#!/bin/bash
set -o errexit -o pipefail -o noclobber -o nounset -o errtrace -o functrace

setsebool -P container_use_devices on
setsebool -P openvpn_run_unconfined on
semanage fcontext -a -t container_file_t "/mnt/nas(/.*)?"
restorecon -vR /mnt/nas

users=("gitea" "homeassistant" "immich" "jdownloader" "kiwix" "komga" "navidrome" "nextcloud" "nginx" "pairdrop" "paperless" "pihole" "qbittorrent" "synapse" "wallabag")
for user in "${users[@]}"; do
  chown -R "${user}:${user}" "/var/home/${user}"
  secrets_file="/var/home/${user}/.secrets"
  if [[ -f "${secrets_file}" ]];then
    sudo -u "${user}" /opt/bin/add-secrets.sh "${secrets_file}"
  fi
  systemctl --user -M "${user}@" daemon-reload
  systemctl --user -M "${user}@" enable "podman-auto-update.timer" || true
  systemctl --user -M "${user}@" stop "${user}.service" || true
  systemctl --user -M "${user}@" start "${user}.service"
  echo "${user} done"
done
systemctl --user -M "arr@" daemon-reload
systemctl --user -M "arr@" start "overseerr.service"
systemctl --user -M "tga@" daemon-reload
systemctl --user -M "tga@" enable "update-dyndns.timer"

systemctl --user -M "kiwix@" enable --now "clone-zim-updater.service"
systemctl --user -M "nextcloud@" enable "pre-generate-preview.timer"
systemctl --user -M "pihole@" enable "update-hints.timer"
systemctl --user -M "pihole@" enable "update-root.timer"

systemctl --user -M "gitea@" enable "backup-database.timer"
systemctl --user -M "immich@" enable "backup-database.timer"
systemctl --user -M "nextcloud@" enable "backup-database.timer"
systemctl --user -M "paperless@" enable "backup-database.timer"
systemctl --user -M "synapse@" enable "backup-database.timer"
systemctl --user -M "wallabag@" enable "backup-database.timer"

/opt/bin/add-secrets.sh /root/.secrets
systemctl daemon-reload
systemctl start samba.service