#!/bin/sh

set -u

# check the current cryptobox user - maybe it was changed manually
test -r /etc/default/cryptobox-server && . /etc/default/cryptobox-server

# RUNAS was probably imported from /etc/default/cryptobox-server - otherwise use the default
CRYPTOBOX_USER=${RUNAS:-cryptobox}
LOG_FILE=/var/log/cryptobox-server/cryptobox.log
WEBLOG_FILE=/var/log/cryptobox-server/webserver.log
PID_DIR=/var/run/cryptobox-server
USER_HOME=/var/cache/cryptobox-server
SUPER_FILE=/etc/super.tab
ADDITIONAL_GROUP=disk


create_user_home()
{
	# if the user already exists -> do nothing
	getent passwd "$CRYPTOBOX_USER" 2>/dev/null >/dev/null && return 0
	# create cryptobox user
	echo "Creating new user '$CRYPTOBOX_USER' ..."
	adduser --system --group --home "$USER_HOME" "$CRYPTOBOX_USER"
	adduser "$CRYPTOBOX_USER" "$ADDITIONAL_GROUP"
	mkdir -p "$USER_HOME/mnt"
	mkdir -p "$USER_HOME/settings"
	chown -R ${CRYPTOBOX_USER}: "$USER_HOME"
	# only members of the cryptobox group may access the user directory
	chmod 755 "$USER_HOME"
}

create_add_super_permission()
{
	## this will add some lines to the configuration file of 'super'
	## do nothing, if there is already a CryptoBox line
	grep -q "CRYPTOBOX_MARKER" "$SUPER_FILE" && return 0
	echo >>"$SUPER_FILE" "## CRYPTOBOX_MARKER - please do not remove!"
	echo >>"$SUPER_FILE" "CryptoBoxRootActions	/usr/sbin/CryptoBoxRootActions	$CRYPTOBOX_USER"
}

create_dirs_and_files()
{
	# pid file
	test ! -e "$PID_DIR" && mkdir -p "$PID_DIR"
	chown "$CRYPTOBOX_USER" "$PID_DIR"
	# create config directories with appropriate permissions
	test ! -e "$LOG_FILE" && mkdir -p "$(dirname $LOG_FILE)" && touch "$LOG_FILE"
	chown "$CRYPTOBOX_USER" "$LOG_FILE"
	test ! -e "$WEBLOG_FILE" && mkdir -p "$(dirname $WEBLOG_FILE)" && touch "$WEBLOG_FILE"
	chown "$CRYPTOBOX_USER" "$WEBLOG_FILE"
}


#################### main ######################

case "$1" in
	reconfigure|configure)
		create_user_home
		create_dirs_and_files
		create_add_super_permission
		# continue at the end
		;;
	abort-upgrade|abort-remove|abort-deconfigure)
		# nothing to be done
		exit 0
		;;
	*)
		echo "postinst called with unknown argument \`$1'" >&2
		exit 0
		;;
  esac


#DEBHELPER#

exit 0