#!/bin/sh

set -x

if ! (id -u "${WEECHAT_USER}" 2>/dev/null); then
	adduser -u "${WEECHAT_UID}" -D -H "${WEECHAT_USER}"
	sed -i 's/^'"${WEECHAT_UID}"':!:/'"${WEECHAT_UID}"':*:/' /etc/shadow
	USER_RANDOM_PASS=$(tr -dc '_A-Z-a-z-0-9$§%&/()!;:_,.-' < /dev/urandom | head -c${1:-64};echo;)
	echo "${WEECHAT_USER}:${USER_RANDOM_PASS}" | chpasswd
fi

WEECHAT_HOME="${WEECHAT_BASE}/.weechat" 
if [ ! -d "${WEECHAT_HOME}" ]; then 
	mkdir -vp "${WEECHAT_HOME}"
	chown -R "${WEECHAT_UID}" "${WEECHAT_HOME}"
fi

for KEY_TYPE in rsa dsa ed25519 ecdsa; do
	KEY_FILE="/etc/ssh/ssh_host_${KEY_TYPE}_key"
	if [ ! -f "${KEY_FILE}" ]; then
		ssh-keygen -f "${KEY_FILE}" -N '' -t "${KEY_TYPE}"
	fi
done

if [ ! -d "/var/run/sshd" ]; then
	mkdir -p /var/run/sshd
fi

if [ -f /config/sshd_config ] ; then
	SSHD_CONFIG=/config/sshd_config
else
	SSHD_CONFIG=/etc/ssh/sshd_config
fi

/usr/sbin/sshd -f "${SSHD_CONFIG}" -p "${SSH_PORT}" -D & 

cd "${WEECHAT_BASE}"
test -d .ssh || mkdir -vp .ssh

if [ -f /config/authorized_keys ] ; then
	touch .ssh/authorized_keys
	while read SSH_KEY ; do
		if ! grep -q $(echo "${SSH_KEY}" | awk '{ print $2 }') .ssh/authorized_keys ; then
			echo 'no-agent-forwarding,no-X11-forwarding,permitopen="localhost:'"${SSH_PORT}"'",command="echo '\''This account can only be used for WeeChat relays'\''" '"${SSH_KEY}" >> .ssh/authorized_keys
			fi
	done < /config/authorized_keys
fi
chown -R "${WEECHAT_UID}" .ssh

cd "${WEECHAT_HOME}"
exec su "${WEECHAT_USER}" -c 'weechat-headless --stdout'