#!/bin/bash

# Script to generate Restic configuration with secure password
# Location: /home/citadel/services/paperless/generate-restic-config.sh

set -e

CONFIG_FILE="/home/citadel/backup/restic.conf"
REPO_PATH="/mnt/data/backup/quantumrick"

echo "=== Generating Restic Configuration ==="

# Check if config already exists
if [ -f "$CONFIG_FILE" ]; then
    echo "Configuration file already exists at $CONFIG_FILE"
    read -p "Do you want to overwrite it? (y/N): " -n 1 -r
    echo
    if [[ ! $REPLY =~ ^[Yy]$ ]]; then
        echo "Aborted."
        exit 1
    fi
fi

# Generate secure password (32 characters)
echo "Generating secure password..."
RESTIC_PASSWORD=$(openssl rand -base64 32)

# Create configuration file
echo "Creating configuration file..."
cat > "$CONFIG_FILE" << EOF
# Restic configuration for Paperless NGX backups
# Generated on $(date)

# Repository path
export RESTIC_REPOSITORY="$REPO_PATH"

# Repository password
export RESTIC_PASSWORD="$RESTIC_PASSWORD"

# Cache directory (optional)
export RESTIC_CACHE_DIR="/tmp/restic-cache"
EOF

# Set secure permissions
chmod 600 "$CONFIG_FILE"

echo "✅ Configuration file created at $CONFIG_FILE"
echo "🔒 Password generated and saved securely"
echo ""
echo "⚠️  IMPORTANT: Save this password somewhere safe!"
echo "   If you lose it, you won't be able to restore your backups!"
echo ""
echo "Password: $RESTIC_PASSWORD"
echo ""