#!/bin/bash
set -e

CERT_FILE={{ layerops_tls_cert_file }}
MIN_TTL={{ layerops_tls_minimum_ttl }}

openssl x509 -checkend $MIN_TTL -noout -in $CERT_FILE && exit 0 || echo "Renew $CERT_FILE"

{{ layerops_tls_renew_script }}

echo "Reload nomad"
systemctl reload nomad

echo "Reload consul"
systemctl reload consul

{% if layerops_instance_type == "orchestrator" %}
echo "Reload vault"
systemctl reload vault

echo "Update haproxy certificate"
cat {{ layerops_tls_cert_file }} > {{ haproxy_cert_path }}/layerops.pem
echo >> {{ haproxy_cert_path }}/layerops.pem
cat {{ layerops_tls_key_file }} >> {{ haproxy_cert_path }}/layerops.pem

echo "Reload haproxy"
systemctl reload haproxy
{% endif %}