#!/bin/dash

set -e

case "$1" in
  configure)
    [ -f "/etc/default/cacert-oidc-demo-app" ] && . /etc/default/cacert-oidc-demo-app

    [ -z "$OIDC_DEMO_APP_HOME" ] && OIDC_DEMO_APP_HOME=/var/lib/oidc-demo-app
    [ -z "$OIDC_DEMO_APP_USER" ] && OIDC_DEMO_APP_USER=cacert-demo
    [ -z "$OIDC_DEMO_APP_NAME" ] && OIDC_DEMO_APP_NAME="CAcert OIDC Demo"
    [ -z "$OIDC_DEMO_APP_GROUP" ] && OIDC_DEMO_APP_GROUP=cacert-demo

    # create user to avoid running cacert-oidc-demo-app as root
    # 1. create group if not existing
    if ! getent group | grep -q "^$OIDC_DEMO_APP_GROUP" ; then
      echo -n "Adding group $OIDC_DEMO_APP_GROUP.."
      addgroup --quiet --system $OIDC_DEMO_APP_GROUP 2>/dev/null || true
      echo "..done"
    fi
    # 2. create homedir if not existing
    test -d "$OIDC_DEMO_APP_HOME" || mkdir "$OIDC_DEMO_APP_HOME"
    # 3. create user if not existing
    if ! getent passwd | grep -q "^$OIDC_DEMO_APP_USER"; then
      echo -n "Adding system user $OIDC_DEMO_APP_USER.."
      adduser --quiet \
              --system \
              --ingroup $OIDC_DEMO_APP_GROUP \
              --no-create-home \
              --disabled-password \
              $OIDC_DEMO_APP_USER 2>/dev/null || true
      echo "..done"
    fi
    # 4. adjust passwd entry
    usermod -c "$OIDC_DEMO_APP_NAME" \
            -d $OIDC_DEMO_APP_HOME \
            -g $OIDC_DEMO_APP_GROUP \
               $OIDC_DEMO_APP_USER || true
    # 5. adjust file and directory permissions
    if ! dpkg-statoverride --list $OIDC_DEMO_APP_HOME >/dev/null
    then
      chown -R $OIDC_DEMO_APP_USER:adm $OIDC_DEMO_APP_HOME
      chmod u=rwx,g=rxs,o= $OIDC_DEMO_APP_HOME
    fi
    ;;
esac

UNIT="cacert-oidc-demo-app.service"

case "$1" in
  'configure' | 'abort-upgrade' | 'abort-deconfigure' | 'abort-remove')
    # systemctl daemon-reload
    # systemctl --global enable $UNIT
    # This will only remove masks created by d-s-h on package removal.
    deb-systemd-helper unmask $UNIT >/dev/null || true

    # was-enabled defaults to true, so new installations run enable.
    if deb-systemd-helper --quiet was-enabled $UNIT ; then
      # Enables the unit on first installation, creates new
      # symlinks on upgrades if the unit file has changed.
      deb-systemd-helper enable $UNIT >/dev/null || true
    else
      # Update the statefile to add new symlinks (if any), which need to be
      # cleaned up on purge. Also remove old symlinks.
      deb-systemd-helper update-state $UNIT >/dev/null || true
    fi
    ;;
esac