#!/bin/ash

echo "backupinator :D"

if [ ! -d /in ] || [ ! -d /out ] || [ ! -d /keys ]; then
    echo "Please start this container with /in, /out and /keys mounted"
    exit 1
fi

tar czf /tmp/backup.tar.gz -C /in .

# encryption

openssl rand -out /tmp/secret.key 32
openssl enc -aes-256-cbc -pbkdf2 -iter 100000 -salt -pass file:/tmp/secret.key \
    -in /tmp/backup.tar.gz \
    -out /out/backup.tar.gz.enc

for keyfile in $(ls /keys); do
    tmpkey=$(mktemp)
    ssh-keygen -e -f "/keys/$keyfile" -m PKCS8 > "$tmpkey"
    openssl rsautl -encrypt -oaep -pubin -inkey "$tmpkey" \
        -in /tmp/secret.key \
        -out "/out/key-${keyfile%.*}.enc"
    rm $tmpkey
done

if [ ! -z ${TELEGRAM_BOT_TOKEN+x} ]; then
    echo $TELEGRAM_CHAT_IDS | sed -n 1'p' | tr ',' '\n' | while read chat_id; do 
        echo "sending messages to $chat_id..."
        curl -X POST "https://api.telegram.org/bot$TELEGRAM_BOT_TOKEN/sendMessage" \
             -F chat_id="$chat_id" \
             -F text="Backup time."
        echo ""

        curl -X POST "https://api.telegram.org/bot$TELEGRAM_BOT_TOKEN/sendDocument" \
             -F chat_id="$chat_id" \
             -F document=@/out/backup.tar.gz.enc
        echo ""

        for keyfile in $(ls /out/key-*); do
            curl -X POST "https://api.telegram.org/bot$TELEGRAM_BOT_TOKEN/sendDocument" \
                 -F chat_id="$chat_id" \
                 -F document="@$keyfile"
            echo ""
         done
    done
fi