#!/bin/bash

set -e

. /usr/share/yunohost/helpers

do_pre_regen() {
    pending_dir=$1

    cd /usr/share/yunohost/conf/ssh

    # do not listen to IPv6 if unavailable
    [[ -f /proc/net/if_inet6 ]] && ipv6_enabled=true || ipv6_enabled=false

    ssh_keys=$(ls /etc/ssh/ssh_host_{ed25519,rsa,ecdsa}_key 2>/dev/null || true)

    # Support legacy setting (this setting might be disabled by a user during a migration)
    if [[ "$(yunohost settings get 'security.ssh.ssh_allow_deprecated_dsa_hostkey')" == "True" ]]; then
        ssh_keys="$ssh_keys $(ls /etc/ssh/ssh_host_dsa_key 2>/dev/null || true)"
    fi

    # Support different strategy for security configurations
    export compatibility="$(yunohost settings get 'security.ssh.ssh_compatibility')"
    export port="$(yunohost settings get 'security.ssh.ssh_port')"
    export password_authentication="$(yunohost settings get 'security.ssh.ssh_password_authentication')"
    export ssh_keys
    export ipv6_enabled
    ynh_render_template "sshd_config" "${pending_dir}/etc/ssh/sshd_config"
}

do_post_regen() {
    regen_conf_files=$1

    # If no file changed, there's nothing to do
    [[ -n "$regen_conf_files" ]] || return 0

    # Enforce permissions for /etc/ssh/sshd_config
    chown root:root "/etc/ssh/sshd_config"
    chmod 644 "/etc/ssh/sshd_config"

    systemctl restart ssh
}

do_$1_regen ${@:2}