWT signing
# key at auth.apiToken.signingKeyPath.
systemctl enable anchorage.service >/dev/null 2>&1 || true

# On upgrade ("2" from rpm, "configure" from deb) restart only if the
# service was previously running so an operator who has it intentionally
# stopped stays that way.
if [ "$1" = "configure" ] || [ "$1" = "2" ]; then
    if systemctl is-active --quiet anchorage.service; then
        systemctl restart anchorage.service >/dev/null 2>&1 || true
    fi
fi

if [ ! -f /etc/anchorage/anchorage.yaml ]; then
    echo ""
    echo "anchorage: configuration not found at /etc/anchorage/anchorage.yaml"
    echo "  cp /etc/anchorage/anchorage.yaml.example /etc/anchorage/anchorage.yaml"
    echo "  edit to point at your Postgres + Authentik + Kubo RPC endpoint"
    echo "  generate a signing key, e.g.: openssl rand -base64 48 > /etc/anchorage/jwt.key"
    echo "  systemctl start anchorage"
    echo ""
fi