#!/bin/sh
# vim: set ts=4 sw=4:
set -eu

readonly ADMIN_GROUP='wheel'

: ${USER_SHELL:=${USERNAME_SHELL:-"/bin/sh"}}

if [ -z "${USERNAME:-}" ]; then
	exit 0
fi

. "$(dirname "$(readlink -f "$0")")"/utils.sh

if ! id "$USERNAME" >/dev/null 2>&1; then
	echo "Creating user $USERNAME" >&2

	if command -v useradd >/dev/null; then
		useradd --create-home \
		        --no-user-group \
		        --shell "$USER_SHELL" \
		        ${USER_UID:+"-u $USER_UID"} \
		        "$USERNAME"
	else
		adduser -D -G users -s "$USER_SHELL" ${USER_UID:+"-u $USER_UID"} "$USERNAME"
		passwd -u "$USERNAME" >/dev/null  # unlock account
	fi
fi

if ! id -Gn "$USERNAME" 2>/dev/null | grep -Fq $ADMIN_GROUP; then
	echo "Adding user $USERNAME to group $ADMIN_GROUP" >&2

	if command -v usermod >/dev/null; then
		usermod --append --groups $ADMIN_GROUP "$USERNAME"
	else
		addgroup "$USERNAME" $ADMIN_GROUP
	fi
fi

if yesno "${USERNAME_SUDO:-YES}"; then
	if command -v doas >/dev/null; then
		cfgfile="/etc/doas.d/$ADMIN_GROUP.conf"
		rule="permit nopass :$ADMIN_GROUP"
	elif command -v sudo >/dev/null; then
		cfgfile="/etc/sudoers.d/$ADMIN_GROUP"
		rule="%$ADMIN_GROUP ALL=(ALL) NOPASSWD: ALL"
	else
		echo "WARNING: neither doas nor sudo is installed, doas/sudo rule for $ADMIN_GROUP will not be added" >&2
		exit 0
	fi

	if ! [ -f "$cfgfile" ]; then
		echo "Creating $cfgfile" >&2
		cat > "$cfgfile" <<-EOF
			# Added by $(readlink -f "$0")
			$rule
		EOF
		chmod 640 "$cfgfile"
	fi
fi
