#!/usr/bin/env bash
set -euo pipefail

BACKUP_DIR="${BACKUP_DIR:-/var/backups/varjoliitokauppa}"
DATABASE_URL="${BACKUP_DATABASE_URL:-${DATABASE_URL:-}}"
RETENTION_DAYS="${BACKUP_RETENTION_DAYS:-14}"

if [[ -z "${DATABASE_URL}" ]]; then
  echo "BACKUP_DATABASE_URL or DATABASE_URL is required." >&2
  exit 1
fi

timestamp="$(date -u +"%Y%m%dT%H%M%SZ")"
db_dir="${BACKUP_DIR}/db"
out_file="${db_dir}/varjoliitokauppa-${timestamp}.dump"
sha_file="${out_file}.sha256"

mkdir -p "${db_dir}"

pg_dump "${DATABASE_URL}" \
  --format=custom \
  --no-owner \
  --no-privileges \
  --file "${out_file}"

sha256sum "${out_file}" > "${sha_file}"

find "${db_dir}" -type f -name "*.dump" -mtime "+${RETENTION_DAYS}" -print -delete
find "${db_dir}" -type f -name "*.sha256" -mtime "+${RETENTION_DAYS}" -print -delete

echo "DB backup complete: ${out_file}"