#!/bin/bash

# Mosquitto is running with a user that is not privileged enough to read files
# directly from the certbot dirs, so copy files to where mosquitto expects
# them.

set -eu

le_dir="/etc/letsencrypt/live/$(hostname -f)"
mosquitto_dir="/etc/mosquitto"

le_chain="$le_dir/chain.pem"
mosquitto_chain="$mosquitto_dir/ca_certificates/chain.pem"
cp "$le_chain" "$mosquitto_chain"
chown mosquitto:root "$mosquitto_chain"

le_cert="$le_dir/cert.pem"
mosquitto_cert="$mosquitto_dir/certs/cert.pem"
cp "$le_cert" "$mosquitto_cert"
chown mosquitto:root "$mosquitto_cert"

le_key="$le_dir/privkey.pem"
mosquitto_key="$mosquitto_dir/certs/privkey.pem"
cp "$le_key" "$mosquitto_key"
chown mosquitto:root "$mosquitto_key"

# Tell mosquitto to reload certs
pkill -x -HUP mosquitto