#!/bin/bash

set -e


. /usr/share/debconf/confmodule

case "${1}" in
	configure)
		db_version 2.0

		db_get taler-exchange/eusername
		_EUSERNAME="${RET:-taler-exchange-httpd}"

		db_get taler-exchange/rsecusername
		_RSECUSERNAME="${RET:-taler-exchange-secmod-rsa}"

		db_get taler-exchange/esecusername
		_ESECUSERNAME="${RET:-taler-exchange-secmod-eddsa}"

		db_get taler-exchange/wireusername
		_WIREUSERNAME="${RET:-taler-exchange-wire}"

		db_get taler-exchange/aggrusername
		_AGGRUSERNAME="${RET:-taler-exchange-aggregator}"

		db_get taler-exchange/groupname
		_GROUPNAME="${RET:-taler-private}"

   		db_get taler-exchange/dbgroupname
		_DBGROUPNAME="${RET:-taler-exchange-db}"

		db_stop

		CONFIG_FILE="/etc/default/taler-exchange"
		TALER_HOME="/var/lib/taler-exchange"

		# Creating taler groups as needed
		if ! getent group ${_GROUPNAME} > /dev/null
		then
			echo -n "Creating new Taler group ${_GROUPNAME}:"
			addgroup --quiet --system ${_GROUPNAME}
			echo " done."
		fi
		if ! getent group ${_DBGROUPNAME} > /dev/null
		then
			echo -n "Creating new Taler group ${_DBGROUPNAME}:"
			addgroup --quiet --system ${_DBGROUPNAME}
			echo " done."
		fi

		# Creating taler users if needed
		if ! getent passwd ${_EUSERNAME} > /dev/null
		then
			echo -n "Creating new Taler user ${_EUSERNAME}:"
			adduser --quiet --system --ingroup ${_GROUPNAME} --home ${TALER_HOME}/httpd ${_EUSERNAME}
            adduser ${_EUSERNAME} ${_DBGROUPNAME}
			echo " done."
		fi
		if ! getent passwd ${_RSECUSERNAME} > /dev/null
		then
			echo -n "Creating new Taler user ${_RSECUSERNAME}:"
			adduser --quiet --system --ingroup ${_GROUPNAME} --home ${TALER_HOME}/secmod-rsa ${_RSECUSERNAME}
			echo " done."
		fi
		if ! getent passwd ${_ESECUSERNAME} > /dev/null
		then
			echo -n "Creating new Taler user ${_ESECUSERNAME}:"
			adduser --quiet --system --ingroup ${_GROUPNAME} --home ${TALER_HOME}/secmod-eddsa ${_ESECUSERNAME}
			echo " done."
		fi
		if ! getent passwd ${_WIREUSERNAME} > /dev/null
		then
			echo -n "Creating new Taler user ${_WIREUSERNAME}:"
			adduser --quiet --system --home ${TALER_HOME}/wire ${_WIREUSERNAME}
            adduser --quiet ${_WIREUSERNAME} ${_DBGROUPNAME}
			echo " done."
		fi
		if ! getent passwd ${_AGGRUSERNAME} > /dev/null
		then
			echo -n "Creating new Taler user ${_AGGRUSERNAME}:"
			adduser --quiet --system --home ${TALER_HOME}/aggregator ${_AGGRUSERNAME}
            adduser --quiet ${_AGGRUSERNAME} ${_DBGROUPNAME}
			echo " done."
		fi

        # Writing new values to configuration file
        echo -n "Writing new configuration file:"
        CONFIG_NEW=$(tempfile)

cat > "${CONFIG_NEW}" <<EOF
# This file controls the behaviour of the Taler init script.
# It will be parsed as a shell script.
# please do not edit by hand, use 'dpkg-reconfigure taler-exchange'.

