#!/bin/sh
set -e

DIR="${1:-/certs}"
CRT="$DIR/server.crt"
KEY="$DIR/server.key"

if [ -f "$CRT" ] && [ -f "$KEY" ]; then
  echo "SSL certificates already exist in $DIR"
  exit 0
fi

mkdir -p "$DIR"

openssl req -new -x509 -days 825 -nodes -text \
  -out "$CRT" \
  -keyout "$KEY" \
  -subj "/CN=postgres.shop.local"

chmod 600 "$KEY"
chmod 644 "$CRT"

# postgres image runs as uid 999
chown 999:999 "$KEY" "$CRT" 2>/dev/null || true

echo "Generated PostgreSQL SSL certificates in $DIR"