#! /bin/bash 

RAND_PASS=`pwgen -s1 16`

read -p "Keycloak version: " -ei '24.0.4' KEYCLOAK_VERSION
read -p "Server hostname: " -ei 'keycloak.exmample.com' KEYCLOAK_HOST
read -p "Postgres hostname: " -ei 'localhost' POSTGRES_HOST 
read -p "Postgres username: " -ei 'keycloak' POSTGRES_USER 
read -p "Postgres password: " -ei "$RAND_PASS" POSTGRES_PASS 
read -p "Postgres database: " -ei 'keycloak' POSTGRES_DB 

echo $PASSWORD_PASS > /usr/local/src/keycloak_db_pass

if [ ! -f "keycloak-$KEYCLOAK_VERSION.tar.gz" ]; then 
wget https://github.com/keycloak/keycloak/releases/download/$KEYCLOAK_VERSION/keycloak-$KEYCLOAK_VERSION.tar.gz
wget https://github.com/keycloak/keycloak/releases/download/$KEYCLOAK_VERSION/keycloak-$KEYCLOAK_VERSION.tar.gz.sha1
fi

SHA_HASH=`sha1sum keycloak-$KEYCLOAK_VERSION.tar.gz | cut -d" " -f1`
KEYCLOAK_HASH=`cat keycloak-$KEYCLOAK_VERSION.tar.gz.sha1`

if [ "$SHA_HASH" != "$KEYCLOAK_HASH" ]; then
	echo "Exit. Hash doesnt match."
else
  sudo -u postgres psql -h $POSTGRES_HOST -c "CREATE DATABASE $POSTGRES_DB"
	sudo -u postgres psql -h $POSTGRES_HOST -c "CREATE USER $POSTGRES_USER WITH PASSWORD $POSTGRES_PASS"
  sudo -u postgres psql -h $POSTGRES_HOST -c "GRANT ALL PRIVILEGES ON DATABASE $POSTGRES_DB TO $POSTGRES_USER"
	tar xpf keycloak-$KEYCLOAK_VERSION.tar.gz 
	mv keycloak-$KEYCLOAK_VERSION /opt/keycloak
	echo "
# Basic settings for running in production. Change accordingly before deploying the server.

# Database

# The database vendor.
db=postgres

# The username of the database user.
db-username=$POSTGRES_USER

# The password of the database user.
db-password=$POSTGRES_PASS

# The full database JDBC URL. If not provided, a default URL is set based on the selected database vendor.
db-url=jdbc:postgresql://$POSTGRES_HOST/$POSTGRES_DB

# Observability

# If the server should expose healthcheck endpoints.
health-enabled=true

# If the server should expose metrics endpoints.
metrics-enabled=true

# HTTP
# The proxy address forwarding mode if the server is behind a reverse proxy.
proxy=edge
proxy-headers=xforwarded

# Do not attach route to cookies and rely on the session affinity capabilities from reverse proxy
#spi-sticky-session-encoder-infinispan-should-attach-route=false

# Hostname for the Keycloak server.
hostname=$KEYCLOAK_HOST
hostname-strict=false" > /opt/keycloak/conf/keyclaok.conf 
fi