#!/bin/bash

set -e

BASEDIR=$(dirname "$(readlink -f "$0")")
. "$BASEDIR"/config

function die {
    echo "$1"
    echo "No changes have been made to the system."
    exit $2
}

if ! [ "$(id -u)" = 0 ]
then
    die "You must be root to install this application." 1
fi

if ! which ccrypt &>/dev/null
then
    die 'ccrypt not found. Please install it and make sure it is available in $PATH.' 2
fi

if ! which pwgen &>/dev/null
then
    die 'pwgen not found. Please install it and make sure it is available in $PATH.' 2
fi

if [ -h /usr/local/bin/$BINNAME ]
then
    die "/usr/local/bin/$BINNAME already exists, please choose a different name." 3
fi

if getent passwd "$APPUSER" &>/dev/null
then
    die "The user '$APPUSER' already exists. Please choose a different username." 4
fi

if [ -e /etc/sudoers.d/$BINNAME ]
then
    die "There is already a file /etc/sudoers.d/$BINNAME, please choose a different name." 5
fi

if [ -e /etc/bash_completion.d/$BINNAME ]
then
    die "There is already a file /etc/bash_completion.d/$BINNAME, please choose a different name." 6
fi

read -p "Initial administrator: " iuser
read -sp "${iuser}'s password: " pw1
echo
read -sp "Retype password: " pw2
echo

if ! [ "$pw1" = "$pw2" ]
then
    die "Passwords do not match, please try again." 7
fi

touch /etc/sudoers.d/$BINNAME
echo "%$APPGROUP ALL=($APPUSER) NOPASSWD: $BASEDIR/passman" > /etc/sudoers.d/$BINNAME
chmod 440 /etc/sudoers.d/$BINNAME

groupadd -r $APPGROUP 2>/dev/null || true
useradd -rN -d $BASEDIR -s /bin/false -g $APPGROUP $APPUSER 
ln -s $BASEDIR/passman /usr/local/bin/$BINNAME
ln -s $BASEDIR/bash_completions /etc/bash_completion.d/$BINNAME

. cryptapi.sh
bootstrap $iuser $pw1

chown -R $APPUSER $BASEDIR