#!/bin/bash

# Mosquitto is running with a user that is not privileged enough to read files
# directly from the certbot dirs, so copy files to where mosquitto expects
# them.

set -eu

le_dir="/etc/letsencrypt/live/$(hostname -f)"
mosquitto_dir="/etc/mosquitto/"

le_chain="$le_dir/chain.pem"
mosquitto_chain="$mosquitto_dir/ca_certificates/chain.pem"
cp $le_chain $mosquitto_chain
chown mosquitto:root $mosquitto_chain

le_cert="$le_dir/cert.pem"
mosquitto_cert="$mosquitto_dir/certs/cert.pem"
cp $le_cert $mosquitto_cert
chown mosquitto:root $mosquitto_cert

le_key="$le_dir/privkey.pem"
mosquitto_key="$mosquitto_dir/certs/privkey.pem"
cp $le_key $mosquitto_key
chown mosquitto:root $mosquitto_key

# Tell mosquitto to reload certs
pkill -x -HUP mosquitto