#!/bin/sh -e

. "/usr/libexec/girar/girar-sh-functions"

export IFS=' 	
'
export PATH=/sbin:/usr/sbin:/bin:/usr/bin
umask 022

usage()
{
	echo "$PROG: $*" >&2
	echo "usage: $PROG <NAME> <IDENTITY FILE> <GECOS>"
	exit 1
}

NAME="$1"
[ -n "$NAME" ] ||
	usage 'not specified: NAME'
shift
printf %s "$NAME" |egrep -qs '^[a-z][a-z_0-9]+$' ||
	fatal "$NAME: invalid NAME specified"

IDFILE="$1"
[ -n "$IDFILE" ] ||
	usage 'not specified: IDENTITY FILE'
shift

# Validate /etc/girar/packages.git
GIT_DIR="/etc/girar/packages.git" git rev-parse --git-dir >/dev/null

# Validate /etc/girar/private.git
GIT_DIR="/etc/girar/private.git" git rev-parse --git-dir >/dev/null

IDFILE="$(readlink -ev "$IDFILE")" ||
	fatal "identity file '$IDFILE' not available"

SUDO_HOME="$(getent passwd "$SUDO_USER" |cut -d: -f6)" ||
	fatal "sudo user '$SUDO_USER' not found"

SUDO_HOME="$(readlink -ev "$SUDO_HOME")" &&
	[ -d "$SUDO_HOME" ] ||
	fatal "sudo user '$SUDO_USER' home directory '$SUDO_HOME' not available"

[ -z "${IDFILE##$SUDO_HOME/*}" ] ||
	fatal "identity file '$IDFILE' out of range"

IDENTITY=$(cat "$IDFILE") ||
	fatal "$IDFILE: error reading identity file"

n=`echo "$IDENTITY" |wc -l`
[ "$(echo "$n" |awk '{print $1}')" = 1 ] ||
	fatal "$IDFILE: invalid identity file"
s="$(echo "$IDENTITY" |head -c7)"
n="$(echo "$s" |head -c4)"
[ ssh-dss = "$s" -o ssh-rsa = "$s" ] ||
	fatal "$IDFILE: invalid identity file: unrecognized type"

GECOS="$*"
[ -n "$GECOS" ] ||
	usage 'not specified: GECOS'
[ -n "${GECOS//*:*/}" ] ||
	fatal "$NAME: invalid GECOS specified"

IT_NAME="git_$NAME"
IT_HOME="/usr/share/girar/home"
IT_SHELL="/usr/libexec/girar/girar-sh"
GIRAR_HOME="/people"
REAL_HOME="$GIRAR_HOME/$NAME"

[ -d "$IT_HOME" ] ||
	fatal "error adding $NAME: directory $IT_HOME not available"
[ -d "$GIRAR_HOME" ] ||
	fatal "error adding $NAME: directory $GIRAR_HOME not available"

AUTH="/etc/openssh/authorized_keys/$IT_NAME"
[ ! -e "$AUTH" ] ||
	fatal "error adding $NAME: authorized keys file '$AUTH' already exists"

useradd -c "$GECOS" -d "$IT_HOME" -g 'girar' -M -s "$IT_SHELL" "$IT_NAME" ||
	fatal "$IT_NAME: error adding user"

printf '%s:\t%s@etersoft.ru\n' "$IT_NAME" "$NAME" >>"/etc/girar/aliases" &&
	newaliases ||
	fatal "$IT_NAME: error adding email alias"

echo "no-port-forwarding,no-X11-forwarding,no-agent-forwarding $IDENTITY" >"$AUTH" ||
	fatal "error creating authorized keys file '$AUTH' for user $IT_NAME"

GIRAR_HOME_MOUNT="$(df -P "$GIRAR_HOME" |awk '{dir=$6} END{print dir}')"
setquota "$IT_NAME" 1000000 1500000 100000 150000 "$GIRAR_HOME_MOUNT" ||
	msg_info "$IT_NAME: failed to set disk quota on $GIRAR_HOME_MOUNT"

install -d -o "$IT_NAME" -g girar -m755 "$REAL_HOME" ||
	fatal "$IT_NAME: failed to create $REAL_HOME"

install -d -o "$IT_NAME" -g girar -m755 "$REAL_HOME/packages" ||
	fatal "$IT_NAME: failed to create $REAL_HOME/packages"

install -d -o "$IT_NAME" -g girar -m751 "$REAL_HOME/private" ||
	fatal "$IT_NAME: failed to create $REAL_HOME/private"

install -d -o "$IT_NAME" -g wheel -m750 "$REAL_HOME/etc" ||
	fatal "$IT_NAME: failed to create $REAL_HOME/etc"

git clone --bare --template=/usr/share/girar/templates \
	"/etc/girar/packages.git" "$REAL_HOME/etc/packages.git" &&
	chown -hR "$IT_NAME:girar" "$REAL_HOME/etc/packages.git" ||
	fatal "$IT_NAME: failed to setup $REAL_HOME/etc/packages.git"

git clone --bare --template=/usr/share/girar/templates \
	"/etc/girar/private.git" "$REAL_HOME/etc/private.git" &&
	chown -hR "$IT_NAME:girar" "$REAL_HOME/etc/private.git" ||
	fatal "$IT_NAME: failed to setup $REAL_HOME/etc/private.git"

for n in packages private; do
	EMAIL_DIR="/var/lib/girar/email/$n"
	mkdir -p "$EMAIL_DIR"
	install -d -o "$IT_NAME" -g girar -m755 "$EMAIL_DIR/$NAME" ||
		fatal "$IT_NAME: failed to create $EMAIL_DIR/$NAME"
done

install -d -o "$IT_NAME" -g girar -m755 "/var/spool/girar/people/$NAME" ||
	fatal "$IT_NAME: failed to create /var/spool/girar/people/$NAME"
