#!/bin/bash

# WARNING 1: probably contains bashisms galore.  If you don't have bash,
# please install it.

# NOTE 1: this script is initially run as root, then it calls itself with an
# "su" so it can run as the hosting user.

# NOTE 2: if you'd rather do this manually, just do the first part as root,
# and the second part as the hosting user, with only the name of the user
# (alice) and her pub key (~alice/.ssh/id_rsa.pub) needing to be passed from
# root to the hosting user id.

# ------------------------------------------------------------------------------

# site-local changes

# the gitolite hosting user you want to forward git commands to.  Typically
# this will be 'git' or perhaps 'gitolite', but actually could be anything
hosting_user="gitolite-test"

# absolute path of the gitolite-admin repo
admin_repo="/home/gitolite-test/repositories/gitolite-admin.git"

# the full path to the new login shell to replace these users' existing shell
new_shell="/usr/local/bin/gl-shell"

my_chsh() {
    # please replace with appropriate command for your OS/distro.  This one is
    # suitable at least for Fedora, maybe others also
    chsh -s $new_shell $1
}

# remove these 2 lines after you have done your customisation
[ -f /tmp/done.gl-shell-setup ] || { echo please customise $0 before using; exit 1; }

# ------------------------------------------------------------------------------

die() { echo "FATAL: $@" >&2; exit 1; }

# ------------------------------------------------------------------------------

euid=$(perl -e 'print $>')
if [ "$euid" = "0" ]
then

    # --------------------------------------------------------------------------
    # stuff to be done as root
    # --------------------------------------------------------------------------

    [ -n "$1" ] || die "need a valid username"
    user=$1
    id $user >/dev/null || die "need a valid username"

    # now fix up the user's login shell
    my_chsh $user

    # drat... 'cd ~$user` doesn't work...
    cd $(bash -c "echo ~$user") || die "can't cd to $user's home directory"

    # now set up her rsa key, creating it if needed
    [ -d .ssh ] || {
        mkdir .ssh
        chown $user .ssh
        chmod go-w  .ssh
    }
    [ -f .ssh/id_rsa.pub ] || {
        ssh-keygen -q -N "" -f .ssh/id_rsa
        chown $user .ssh/id_rsa .ssh/id_rsa.pub
        chmod go-rw .ssh/id_rsa
        chmod go-w  .ssh/id_rsa.pub
    }

    # now run yourself as the hosting user, piping in the pubkey to STDIN, and
    # passing the username whose key it is as argument 1.
    cat .ssh/id_rsa.pub | su -l -c "$0 $user" $hosting_user

    exit 0

else

    # --------------------------------------------------------------------------
    # stuff to be done as the hosting user
    # --------------------------------------------------------------------------

    user=$1

    # make a temp dir and switch to it
    export tmp=$(mktemp -d)
    cd $tmp || die "could not cd to temp dir $tmp"
    trap "rm -rf $tmp" 0

    # clone the admin repo here
    git clone $admin_repo .
    # copy alice's pubkey, which was sent in via STDIN.  We don't want to
    # overwrite any *other* keys she may have, hence the @localhost part.
    # (See "one user, many keys" in doc/3 for more on this @ part).
    cat > keydir/$user@localhost.pub
    # add commit push...
    git add keydir/$user@localhost.pub
    git diff --cached --quiet 2>/dev/null || git commit -am "$0: added/updated local key for $user"
    gl-admin-push
        # see doc for what/why this is

fi