TALER_EUSER=${_EUSERNAME}
TALER_RSECUSER=${_RESCUSERNAME}
TALER_ESECUSER=${_ESECUSERNAME}
TALER_WIREUSER=${_WIREUSERNAME}
TALER_AGGRUSER=${_AGGRUSERNAME}
TALER_GROUP=${_GROUPNAME}
EOF

cat > "/etc/systemd/system/taler-exchange-httpd.service" <<EOF
[Unit]
Description=GNU Taler payment system exchange REST API
Requires=taler-exchange-secmod-rsa.service taler-exchange-secmod-eddsa.service
Wants=taler-exchange-wirewatch taler-exchange-aggregator taler-exchange-transfer
After=postgres.service network.target

[Service]
EnvironmentFile=/etc/default/taler-exchange
User=${_EUSERNAME}
Type=simple
Restart=on-failure
ExecStart=/usr/bin/taler-exchange-httpd -c /etc/taler-exchange.conf
PrivateTmp=no
PrivateDevices=yes
ProtectSystem=full

[Install]
WantedBy=multi-user.target
EOF

cat > "/etc/systemd/system/taler-exchange-secmod-rsa.service" <<EOF
[Unit]
Description=GNU Taler payment system exchange RSA security module

[Service]
EnvironmentFile=/etc/default/taler-exchange
User=${_RSECUSERNAME}
Type=simple
Restart=on-failure
ExecStart=/usr/bin/taler-exchange-secmod-rsa -c /etc/taler-exchange.conf
PrivateTmp=no
PrivateDevices=yes
ProtectSystem=full

EOF
cat > "/etc/systemd/system/taler-exchange-secmod-eddsa.service" <<EOF
[Unit]
Description=GNU Taler payment system exchange EdDSA security module

[Service]
EnvironmentFile=/etc/default/taler-exchange
User=${_ESECUSERNAME}
Type=simple
Restart=on-failure
ExecStart=/usr/bin/taler-exchange-secmod-eddsa -c /etc/taler-exchange.conf
PrivateTmp=no
PrivateDevices=yes
ProtectSystem=full

EOF
cat > "/etc/systemd/system/taler-exchange-wirewatch.service" <<EOF
[Unit]
Description=GNU Taler payment system exchange wirewatch service
After=network.target

[Service]
EnvironmentFile=/etc/default/taler-exchange
User=${_WIREUSERNAME}
Type=simple
Restart=on-failure
ExecStart=/usr/bin/taler-exchange-wirewatch -c /etc/taler-wire.conf
PrivateTmp=yes
PrivateDevices=yes
ProtectSystem=full


EOF
cat > "/etc/systemd/system/taler-exchange-transfer.service" <<EOF
[Unit]
Description=GNU Taler payment system exchange transfer service
After=network.target

[Service]
EnvironmentFile=/etc/default/taler-exchange
User=${_WIREUSERNAME}
Type=simple
Restart=on-failure
ExecStart=/usr/bin/taler-exchange-wirewatch -c /etc/taler-wire.conf
PrivateTmp=yes
PrivateDevices=yes
ProtectSystem=full

EOF
cat > "/etc/systemd/system/taler-exchange-aggregator.service" <<EOF
[Unit]
Description=GNU Taler payment system exchange aggregator service

[Service]
EnvironmentFile=/etc/default/taler-exchange
User=${_AGGRUSERNAME}
Type=simple
Restart=on-failure
ExecStart=/usr/bin/taler-exchange-aggregator -c /etc/taler.conf
PrivateTmp=yes
PrivateDevices=yes
ProtectSystem=full


EOF

		cp -f "${CONFIG_NEW}" "${CONFIG_FILE}"
		rm -f "${CONFIG_NEW}"
		echo " done."

        echo -n "Setting up system services "

        mkdir -p /var/lib/taler-exchange/tmp
        chown root:${_GROUPNAME} /var/lib/taler-exchange/tmp
        chmod 770 /var/lib/taler-exchange/tmp
        chmod +s /var/lib/taler-exchange/tmp

        chown ${_WIREUSERNAME}:root /etc/taler-wire.conf
        chmod 460 /etc/taler-wire.conf
        chown root:${_DBGROUPNAME} /etc/taler-exchange-db.conf
        chmod 640 /etc/taler-exchange-db.conf
        chown ${_EUSERNAME}:${_GROUPNAME} /etc/taler-exchange.conf
        chmod 460 /etc/taler-wire.conf

        systemctl daemon-reload >/dev/null 2>&1  || true

        echo "done."

		# Cleaning
		echo "All done."
		;;

	abort-upgrade|abort-remove|abort-deconfigure)
		;;

	*)
		echo "postinst called with unknown argument \`${1}'" >&2
		exit 1
		;;
esac

#DEBHELPER#

exit 0