#!/bin/bash
echo "Hello! Welcome to the Cadence New User Script."
echo "You can use this script to generate the files needed for a new Cadence user."
echo ""

# Gather variables
read -p "Enter a username: " username
read -p "Enter the user's full name: " full_name
read -p "Enter the user's email: " email
while true; do
        read -s -p "Pick a new password: " password
        echo
        read -s -p "Confirm the new Password: " password2
        echo
        [ "$password" = "$password2" ] && break
        echo "Password's do not match, please try again."
done
echo ""

# Create user and add to group
echo "Creating user..."
useradd -m -G st-users -c "$full_name" -p $password $username || exit 1
echo "User $username has been created..."
echo ""

# Create VNC Systemd service
echo "Creating VNC Systemd service..."
# Generate filename for systemd service
files=`find /etc/systemd/system/ -maxdepth 1 -name "vncserver*:*"`
max_val=0
for i in $files; do
        value=`echo $i | sed -n -r 's/.*@:([0-9]+)\.service/\1/p'`
        if [ $value -gt $max_val ]; then
                max_val=$value
        fi
done
let "max_val=$max_val+1"
srvc_fname="vncserver_$username@:$max_val.service"
cp /lib/systemd/system/vncserver@.service /etc/systemd/system/$srvc_fname
# Update systemd service file
sed -i "s/[<]USER[>]/$username/g" /etc/systemd/system/$srvc_fname
sed -i "41s/\%i/\%i -localhost/g" /etc/systemd/system/$srvc_fname
# Add new user to vncusers file
echo ":$max_val=$username" >> /etc/tigervnc/vncserver.users
echo "New VNC service for $username created..."

# VNC auth has been disabled in guide, comment in if vncpasswd is desired
# Create VNC password
#echo "Generating VNC password..."
#mkdir -p /home/$username/.vnc
#echo $password | vncpasswd -f > /home/$username/.vnc/passwd
#chown -R $username:$username /home/$username/.vnc
#chmod 600 /home/$username/.vnc/passwd
#chmod 700 /home/$username/.vnc
#echo "VNC password has been saved in /home/$username/.vnc/passwd..."
#echo ""

# Create fix_vnc.sh script in user's home dir
echo "Creating fix_vnc.sh script in /home/$username..."
touch /home/$username/fix_vnc.sh
if [ $max_val -lt 10  ]; then
        echo "systemctl is-active --quiet vncserver_$username@:$max_val.service || systemctl restart vncserver_$username@:$max_val.service && echo VNC service for $username is running on port 590$max_val." > /home/$username/fix_vnc.sh
else
        echo "systemctl is-active --quiet vncserver_$username@:$max_val.service || systemctl restart vncserver_$username@:$max_val.service && echo VNC service for $username is running on port 59$max_val." > /home/$username/fix_vnc.sh
fi
chown $username:$username /home/$username/fix_vnc.sh
chmod 700 /home/$username/fix_vnc.sh

# Create ssh directory
echo "Creating SSH keys..."
mkdir -pv /home/$username/.ssh
touch /home/$username/.ssh/authorized_keys
# Generate ssh keypair
ssh-keygen -t ed25519 -C "$email" -P $password -a 1000 -o -f /home/$username/.ssh/id_ed25519_$username
# Modify SSH folder permissions
chmod 600 /home/$username/.ssh/authorized_keys
chmod 700 /home/$username/.ssh
chown -R $username:$username /home/$username/.ssh
# Add public key to authorized keys
cat /home/$username/.ssh/id_ed25519_$username.pub >> /home/$username/.ssh/authorized_keys
echo "SSH keys saved to /home/$username/.ssh..."
echo ""

echo "Done onboarding new VNC user. Dont forget to give the new user their username, password,"
echo "and the ssh keys in /home/$username/.ssh/."