#!/bin/sh -e

set -e

if [ "$1" = configure ]; then
    # Create the loki_ group (shared with lokid)
    if ! getent group _loki >/dev/null; then
        addgroup --force-badname --system --quiet _loki
    fi

    # Create _lokinet user if it doesn't exist
    if ! getent passwd _lokinet >/dev/null; then
        adduser --force-badname --system --quiet --home /var/lib/lokinet --ingroup _loki --gecos "Lokinet system user" _lokinet
    fi

    # Make sure the _lokinet user is part of the _loki group (in case it already existed)
    if ! id -Gn _lokinet | grep -qw _loki; then
        adduser --force-badname --quiet _lokinet _loki
    fi

    mkdir -p /var/lib/lokinet
    su -s /bin/sh _lokinet -c "test -O /var/lib/lokinet && test -G /var/lib/lokinet" || \
        chown _lokinet:_loki /var/lib/lokinet

    if ! dpkg-statoverride --list /usr/bin/lokinet >/dev/null 2>&1; then
        dpkg-statoverride --update --add root _loki 750 /usr/bin/lokinet
    fi

    if ! setcap cap_net_admin,cap_net_bind_service=+eip /usr/bin/lokinet; then
        echo "failed to setcap lokinet" >&2
        exit 1
    fi

    if ! [ -e /var/lib/lokinet/bootstrap.signed ]; then
        /usr/bin/lokinet-bootstrap "" /var/lib/lokinet/bootstrap.signed
        chown _lokinet:_loki /var/lib/lokinet/bootstrap.signed
    fi

    tmpdir=$(mktemp --tmpdir -d lokinet.XXXXXXXXXX)
    /usr/bin/lokinet -g $tmpdir/lokinet.ini
    sed -i -e "s#$tmpdir#/var/lib/lokinet#" $tmpdir/lokinet.ini
    chmod 640 $tmpdir/lokinet.ini
    chgrp _loki $tmpdir/lokinet.ini
    ucf $tmpdir/lokinet.ini /etc/loki/lokinet.ini
    ucfr lokinet /etc/loki/lokinet.ini

fi

#DEBHELPER#