#!/bin/bash
# postinst for edgeguard-api — creates system user, filesystem layout,
# enables systemd units. DB init + migrations run lazily on first start
# of edgeguard-api.
set -e

export LC_ALL=C
export LANG=C

EG_USER="edgeguard"
EG_HOME="/var/lib/edgeguard"

case "$1" in
    configure)
        # ── System user ──────────────────────────────────────────────
        if ! getent passwd "$EG_USER" >/dev/null; then
            adduser --system --group --home "$EG_HOME" \
                    --shell /usr/sbin/nologin --no-create-home \
                    --gecos "EdgeGuard daemon" "$EG_USER"
        fi

        # ── Directories ──────────────────────────────────────────────
        for d in /etc/edgeguard /var/lib/edgeguard /var/log/edgeguard \
                 /etc/edgeguard/haproxy /etc/edgeguard/nginx \
                 /etc/edgeguard/squid /etc/edgeguard/wireguard \
                 /etc/edgeguard/unbound /etc/edgeguard/nftables.d \
                 /etc/edgeguard/tls; do
            install -d -m 0750 -o "$EG_USER" -g "$EG_USER" "$d"
        done

        # ── systemd ──────────────────────────────────────────────────
        systemctl daemon-reload
        systemctl enable --now edgeguard-api.service edgeguard-scheduler.service || true
        ;;

    abort-upgrade|abort-remove|abort-deconfigure)
        ;;

    *)
        echo "postinst called with unknown argument \`$1'" >&2
        exit 1
        ;;
esac

#DEBHELPER#

exit 0
