#!/bin/sh
set -e
die() {
    echo "$*" 1>&2
    exit 1
}

[ -z "$1" ] && die "usage: newuser USERNAME AUTHORIZED_KEYS"
[ -z "$2" ] && die "usage: newuser USERNAME AUTHORIZED_KEYS"
[ ! -f "$2" ] && die "$2 is not a file"

[ "$USER" != "root" ] && die "must be run as root"

# 1. Create account with `adduser`
#     - Add to wsrc to regen git index, wobj for building /usr/src
USERNAME="$1"
PASS=$(openssl rand -hex 8)
adduser -unencrypted -group "$USERNAME" -batch "$USERNAME" "wsrc,wobj" "$USERNAME" "$PASS" \
    -message /etc/skel/README.txt

# Add SSH keys
cat "$2" >"/home/$USERNAME/.ssh/authorized_keys"

# 2. Send welcome email (TODO)
#     - could just have a README.txt in /etc/skel
#     - maybe email too?
mail -s "Welcome to garbash.com [READ ME FIRST!]" "$USERNAME" < /etc/skel/README.txt

# 3. Add soju user -- either via sojuctl && restart 
echo "$PASS" | doas -u _soju sojuctl -config /home/_soju/soju.cfg create-user "$USERNAME"
rcctl restart soju

# 4. Add wg config via wggen
wggen "$USERNAME"
mail -s "Your wireguard info" "$USERNAME" < "/etc/wg/$USERNAME/client.conf"

# 5. Create git dir for them (and chown it) in /var/git
mkdir "/var/git/$USERNAME"
chown "$USERNAME:$USERNAME" "/var/git/$USERNAME"

# 6. Add them to mailing lists
sed -i \
    -e "s/^announce: /&$USERNAME, /" \
    -e "s/^dev: /&$USERNAME, /" \
    -e "s/^bugs: /&$USERNAME, /" \
    -e "s/^misc: /&$USERNAME, /" /etc/mail/aliases
newaliases

# 7. Create a /var/www/htdocs webhosting site
mkdir "/var/www/htdocs/~$USERNAME"
chown "$USERNAME:$USERNAME" "/var/www/htdocs/~$USERNAME"

echo "Password: $PASS" | mail -s "Your Inital Password [CHANGEME]"