#!/bin/bash
set -euo pipefail

echo "==> Restic backup sidecar starting"

# Validate required env vars
for var in RESTIC_REPOSITORY RESTIC_PASSWORD_FILE BACKUP_CRON; do
    if [ -z "${!var:-}" ]; then
        echo "ERROR: $var is not set" >&2
        exit 1
    fi
done

if [ ! -f "$RESTIC_PASSWORD_FILE" ]; then
    echo "ERROR: Password file $RESTIC_PASSWORD_FILE does not exist" >&2
    exit 1
fi

export RESTIC_PASSWORD_FILE

# Initialize restic repo if it doesn't exist yet
if ! restic snapshots --no-lock >/dev/null 2>&1; then
    echo "==> Initializing restic repository at $RESTIC_REPOSITORY"
    restic init
fi

echo "==> Repository ready: $RESTIC_REPOSITORY"
restic snapshots --no-lock --latest 1 || true

# Export all relevant env vars to a file so crond jobs can source them
# (crond runs jobs in a minimal environment without Docker env vars)
ENV_FILE=/etc/restic-backup.env
: > "$ENV_FILE"
for var in RESTIC_REPOSITORY RESTIC_PASSWORD_FILE BACKUP_SOURCE \
           KEEP_DAILY KEEP_WEEKLY KEEP_MONTHLY KEEP_YEARLY \
           MYSQL_HOST MYSQL_USER MYSQL_PASSWORD MYSQL_DATABASE PATH; do
    if [ -n "${!var+x}" ]; then
        printf '%s=%q\n' "$var" "${!var}" >> "$ENV_FILE"
    fi
done

# Write crontab for root user
cat > /etc/crontabs/root <<CRON
$BACKUP_CRON /usr/local/bin/backup.sh >> /proc/1/fd/1 2>> /proc/1/fd/2
CRON

echo "==> Cron schedule: $BACKUP_CRON"

# Run crond in foreground
echo "==> Starting crond"
exec crond -f -l 6