#!/bin/sh

cd /home/vault

if [[ ! -f jq ]]
then
  echo "Download jq command..."
  wget https://github.com/stedolan/jq/releases/download/jq-1.6/jq-linux64 -O jq
  chmod +x jq
fi

if vault status -format=json | ./jq -e "if ((.initialized) and (.sealed | not)) then true else false end" >/dev/null; then
  echo "Vault initialized and unsealed."
  exit 0
fi

while :
do
  if [[ ! -f mc ]]
  then
    echo "Download mc command..."
    wget https://dl.min.io/client/mc/release/linux-amd64/mc
    chmod +x mc
  fi
  ./mc alias set minio-vault $MINIO_VAULT_URL vault $MINIO_VAULT_SECRET

	if vault status -format=json | ./jq -e "if (.initialized | not) then true else false end" >/dev/null; then
    if [ "$HOSTNAME" = vault-0 ]; then
      echo "Initial Vault..."
      initResult=$(vault operator init -format=json -key-shares=1 -key-threshold=1)
      unsealKey1=$(echo -n $initResult | ./jq -r '.unseal_keys_b64[0]')
      rootToken=$(echo -n $initResult | ./jq -r '.root_token')
      echo -n $unsealKey1 > unsealKey1
      echo -n $rootToken > rootToken
      echo "Upload Vault root token and unseal key to MinIO..."
      ./mc cp unsealKey1 rootToken minio-vault/vault/
    else
      echo "Join Vault Cluster..."
      vault operator raft join "http://vault-0.vault-internal:8200" || true
      echo "Download Vault unseal key from MinIO..."
      ./mc cp minio-vault/vault/unsealKey1 ./ || true
    fi
  fi

  if vault status -format=json | ./jq -e "if (.sealed) then true else false end" >/dev/null; then
    echo "Unseal Vault..."
    vault operator unseal `cat unsealKey1`
  fi

  if vault status -format=json | ./jq -e "if ((.initialized) and (.sealed | not)) then true else false end" >/dev/null; then
    echo "Vault initialized and unsealed."
    exit 0
  else
    echo "Wait 5 seconds for another trying..."
    sleep 5
  fi
done