#!/usr/bin/env bash
# Start Authentik on Ubuntu
set -euo pipefail
cd "$(dirname "$0")"

if ! command -v docker >/dev/null 2>&1; then
  echo "Docker not found. Run: sudo ./install-ubuntu.sh"
  exit 1
fi

if [[ ! -f .env ]]; then
  echo "Creating .env from .env.authentik.example"
  cp .env.authentik.example .env
  PG_PASS="$(openssl rand -base64 36 | tr -d '\n')"
  AUTHENTIK_SECRET_KEY="$(openssl rand -base64 60 | tr -d '\n')"
  sed -i.bak "s|^PG_PASS=.*|PG_PASS=${PG_PASS}|" .env
  sed -i.bak "s|^AUTHENTIK_SECRET_KEY=.*|AUTHENTIK_SECRET_KEY=${AUTHENTIK_SECRET_KEY}|" .env
  rm -f .env.bak
  echo "Generated secrets in .env — edit AUTHENTIK_HOST to your server IP."
fi

mkdir -p data certs custom-templates

docker compose -f docker-compose.authentik.yml --env-file .env up -d

# shellcheck disable=SC1091
source .env 2>/dev/null || true
echo ""
echo "Authentik starting. Open: ${AUTHENTIK_HOST:-http://YOUR_IP:9000}"
echo "Logs: docker compose -f docker-compose.authentik.yml --env-file .env logs -f"