#!/bin/sh
set -e

##
# variables
localbase="${LOCALBASE:-$(realpath $(dirname $0)/..)}"
libexec="${localbase}/libexec/portzap"
conf=$(cat "${localbase}"/share/portzap/doas.conf)
doas="${localbase}"/etc/doas.conf

##
# functions
printok() {
    "${libexec}"/printok "$1"
}

printerr() {
    "${libexec}"/printerr "$1"
}

##
# main
if [ "$(id -u)" != "0" ]; then
    printerr "you must be root"
    exit 1
fi

if id -u _portzap > /dev/null 2>&1; then
    printok "_portzap user exists"
else
    pw useradd -n _portzap \
        -c "portzap user" \
        -m \
        -s /sbin/nologin
    chmod u=rwX,g=rX,o= /home/_portzap/
    printok "create _portzap user"
fi

if grep -F "^${conf}$" "${doas}" > /dev/null 2>&1; then
    printok "${doas} is up to date"
else
    echo "$conf" >> "$doas"
    printok "update ${doas} (note: review the update)"
fi

printf "Add user(s) to the _portzap group:\n"
printf "root# pw groupmod -n _portzap -m user1,user2\n"