#!/bin/sh
set -eu
set -o pipefail 2>/dev/null || true

# Create application roles/users (idempotent).
# Runs early to ensure roles exist before databases are created.

: "${GITEA_DB_USER:=gitea}"
: "${GITEA_DB_PASSWORD:=giteapass}"
: "${ODOO_DB_USER:=odoo}"
: "${ODOO_DB_PASSWORD:=odoopass}"

echo "[init] create-roles: gitea_user=${GITEA_DB_USER}, odoo_user=${ODOO_DB_USER}"

role_exists() {
  psql -tAc "SELECT 1 FROM pg_roles WHERE rolname='$1'" | grep -q 1 || return 1
}

create_role() {
  local role="$1"; shift
  local pass="$1"; shift
  if role_exists "$role"; then
    echo "[init] role '$role' already exists, skipping"
  else
    echo "[init] creating role '$role'"
    psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" -c "CREATE USER \"${role}\" WITH ENCRYPTED PASSWORD '${pass}';"
  fi
}

create_role "${GITEA_DB_USER}" "${GITEA_DB_PASSWORD}"
create_role "${ODOO_DB_USER}" "${ODOO_DB_PASSWORD}"

echo "[init] create-roles finished"