#!/bin/bash

set -e

. /usr/share/yunohost/helpers

do_pre_regen() {
    pending_dir=$1

    cd /usr/share/yunohost/conf/ssh

    # do not listen to IPv6 if unavailable
    [[ -f /proc/net/if_inet6 ]] && ipv6_enabled=true || ipv6_enabled=false

    ssh_keys=$(ls /etc/ssh/ssh_host_{ed25519,rsa,ecdsa}_key 2>/dev/null || true)

    # Support different strategy for security configurations
    export compatibility="$(yunohost settings get 'security.ssh.ssh_compatibility')"
    export port="$(yunohost settings get 'security.ssh.ssh_port')"
    export password_authentication="$(yunohost settings get 'security.ssh.ssh_password_authentication' | int_to_bool)"
    export ssh_keys
    export ipv6_enabled
    ynh_render_template "sshd_config" "${pending_dir}/etc/ssh/sshd_config"
}

do_post_regen() {
    regen_conf_files=$1

    # If no file changed, there's nothing to do
    [[ -n "$regen_conf_files" ]] || return 0

    # Enforce permissions for /etc/ssh/sshd_config
    chown root:root "/etc/ssh/sshd_config"
    chmod 644 "/etc/ssh/sshd_config"

    systemctl restart ssh
}

do_$1_regen ${@:2}