#!/bin/bash
set -e

# This script initializes all databases and users for the homelab services
# It runs automatically when the PostgreSQL container starts for the first time

echo "Creating databases and users for homelab services..."

# Function to create database and user with restricted permissions
create_db_and_user() {
    local db_name=$1
    local db_user=$2
    local db_password=$3

    echo "Creating database: $db_name with user: $db_user"

    psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" <<-EOSQL
        -- Create database
        CREATE DATABASE $($db_name);

        -- Create user with password
        CREATE USER $db_user WITH ENCRYPTED PASSWORD '$db_password';

        -- Grant connection to the specific database only
        GRANT CONNECT ON DATABASE $($db_name) TO $db_user;

        -- Make user owner of the database
        ALTER DATABASE $($db_name) OWNER TO $db_user;

        -- Connect to the specific database to set schema permissions
        \c $($db_name)

        -- Grant schema permissions
        GRANT ALL ON SCHEMA public TO $db_user;
        GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA public TO $db_user;
        GRANT ALL PRIVILEGES ON ALL SEQUENCES IN SCHEMA public TO $db_user;
        GRANT ALL PRIVILEGES ON ALL FUNCTIONS IN SCHEMA public TO $db_user;

        -- Set default privileges for future objects
        ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT ALL ON TABLES TO $db_user;
        ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT ALL ON SEQUENCES TO $db_user;
        ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT ALL ON FUNCTIONS TO $db_user;

        -- Switch back to postgres database
        \c postgres
EOSQL
}

# Create databases for each service
# Using environment variables that will be set in your .env file

# Spliit
create_db_and_user "${SPLIIT_POSTGRES_DB}" "${SPLIIT_POSTGRES_USER}" "${SPLIIT_POSTGRES_PASSWORD}"

# Shlink
create_db_and_user "${SHLINK_POSTGRES_DB}" "${SHLINK_POSTGRES_USER}" "${SHLINK_POSTGRES_PASSWORD}"

# Immich
create_db_and_user "${IMMICH_POSTGRES_DB}" "${IMMICH_POSTGRES_USER}" "${IMMICH_POSTGRES_PASSWORD}"

# Nextcloud
create_db_and_user "${NEXTCLOUD_POSTGRES_DB}" "${NEXTCLOUD_POSTGRES_USER}" "${NEXTCLOUD_POSTGRES_PASSWORD}"

# Paperless
create_db_and_user "${PAPERLESS_POSTGRES_DB}" "${PAPERLESS_POSTGRES_USER}" "${PAPERLESS_POSTGRES_PASSWORD}"

# Matrix and co
create_db_and_user "${SYNAPSE_POSTGRES_DB}" "${SYNAPSE_POSTGRES_USER}" "${SYNAPSE_POSTGRES_PASSWORD}"
create_db_and_user "${MAS_POSTGRES_DB}" "${MAS_POSTGRES_USER}" "${MAS_POSTGRES_PASSWORD}"
create_db_and_user "${MAUTRIX_SIGNAL_POSTGRES_DB}" "${MAUTRIX_SIGNAL_POSTGRES_USER}" "${MAUTRIX_SIGNAL_POSTGRES_PASSWORD}"
create_db_and_user "${MAUTRIX_WHATSAPP_POSTGRES_DB}" "${MAUTRIX_WHATSAPP_POSTGRES_USER}" "${MAUTRIX_WHATSAPP_POSTGRES_PASSWORD}"

echo "Database initialization completed successfully!"