#!/bin/sh

PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin


CONFIG_ROOT="/etc/cauth-ldap-saslauthd-config"
YANDEX_ENVIRONMENT=$(cat /etc/yandex/environment.type)
YAV_DEPLOY_CONFIG_FILE="/etc/yandex/yav-deploy/cauth-ldap-saslauthd-config-production.conf"
YAV_DEPLOY_SECTION=$(hostname -f)


check_yandex_environment() {
    if [ -z "${YANDEX_ENVIRONMENT}" ]
    then
        echo "ERROR: No yandex environment set, check contents of /etc/yandex/environment.type"
        exit 1
    fi
    if [ "${YANDEX_ENVIRONMENT}" = "production" ]
    then
        echo "INFO: Installing onto \"production\" Yandex environment"
    elif [ "${YANDEX_ENVIRONMENT}" = "testing" ]
    then
        echo "INFO: Installing onto \"testing\" Yandex environment"
    else
        echo "ERROR: Unknown Yandex environment, check /etc/yandex/environment.type contents."
        exit 1
    fi
} # check_yandex_environment()


run_yav_deploy_with_section() {
   yav-deploy \
    --file "${YAV_DEPLOY_CONFIG_FILE}" \
    --section "${YAV_DEPLOY_SECTION}" \
    --rsa-login="${YAV_DEPLOY_USERNAME}" \
    --debug
}


configure_environment() {
    ENV_CONFIG_ROOT="${CONFIG_ROOT}/${YANDEX_ENVIRONMENT}"

    # Add symlink to /etc/default/saslauthd
    ln -v -f -s "${ENV_CONFIG_ROOT}"/default/saslauthd /etc/default/saslauthd

    # Add symlink to /etc/krb5.conf
    ln -v -f -s "${ENV_CONFIG_ROOT}"/krb5.conf /etc/krb5.conf

    # Add symlink to saslauthd.conf
    ln -v -f -s "${ENV_CONFIG_ROOT}"/saslauthd.conf "${CONFIG_ROOT}"/saslauthd.conf

    # Run yav-deploy which brings /etc/krb5.keytab file
    printf "\n* Postinstall script is going to launch 'yav-deploy' and receive a secret - /etc/krb5.keytab file .\n"
    printf "* Ensure that you have 'ForwardAgent yes' in ~/.ssh/config on your PC.\n"
    printf "* SSH keys in ssh-agent:\n"
    ssh-add -l
    printf "\n* We need your username to go to Yandex Vault.\n"
    printf "* Please enter your Yandex username below:\n"
    read YAV_DEPLOY_USERNAME

    printf "\n* Launching 'yav-deploy' with configuration file ${YAV_DEPLOY_CONFIG_FILE} and section "${YAV_DEPLOY_SECTION}"\n\n"

    if run_yav_deploy_with_section; then
        printf "\n* Successfully received /etc/krb5.keytab from Yandex Vault.\n\n"
    else
        printf "\n* Failure receiving /etc/krb5.keytab from Yandex Vault.\n\n"
    fi

    # Update rc.d
    update-rc.d saslauthd enable || true
    update-rc.d saslauthd defaults
    systemctl daemon-reload

    # slapd instances needs access to saslauthd socket
    usermod -a -G sasl openldap || true

    # Reload syslog-ng.
    /etc/init.d/syslog-ng reload || true
}  # configure_environment()


do_configure() {
    if [ "${YANDEX_ENVIRONMENT}" = "production" ]
    then
        configure_environment
    fi
    if [ "${YANDEX_ENVIRONMENT}" = "testing" ]
    then
        echo "ERROR: Testing environment is not supported yet."
        # configure_environment
        exit 1
    fi
} # do_configure()


case "${1}" in
    configure)
    check_yandex_environment
    do_configure
    ;;

    abort-upgrade|abort-remove|abort-deconfigure)
    ;;

    *)
        echo "postinst called with unknown argument \`${1}'" >&2
        exit 1
    ;;
esac


exit 0

