#!/bin/bash

set -e

. /usr/share/yunohost/helpers

do_pre_regen() {
    pending_dir=$1

    cd /usr/share/yunohost/conf/ssh

    # Support different strategy for security configurations
    export compatibility="$(jq -r '.ssh_compatibility' <<< "$YNH_SETTINGS")"
    export port="$(jq -r '.ssh_port' <<< "$YNH_SETTINGS")"
    export password_authentication="$(jq -r '.ssh_password_authentication' <<< "$YNH_SETTINGS" | int_to_bool)"
    export ssh_keys=$(ls /etc/ssh/ssh_host_{ed25519,rsa,ecdsa}_key 2>/dev/null || true)

    # do not listen to IPv6 if unavailable
    [[ -f /proc/net/if_inet6 ]] && ipv6_enabled=true || ipv6_enabled=false
    export ipv6_enabled

    ynh_render_template "sshd_config" "${pending_dir}/etc/ssh/sshd_config"
}

do_post_regen() {
    regen_conf_files=$1

    # If no file changed, there's nothing to do
    [[ -n "$regen_conf_files" ]] || return 0

    # Enforce permissions for /etc/ssh/sshd_config
    chown root:root "/etc/ssh/sshd_config"
    chmod 644 "/etc/ssh/sshd_config"

    systemctl restart ssh
}

do_$1_regen ${@:2}