#!/bin/bash

say() {
    echo " * $1"
}

case "$1" in
    configure)

    # Add users
    ADMIN_LIST=$(xargs < /usr/lib/yandex/cauth-admin-keys/admins)
    for USER_NAME in $ADMIN_LIST; do
        USER_GROUP=$USER_NAME

        say "Adding user: ${USER_NAME} (group=${USER_GROUP})"
        adduser --quiet --system --home /home/$USER_NAME --shell /bin/bash --group $USER_NAME
        # Copy skeleton files to user's homes
        cp -rnv /etc/skel/. /home/$USER_NAME

        chown -R $USER_NAME:$USER_GROUP /home/$USER_NAME
        chmod --quiet 755 /home/$USER_NAME
        chmod --quiet 700 /home/$USER_NAME/.ssh
    done

    # Add admins to 'sudo' group
    for USER_NAME in $ADMIN_LIST; do
        say "Adding user ${USER_NAME} to 'sudo' group"
        usermod -G sudo -a ${USER_NAME}
    done

    # Remove users
    ADMINS_REMOVE_LIST="dstudentsov"
    for USER_NAME in $ADMINS_REMOVE_LIST; do
        if [ "$(getent passwd ${USER_NAME})" ]; then
            say "Removing user: ${USER_NAME}"
            deluser --remove-home ${USER_NAME}
        fi
    done

    # Install root keys
    BASE="/root/.ssh/authorized_keys"
    SRC_BASE="/usr/lib/yandex/cauth-admin-keys/root.authorized_keys"

    if test -f ${BASE}; then
        MD5SUM_CUR=$(md5sum ${BASE} | cut -d ' ' -f1)
        MD5SUM_NEW=$(md5sum ${SRC_BASE} | cut -d ' ' -f1)
        if [ "${MD5SUM_CUR}" == "${MD5SUM_NEW}" ]; then
            echo "md5sum of ${BASE} & ${SRC_BASE} are equal. Nothing to backup."
        else
            DATE=$(date +"%F_%T")
            echo "make backup for old authorized_keys to ${BASE}.backup.${DATE}"
            cp ${BASE} ${BASE}.backup.${DATE}
            echo "cp ${SRC_BASE} ${BASE}"
            cp -a -f ${SRC_BASE} ${BASE}
        fi
    else
        echo "No original ${BASE} was found, copy ${SRC_BASE} ${BASE}"
        mkdir -p  "$(dirname ${BASE})"
        chmod 700 "$(dirname ${BASE})"
        cp -a ${SRC_BASE} ${BASE}
    fi

    chmod 600 ${BASE}

    ;;

esac

#DEBHELPER#
