0k-charms/sftp/lib/common

# -*- mode: shell-script -*-


make_build_script() {
    local users_def="$1" cache_file="$CACHEDIR/$FUNCNAME.cache.$(p0 "$@" | md5_compat)"
    if [ -e "$cache_file" ]; then
        #debug "$FUNCNAME: STATIC cache hit"
        cat "$cache_file" &&
        touch "$cache_file" || return 1
        return 0
    fi

    local users_def="$1" \
          code fixed_groups_code groups_code volume_keys \
          created_groups first_group

    if [ -z "$users_def" ]; then
        return 0
    fi

    e "set -eux"$'\n'
    code=""
    fixed_groups_code=""
    groups_code=""
    volume_keys=()

    declare -A created_groups
    while read-0 user user_def; do

        code+="mkdir -p \"/home/$user\""$'\n'

        ##
        ## Group management
        ##

        first_group=
        groups=()
        first=1
        while read-0 group; do
            [ "${created_groups[$group]}" ] && continue
            if [[ "$group" == *":"* ]]; then
                gid=${group##*:}
                group=${group%%:*}
                fixed_groups_code+="addgroup -g \"$gid\" \"$group\""$'\n'
            else
                groups_code+="addgroup \"$group\""$'\n'
            fi
            created_groups[$group]=1
            if [ "$first" ]; then
                first_group="$group"
                first=
            else
                remaining_groups+=("$group")
            fi
            groups+=("$group")
        done < <(echo "$user_def" | shyaml get-values-0 groups 2>/dev/null)


        ##
        ## User create commands
        ##

        uid=$(echo "$user_def" | shyaml get-value uid 2>/dev/null)

        useradd_options=(
            "-D"                ## don't assign a password
            "-s" "/bin/false"   ## default shell
        )
        if [ "$uid" ]; then
            useradd_options+=("-u" "$uid")    ## force uid
        fi
        if [ "$first_group" ]; then
            useradd_options+=("-G" "$first_group")  ## force main group
        fi

        code+="adduser ${useradd_options[*]} \"$user\""$'\n'
        if [ "$allow_writeable_chroot" ]; then
            code+="chown $user \"/home/$user\""$'\n'  ## sanitize
        else
            code+="chown root:root \"/home/$user\""$'\n'  ## sanitize
        fi
        code+="chmod 755 \"/home/$user\""$'\n'        ## sanitize
        password=$(echo "$user_def" | shyaml get-value password 2>/dev/null) ||
            password=$(gen_password 14)
        code+="echo '$user:$password' | chpasswd"$'\n'
        for group in "${remaining_groups[@]}"; do
            code+="adduser \"$user\" \"$group\""$'\n'
        done

        ##
        ## Key managements
        ##

        while read-0 key; do
            keys+="$key"$'\n'
        done < <(echo "$user_def" | shyaml get-values-0 -q keys)
        if [ "$keys" ]; then
            code+="mkdir -p \"/home/$user/.ssh\""$'\n'
            code+="cat <<EOF > /home/$user/.ssh/authorized_keys"$'\n'
            code+="$keys"
            code+="EOF"$'\n'
            # code+="chown $user /home/$user/.ssh/authorized_keys"$'\n'
            code+="chmod 644 /home/$user/.ssh/authorized_keys"$'\n'
            code+="chmod 755 /home/$user/.ssh"$'\n'

        fi

    done < <(echo "$users_def" | shyaml key-values-0)
    {
        echo -n "$fixed_groups_code"
        echo -n "$groups_code"
        echo -n "$code"
    } | tee "$cache_file"
}