#!/bin/bash

TUN=fsginfra
THD=/var/lib/$TUN

function is_user_conforming()
{
    echo -n "Checking user $TUN: "
    id -u $TUN || return 1

    user_record="$(getent passwd $TUN)"

    [[ -n "$user_record" ]] || { echo >&2 "User $TUN exists but can't read record." ; return 2 ; }

    user_home_dir="$(echo "$user_record" | cut -d ':' -f 6)"

    [[ "$user_home_dir" == "$THD" ]] || { echo >&2 "Not the expected user dir, found: $user_home_dir" ; return 3 ; }

    [[ -f "$THD/.ssh/authorized_keys" ]] || { echo >&2 "No authorized_keys: $THD/.ssh/authorized_keys" ; return 4 ; }

    grep -q stephane@tc15 $THD/.ssh/authorized_keys || { echo >&2 "No expected key in $THD/.ssh/authorized_keys" ; return 5 ; }

    find $THD -not -user $TUN | grep . && { echo >&2 "Files not owned by user $TUN in $THD" ; return 6 ; }

    # id -nGz $TUN | grep -qzxF "docker" || { echo >&2 "User not in docker group" ; return 7 ; } # not needed with podman

    echo "All correct"
    return 0
}

if ! is_user_conforming
then
    if adduser --help | grep -q comment
    then
	ADDUSER_OPT="verbose --comment"
    else
	ADDUSER_OPT=gecos
    fi
    adduser --$ADDUSER_OPT "Dedicated user for gourichon infrastructure" --disabled-password --home $THD --gecos "" $TUN

    # adduser $TUN docker # not needed with podman

    mkdir -p $THD/.ssh
    chmod 700 $THD/.ssh
    echo "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCuqupnwg1gR71GpjNiu2sNukEuthOcCBzu9IWgj7aCIIGBRXcrahAEtDP6vRGE4HwCMYYWoe2L/gTiG4gzenrxxOOypAG8ONVax0C0xqdPu17QG28RuU8ToGiLsCQlV0zHszU4ZPpvJLXZb8EI5g5FP2gymhEKRlxAuxi10x1Sq1y5MIqQBNc7cCorKkYOHO+8P9o8ecJeUkN+5Q/jItb4ccn9L2efKVjyDuzSjd+twak5UstZtACi420ZtdeytagpJH/6bVWPnZ2xL9XaY+VhWozaVuAnAT5K6bx//JNUvmonVwFvv4OdauI5woRTWaWytDXr9g0qvMe0//ayzbUbiNSUHx10U8euwhHLY98hYxY66wnEp3SXqfiBFZFit16mbxJx0qP9mu38h38z4iJWLlglxyux6v5rq1wLHD64a/bNVcxByg/aDPuvlO+PdNQPLWqZwogD56Wu8ApUCGDu6OQYt+GRF2i7bDpm9TS7qj92CQh9aIzS5OQWhLTixDM= stephane@tc15" >> $THD/.ssh/authorized_keys
    chmod 600 $THD/.ssh/authorized_keys
    chown $TUN $THD -Rc
fi