#!/bin/sh
# postinst script for memgraph
#
# see: dh_installdeb(1)

set -e

# summary of how this script can be called:
#        * <postinst> `configure' <most-recently-configured-version>
#        * <old-postinst> `abort-upgrade' <new version>
#        * <conflictor's-postinst> `abort-remove' `in-favour' <package>
#          <new-version>
#        * <postinst> `abort-remove'
#        * <deconfigured's-postinst> `abort-deconfigure' `in-favour'
#          <failed-install-package> <version> `removing'
#          <conflicting-package> <version>
# for details, see https://www.debian.org/doc/debian-policy/ or
# the debian-policy package

case "$1" in
    configure)
        # Add the 'memgraph' user and group and set permissions on
        # 'var/*/memgraph' directories.
        adduser --quiet --system --group --home /var/lib/memgraph --no-create-home --shell /bin/bash memgraph || exit 1
        echo "Don't forget to switch to the 'memgraph' user to use Memgraph" || exit 1
        chown memgraph:memgraph /var/lib/memgraph || exit 1
        chmod 750 /var/lib/memgraph || exit 1
        chown memgraph:adm /var/log/memgraph || exit 1
        chmod 750 /var/log/memgraph || exit 1

        # Create telemetry directory in examples
        for i in /usr/share/memgraph/examples/*; do
            # The telemetry directory may already exist from some prior installation
            if [ ! -d $i/telemetry ]; then
                mkdir $i/telemetry || exit 1
            fi
            chown -R memgraph:memgraph $i/telemetry || exit 1
            # Make snapshots directory immutable (optional)
            chattr +i -R $i/snapshots || true
        done

        # Generate SSL certificates
        if [ ! -d /etc/memgraph/ssl ]; then
            mkdir /etc/memgraph/ssl || exit 1
            openssl req -x509 -newkey rsa:4096 -days 3650 -nodes \
                -keyout /etc/memgraph/ssl/key.pem -out /etc/memgraph/ssl/cert.pem \
                -subj "/C=GB/ST=London/L=London/O=Memgraph Ltd./CN=Memgraph DB" || exit 1
            chown memgraph:memgraph /etc/memgraph/ssl/* || exit 1
            chmod 400 /etc/memgraph/ssl/* || exit 1
        fi
    ;;

    abort-upgrade|abort-remove|abort-deconfigure)
    ;;

    *)
        echo "postinst called with unknown argument \`$1'" >&2
        exit 1
    ;;
esac

# Always setup the systemd memgraph.service. The following was autogenerated
# by dh_systemd_enable and dh_systemd_start, so it should behave as expected.

# This will only remove masks created by d-s-h on package removal.
deb-systemd-helper unmask memgraph.service >/dev/null || true

# was-enabled defaults to true, so new installations run enable.
if deb-systemd-helper --quiet was-enabled memgraph.service; then
    # Enables the unit on first installation, creates new
    # symlinks on upgrades if the unit file has changed.
    deb-systemd-helper enable memgraph.service >/dev/null || true
else
    # Update the statefile to add new symlinks (if any), which need to be
    # cleaned up on purge. Also remove old symlinks.
    deb-systemd-helper update-state memgraph.service >/dev/null || true
fi

if [ -d /run/systemd/system ]; then
    systemctl --system daemon-reload >/dev/null || true
    deb-systemd-invoke start memgraph.service >/dev/null || true
fi

exit 0