#!/bin/bash
#

set -e

#
# Skip, if we are not in "configure" state
#
if [ "$1" != "configure" ]; then
        echo "I: Skipping configuration"
        exit 0
fi

#
# Double check this file gets installed with the correct permissions
#
if ( ! dpkg-statoverride --list /etc/sudoers.d/symbiosis > /dev/null ) ; then
  dpkg-statoverride --add --update root root 0440 /etc/sudoers.d/symbiosis
fi

#
# Shadow passwords must be on.
#
shadowconfig on

#
#  If there isn't an admin account add it.
#
if ( ! grep ^admin: /etc/passwd 2>/dev/null >/dev/null ); then

  echo "Adding 'admin' account"
  adduser --home=/srv --shell=/bin/bash --no-create-home --disabled-login --gecos='Symbiosis Administrator,,,' admin

  #
  #  Now set the password for admin to that used by root if it isn't there
  #
  usermod -p "$(grep root /etc/shadow | cut -f 2 -d :)" admin

  #
  #  If we have an adm group - which we should - add the admin user to it.
  #
  if ( getent group adm >/dev/null ); then
    adduser admin adm
  fi
  
  #
  #  Ensure the admin user is added to the www-data group too 
  #
  if ( getent group www-data >/dev/null ); then
    adduser admin www-data
  fi

fi

#
# Add a stat override for the /srv directory.
#
if ( ! dpkg-statoverride --list /srv > /dev/null ) ; then
  dpkg-statoverride --add --update admin admin 2755 /srv
fi

#
# Find the hostname, if not set already.
#
if [ -z "$HOSTNAME" ] ; then
  if [ -f /etc/hostname ] ; then
    HOSTNAME=$(< /etc/hostname)
  else
    HOSTNAME=$(hostname --fqdn)
  fi
fi

#
# Append ".localdomain" if HOSTNAME has no dots.
#
if ! [[ "$HOSTNAME" =~ ^[_a-z0-9-]+\.([_a-z0-9-]+\.?)+$ ]] ; then
	HOSTNAME="$HOSTNAME.localdomain"
fi

#
#  If there are no existing directories beneath /srv/ create a default.
#
if [ ! -e "/srv/$HOSTNAME" ] ; then
  #
  # Create the standard directories
  #
  mkdir -p /srv/$HOSTNAME/public/htdocs
  mkdir -p /srv/$HOSTNAME/config
  mkdir -p /srv/$HOSTNAME/mailboxes/root

  chown -R admin:admin /srv/$HOSTNAME
fi

#
# We'd like to generate a certificate for the hostname.  Naturally this will go in /srv/$HOSTNAME
#
if [ -d "/srv/$HOSTNAME/config" ] ; then
  #
  # Generate certificates for this host
  #
  if ! ( symbiosis-ssl --verbose $HOSTNAME ) ; then
    echo "W: SSL certificate generation failed. Retrying with a self-signed certificate..."
    echo selfsigned > /srv/$HOSTNAME/config/ssl-provider
    symbiosis-ssl --verbose $HOSTNAME || true
  fi
fi

#
# Not interested in linking from /etc/$HOSTNAME/config/ssl.*
#
ssl_current_dir="/srv/$HOSTNAME/config/ssl/current"

#
# If there are no cerificates in /etc/ssl, symlink those from this directory.
# This is race-tastic.
#
if [ ! -e "/etc/ssl/ssl.key" ] &&
    [ ! -e "/etc/ssl/ssl.crt" ] &&
    [ ! -e "/etc/ssl/ssl.combined" ] &&
    ( symbiosis-ssl --no-generate --no-rollover $HOSTNAME ) &&
    [ -e "$ssl_current_dir/ssl.key" ] && 
    [ -e "$ssl_current_dir/ssl.crt" ] && 
    [ -e "$ssl_current_dir/ssl.combined" ] ; then

  echo "I: Symlinking SSL certificate and key from $ssl_current_dir to /etc/ssl"
  ln -s "$ssl_current_dir"/ssl.{key,crt,combined} /etc/ssl/

  #
  # Move existing bundle out of the way.
  #
  if [ -e /etc/ssl/ssl.bundle ] ; then
    echo "W: Moving old SSL bundle to /etc/ssl/ssl.bundle.$$"
    mv /etc/ssl/ssl.bundle /etc/ssl/ssl.bundle.$$        # ugh
  fi

  #
  # Link any new bundle in again.
  #
  if [ -e "$ssl_current_dir/ssl.bundle" ] ; then
    echo "I: Symlinking SSL bundle from $ssl_current_dir to /etc/ssl"
    ln -s "$ssl_current_dir/ssl.bundle" /etc/ssl/ssl.bundle
  fi

fi

#DEBHELPER#

exit 0
