#!/usr/bin/env bash
set -euo pipefail

BACKUP_DIR="${BACKUP_DIR:-/var/backups/varjoliitokauppa}"
RETENTION_DAYS="${BACKUP_RETENTION_DAYS:-14}"

MINIO_DATA_DIR="${MINIO_DATA_DIR:-}"
MINIO_ENDPOINT="${MINIO_ENDPOINT:-}"
MINIO_ACCESS_KEY="${MINIO_ACCESS_KEY:-}"
MINIO_SECRET_KEY="${MINIO_SECRET_KEY:-}"
MINIO_BUCKET="${MINIO_BUCKET:-}"

timestamp="$(date -u +"%Y%m%dT%H%M%SZ")"
minio_dir="${BACKUP_DIR}/minio"
mkdir -p "${minio_dir}"

if [[ -n "${MINIO_DATA_DIR}" ]]; then
  out_file="${minio_dir}/minio-data-${timestamp}.tar.gz"
  tar -C "${MINIO_DATA_DIR}" -czf "${out_file}" .
  sha256sum "${out_file}" > "${out_file}.sha256"
  find "${minio_dir}" -type f -name "minio-data-*.tar.gz" -mtime "+${RETENTION_DAYS}" -print -delete
  find "${minio_dir}" -type f -name "minio-data-*.sha256" -mtime "+${RETENTION_DAYS}" -print -delete
  echo "MinIO backup complete (data dir): ${out_file}"
  exit 0
fi

if [[ -n "${MINIO_ENDPOINT}" && -n "${MINIO_ACCESS_KEY}" && -n "${MINIO_SECRET_KEY}" && -n "${MINIO_BUCKET}" ]]; then
  if ! command -v mc >/dev/null 2>&1; then
    echo "MinIO client 'mc' is required for endpoint backups." >&2
    exit 1
  fi

  alias_name="minio-backup"
  mc alias set "${alias_name}" "${MINIO_ENDPOINT}" "${MINIO_ACCESS_KEY}" "${MINIO_SECRET_KEY}" >/dev/null
  out_dir="${minio_dir}/bucket-${MINIO_BUCKET}-${timestamp}"
  mkdir -p "${out_dir}"
  mc mirror --overwrite "${alias_name}/${MINIO_BUCKET}" "${out_dir}"
  tar -C "${minio_dir}" -czf "${out_dir}.tar.gz" "$(basename "${out_dir}")"
  sha256sum "${out_dir}.tar.gz" > "${out_dir}.tar.gz.sha256"
  rm -rf "${out_dir}"
  find "${minio_dir}" -type f -name "bucket-${MINIO_BUCKET}-*.tar.gz" -mtime "+${RETENTION_DAYS}" -print -delete
  find "${minio_dir}" -type f -name "bucket-${MINIO_BUCKET}-*.sha256" -mtime "+${RETENTION_DAYS}" -print -delete
  echo "MinIO backup complete (bucket): ${out_dir}.tar.gz"
  exit 0
fi

echo "Set MINIO_DATA_DIR or MINIO_ENDPOINT/MINIO_ACCESS_KEY/MINIO_SECRET_KEY/MINIO_BUCKET." >&2
exit 1