#!/bin/bash

set -e

# Set permissions for sqlite3 file
# (for when we support sqlite3 in the future)
dbc_dbfile_owner="${_USERNAME}:${_GROUPNAME}"
dbc_dbfile_perms="0600"


# 1st argument will be the SECURITYTOKEN to use.
apache_install() {
	mkdir -p /etc/apache2/conf-available
    if [ ! -f /etc/apache2/conf-available/taler-merchant.conf ];
    then
	    cat /etc/taler-merchant/apache.conf | sed -e "s/%SECURITYTOKEN%/$1/" > /etc/apache2/conf-available/taler-merchant.conf
    fi
    # TODO: might want to remember if *we* enabled those, and disable in postrm
    a2enmod proxy
    a2enmod proxy_http
    a2enmod headers
    a2enmod rewrite
}

# 1st argument will be the SECURITYTOKEN to use.
nginx_install() {
	mkdir -p /etc/nginx/conf-available
    if [ ! -f /etc/nginx/conf-available/taler-merchant.conf ];
    then
	    cat /etc/taler-merchant/nginx.conf | sed -e "s/%SECURITYTOKEN%/$1/" > /etc/nginx/conf-available/taler-merchant.conf
    fi
}

. /usr/share/debconf/confmodule


case "${1}" in
	configure)
		db_version 2.0

		db_get taler-merchant/username
		_USERNAME="${RET:-taler-merchant-httpd}"

		db_get taler-merchant/groupname
		_GROUPNAME="${RET:-www-data}"

		# Read default values
		CONFIG_FILE="/etc/default/taler-merchant"
		TALER_HOME="/var/lib/taler-merchant"

        # Creating taler group if needed
		if ! getent group ${_GROUPNAME} > /dev/null
		then
			echo -n "Creating new Taler group ${_GROUPNAME}:"
			addgroup --quiet --system ${_GROUPNAME}
			echo " done."
		fi
		# Creating taler users if needed
		if ! getent passwd ${_USERNAME} > /dev/null
		then
			echo -n "Creating new Taler user ${_USERNAME}:"
			adduser --quiet --system --ingroup ${_GROUPNAME} --home ${TALER_HOME}/httpd ${_USERNAME}
			echo " done."
		fi


        # Setup postgres database (needs dbconfig-pgsql package)
        if [ -f /usr/share/dbconfig-common/dpkg/postinst.pgsql ]; then
            . /usr/share/dbconfig-common/dpkg/postinst.pgsql
            dbc_pgsql_createdb_encoding="UTF8"
            dbc_go taler-merchant "$@"
        fi

        chown ${_USERNAME}:postgres /etc/taler-merchant.conf
        chmod 460 /etc/taler-merchant.conf


        # Create access secret
        SECRET=`cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 64 | head -n 1`
        echo SECRET > ${TALER_HOME}/master-api-key.txt
        chown ${_USERNAME}:${_GROUPNAME} ${TALER_HOME}/master-api-key.txt
        chmod 440 ${TALER_HOME}/master-api-key.txt

        # Writing new values to configuration file
        echo -n "Writing new configuration file:"
        CONFIG_NEW=$(tempfile)

cat > "${CONFIG_NEW}" <<EOF
# This file controls the behaviour of the Taler init script.
# It will be parsed as a shell script.
# please do not edit by hand, use 'dpkg-reconfigure taler-merchant'.

TALER_USER=${_USERNAME}
TALER_GROUP=${_GROUPNAME}
EOF


cat > "/etc/systemd/system/taler-merchant-httpd.service" <<EOF
[Unit]
Description=GNU Taler payment system merchant backend

[Service]
EnvironmentFile=/etc/default/taler-merchant
User=${_USERNAME}
Type=simple
Restart=on-failure
ExecStart=/usr/bin/taler-merchant-httpd -c /etc/taler-merchant.conf
EOF

        systemctl daemon-reload

        cp -f "${CONFIG_NEW}" "${CONFIG_FILE}"
	    echo " done."

		# Configure Webserver
		db_get taler-merchant/reconfigure-webserver
		webservers="$RET"
		for webserver in $webservers; do
			webserver=${webserver%,}
			if [ "$webserver" = "nginx" ] ; then
				nginx_install "$SECRET"
			else
				apache_install "$SECRET"
			fi
 		        if [ -f /etc/init.d/$webserver ] ; then
        		    	if which invoke-rc.d > /dev/null ; then
                			if invoke-rc.d $webserver status > /dev/null 2>&1 ; then
                  				invoke-rc.d $webserver reload 3>/dev/null || true
	                		fi
        	    		else
                			if /etc/init.d/$webserver status > /dev/null 2>&1 ; then
                    				/etc/init.d/$webserver reload 3>/dev/null || true
                			fi
	            		fi
        		fi
		done
		db_stop

		# Cleaning
		echo "All done."

		;;

	abort-upgrade|abort-remove|abort-deconfigure)

		;;

	*)
		echo "postinst called with unknown argument \`${1}'" >&2
		exit 1
		;;
esac

#DEBHELPER#

exit 0