#!/bin/sh

############ CREATE DIRS
mkdir -p /auth /logs
chown proftpd /auth /logs
chmod u+rw /auth /logs
chmod g-w /auth /logs

############ MASQUERADE
MASQUERADE=${MASQUERADE:-127.0.0.1}
echo "MasqueradeAddress ${MASQUERADE}" > /etc/proftpd/conf.d/masquerade.conf

############ AUTH
[ ! -f /auth/passwd ] && touch /auth/passwd
chmod 0600 /auth/passwd
chmod 0700 /auth

############ PASSIVE PORTS
PASSIVEPORTS_START=${PASSIVEPORTS_START:-50000}
PASSIVEPORTS_END=${PASSIVEPORTS_END:-50050}
echo "PassivePorts ${PASSIVEPORTS_START} ${PASSIVEPORTS_END}" > /etc/proftpd/conf.d/passive_ports.conf

############ MAX CLIENTS
MAXCLIENTS=${MAXCLIENTS:-30}
MAXCLIENTSPERHOST=${MAXCLIENTSPERHOST:-5}
echo "Maxclients ${MAXCLIENTS}" > /etc/proftpd/conf.d/maxclients.conf
echo "MaxClientsPerHost ${MAXCLIENTSPERHOST}" >> /etc/proftpd/conf.d/maxclients.conf

############ CERT INIT
ENABLE_ACME=${ENABLE_ACME:-no}

if [ "$ENABLE_ACME" = "1" ] ; then
  /app/acme-cert-init.sh
else
  /app/cert-init.sh
fi

############ INIT DB if needed
SQLITE_AUTH=${SQLITE_AUTH:-no}
if [ "$SQLITE_AUTH" = "1" ] ; then
  if [ ! -f /auth/ftpd.db ] ; then
    sqlite3 /auth/ftpd.db < /app/init.sql
  fi
fi

############ GENERATE RANDOM PASSWORD FOR HEALTHCHECK
head /dev/urandom | tr -dc A-Za-z0-9 | head -c 20  > /app/healthcheck.pwd
chmod 600 /app/healthcheck.pwd

############ UPDATE HEALTHCHECK CREDS
HEALTHCHECK_UID=1999
mkdir -p /home/healthcheck
chown ${HEALTHCHECK_UID}:${HEALTHCHECK_UID} /home/healthcheck
if [ "$SQLITE_AUTH" = "1" ] ; then
  PASSWD_SHA=$(cat /app/healthcheck.pwd | mkpasswd -m sha512)
  sqlite3 /auth/ftpd.db <<EOF
INSERT OR IGNORE INTO users (userid,passwd,uid,gid,homedir,shell) VALUES ('healthcheck','',${HEALTHCHECK_UID},${HEALTHCHECK_UID},'/home/healthcheck','/bin/false');
INSERT OR IGNORE INTO groups (groupname,gid,members) VALUES ('healthcheck',${HEALTHCHECK_UID},'healthcheck');
UPDATE users SET passwd='$PASSWD_SHA' WHERE userid='healthcheck';
EOF
else
  cat /app/healthcheck.pwd | ftpasswd --stdin --passwd --name=healthcheck \
    --uid=${HEALTHCHECK_UID} \
    --home=/home/healthcheck --sha512 --shell=/bin/false --file=/auth/passwd
fi

############ CONFIGURE AUTH
if [ "$SQLITE_AUTH" = "1" ] ; then
  echo "AuthOrder mod_sql.c" > /etc/proftpd/conf.d/auth.conf
else
  echo "AuthOrder mod_auth_file.c" > /etc/proftpd/conf.d/auth.conf
fi

############ START CRON
crond -b

############ START
proftpd -n