#!/bin/sh

# https://serverfault.com/questions/849683/how-to-setup-coturn-with-letsencrypt

set -e

for domain in $RENEWED_DOMAINS; do
        case $domain in
        {{ jitsimeet_turn_domains | first }})
                daemon_cert_root=/etc/coturn/certs

                # Make sure the certificate and private key files are
                # never world readable, even just for an instant while
                # we're copying them into daemon_cert_root.
                umask 077

                cp "$RENEWED_LINEAGE/fullchain.pem" "$daemon_cert_root/$domain.crt"
                cp "$RENEWED_LINEAGE/privkey.pem" "$daemon_cert_root/$domain.key"

                # Apply the proper file ownership and permissions for
                # the daemon to read its certificate and key.
                chown turnserver "$daemon_cert_root/$domain.crt" \
                        "$daemon_cert_root/$domain.key"
                chmod 400 "$daemon_cert_root/$domain.crt" \
                        "$daemon_cert_root/$domain.key"

                service coturn restart >/dev/null
                ;;
        esac
done