#!/bin/sh
set -e

if [ "$1" = "configure" ]; then

    if [ ! -d /var/lib/bird ]; then
        mkdir -p /var/lib/bird
        git -C /var/lib/bird init registry
        git -C /var/lib/bird/registry remote add origin "git@git.dn42.dev:dn42/registry.git"
    fi

    if ! dpkg-statoverride --list /var/lib/bird >/dev/null; then
        chown -R bird:bird /var/lib/bird
        chmod u=rwx,g=rx,o= /var/lib/bird
    fi

    if [ ! -d /etc/dn42-roagen ]; then
        mkdir -p /etc/dn42-roagen
    fi

    if ! dpkg-statoverride --list /etc/dn42-roagen >/dev/null; then
        chown -R bird:bird /etc/dn42-roagen
        chmod u=rwx,g=,o= /etc/dn42-roagen
    fi

    if [ ! -e /etc/dn42-roagen/id_ed25519 ]; then
        echo "SSH key does not exist, generating one ..."
        # References:
        # https://infosec.mozilla.org/guidelines/openssh.html
        # https://security.stackexchange.com/questions/50878/ecdsa-vs-ecdh-vs-ed25519-vs-curve25519#50890
        ssh-keygen -t ed25519 -C "dn42-roagen@$(hostname)" -f "/etc/dn42-roagen/id_ed25519" -N ""

        if ! dpkg-statoverride --list "/etc/dn42-roagen/id_ed25519*" >/dev/null; then
            chown -R bird:bird /etc/dn42-roagen/id_ed25519*
            chmod u=r,g=,o= /etc/dn42-roagen/id_ed25519*
        fi

        echo "Please login on https://git.dn42.dev/ and add the key to your account."
        cat /etc/dn42-roagen/id_ed25519.pub
    fi
fi

exit 0
