#!/bin/sh
set -e

case "$1" in
    configure)
        # Create system user
        if [ -d /run/systemd/system ] && [ -x /usr/bin/systemd-sysusers ]; then
            systemd-sysusers oauth2-proxy.conf
        else
            if ! getent passwd oauth2-proxy >/dev/null; then
                adduser --system --group --no-create-home --home /nonexistent \
                    --gecos "OAuth2 Proxy Service" oauth2-proxy
            fi
        fi

        # Create state directory
        mkdir -p /var/lib/oauth2-proxy
        chown oauth2-proxy:oauth2-proxy /var/lib/oauth2-proxy
        chmod 750 /var/lib/oauth2-proxy

        # Create configuration directory
        mkdir -p /etc/oauth2-proxy
        chown oauth2-proxy:oauth2-proxy /etc/oauth2-proxy
        chmod 750 /etc/oauth2-proxy

        # Create log directory
        mkdir -p /var/log/oauth2-proxy
        chown oauth2-proxy:oauth2-proxy /var/log/oauth2-proxy
        chmod 750 /var/log/oauth2-proxy

        # Create runtime directory
        mkdir -p /run/oauth2-proxy
        chown oauth2-proxy:nginx /run/oauth2-proxy
        chmod 770 /run/oauth2-proxy
        ;;
esac

#DEBHELPER#

exit 0
