#!/bin/sh -eu
tool=$(readlink -e "${0%/*}/..")
. "$tool"/remote/lib.sh

user=postgres
key="$tool"/var/sec/x509/postgresql."$local_domainname"/user/"$user"/key.pem

read -r pass <<-EOF
	$(stdbuf --output 0 tr -d -c '[:alnum:]' <"${random:-/dev/urandom}" | head -c 42)
	EOF
gpg --yes --decrypt "$key".gpg |
openssl rsa -in /dev/stdin -des3 -passout fd:3 -out "$key" 3<<-EOF
	$pass
	EOF

PGSSLCERT="$tool"/var/pub/x509/postgresql."$local_domainname"/user/"$user"/crt.pem \
PGSSLKEY="$key" \
PGSSLMODE=verify-full \
PGSSLROOTCERT="$tool"/var/pub/x509/postgresql."$local_domainname"/crt+ca.pem \
expect -f /dev/fd/3 \
 psql \
 --host postgresql."$local_domainname" \
 --port 5432 \
 --username "$user" \
 "$@" 3<<-EOF
	spawn {*}\$argv
	expect {
	 "Enter PEM pass phrase:" {
			send -- "$pass\\r"
			interact
		 }
	 }
	EOF