#!/usr/bin/env bash
set -euo pipefail

REPO_DIR="."
SECRETS_DIR="$REPO_DIR/data/secrets"
RUNTIME_ENV="$SECRETS_DIR/runtime.env"

# 1️⃣ Create secrets folder
mkdir -p "$SECRETS_DIR"

# 2️⃣ Generate per‐install secrets
DB_USER="postgres"
DB_PASS="$(openssl rand -hex 16)"
DB_NAME="lnbitsdb"
FLASK_SECRET="$(openssl rand -hex 32)"
DATABASE_URL="postgresql://${DB_USER}:${DB_PASS}@db:5432/${DB_NAME}"

# 3️⃣ Write runtime.env
cat > "$RUNTIME_ENV" <<EOF
DB_USER=${DB_USER}
DB_PASS=${DB_PASS}
DB_NAME=${DB_NAME}
DATABASE_URL=${DATABASE_URL}
FLASK_SECRET=${FLASK_SECRET}
EOF

echo "✅ Generated secrets in $RUNTIME_ENV"

# 4️⃣ Build & run containers
docker-compose up -d --build

# 5️⃣ Display credentials once
echo
echo "🔐 Database credentials"
echo "   DB_USER: $DB_USER"
echo "   DB_PASS: $DB_PASS"
echo "   DB_NAME: $DB_NAME"
echo
echo "🔑 Flask secret: $FLASK_SECRET"
echo
echo "▶️  Access the web UI at: http://localhost:3000"