#!/bin/sh

set -e

die() {
    echo >&2 "$@"
    exit 1
}

print_help() {
    cat <<EOF
Usage: adduser-novaboot --key KEY [--admin-id=NAME] [adduser options] user
EOF
}

TEMP=$(getopt -o 'h' --long 'admin-id:,key:,help,home:,uid:,firstuid:,lastuid:,gecos:,ingroup:,gid:' -n "${0##*/}" -- "$@")
[ $? -ne 0 ] && die "getopt error"
eval set -- "$TEMP"
unset TEMP

admin=admin
key=
while true; do
    case "$1" in
	'--admin-id')
	    admin=$2
	    shift 2;;
	'--key')
	    keysrc=$2
	    shift 2;;
	'-h' | '--help')
	    print_help; exit;;
	'--')
	    shift; break;;
	*)
	    adduser_opts="$adduser_opts $1 $2"
	    shift 2;;
    esac
done

[ -z "$keysrc" ] && die "Missing --key option"

if [ "$keysrc" = "-" ]; then
    key=$(cat)
else
    key=$(cat "$keysrc")
fi

[ -z "$key" -o "$(echo "$key" | wc -l)" -ne 1 ] && die "--key needs to be just one line"
echo "$key" | grep -q ssh || die "--key does not look like an SSH public key"

adduser --disabled-password --shell $(which novaboot-shell) $adduser_opts "$@"

user="$1"
home=$(getent passwd "$user"|awk -F: '{print $6;}')
uid=$(id -u "$user")

echo "Creating $home/.ssh/authorized_keys"
mkdir -p -m 700 "$home/.ssh"
echo "command=\"user $admin admin\" $key" >> $home/.ssh/authorized_keys
chown $user: "$home/.ssh" "$home/.ssh/authorized_keys"

if [ -d /srv/tftp -a ! -e /srv/tftp/$user  ]; then
    echo "Creating /srv/tftp/$user and symlink to it from $home/tftproot."
    mkdir -p /srv/tftp/$user
    chown $user /srv/tftp/$user
    ln -s /srv/tftp/$user $home/tftproot
else
    echo "NOT creating /srv/tftp/$user and symlink to it from $home/tftproot."
fi

if [ -d /run/systemd/system ]; then
    echo "Installing systemd services and timers in /etc/systemd/system/user@$uid.service.d"
    mkdir -p /etc/systemd/system/user@$uid.service.d
    cat <<EOF > /etc/systemd/system/user@$uid.service.d/novaboot-server.conf
[Unit]
Requires=novaboot-server-session@$user.service
After=novaboot-server-session@$user.service
EOF
    systemctl daemon-reload
fi

echo "Creating configuration template in $home/.novaboot-shell"
cat <<'CONFIG_EOF' > $home/.novaboot-shell
#!/bin/sh
#
# Configuration for novaboot-shell
#

#console_cmd='sterm -s 115200 /dev/ttyUSB0'

#reset_cmd='/bin/sh -c "(usbrelay LY03X_2=1; sleep 0.1; usbrelay LY03X_2=0) 2>/dev/null"'

#on_cmd='/bin/sh -c "(usbrelay LY03X_1=1; sleep 0.1; usbrelay LY03X_1=0) 2>/dev/null"';
#off_cmd='/bin/sh -c "(usbrelay LY03X_1=1; sleep 7.0; usbrelay LY03X_1=0) 2>/dev/null"';

# target_config="\
# --prefix=/prefix/
# --uboot==>
# --uboot-init=setenv serverip 192.168.1.1
# --uboot-addr=kernel=0x81000000
# --uboot-addr=fdt=0x83000000
# --uboot-addr=ramdisk=0x83100000
# "
CONFIG_EOF
chown $user: $home/.novaboot-shell

echo "Done"
exit 0

: <<EOF
=encoding utf8

=head1 NAME

adduser-novaboot - create user account for use with novaboot's --ssh option

=head1 SYNOPSIS

B<adduser-novaboot> --key KEY [--admin-id NAME] [adduser options] user

=head1 DESCRIPTION

B<adduser-novaboot> is a wrapper of L<adduser(8)> command that
simplifies creation of user accounts for I<novaboot>'s --ssh option.
The created account has its shell set to L<novaboot-shell(1)>. The
command also creates a template of the configuration file, sets up
administrator's SSH key in L<authorized_keys(5)> prepares directories
and symlinks that for integration with TFTP server and, when run under
L<systemd(1)>, configures systemd service files to automatically
power-off the target after timeout.

=head1 OPTIONS

=over 8

=item --key KEY

Mandatory argument specifying administrator's public SSH key (e.g.
F<~/.ssh/id_rsa.pub>). The key will be copied to the created account's
F<~/.ssh/authorized_keys> and marked with administrator flag.

=item --admin-id NAME

User name associated with the key. This user name is shown to
connecting users when the target is occupied by the administrator.
When omitted, I<admin> is used as the user name.

=back

=head1 AUTHORS

Michal Sojka <sojkam1@fel.cvut.cz>

Latest version can be found at
L<https://github.com/wentasah/novaboot>.

=cut
EOF