#!/bin/sh
# postinst script for noris-server
#
# see: dh_installdeb(1)

set -e

# summary of how this script can be called:
#	 * <postinst> `configure' <most-recently-configured-version>
#	 * <old-postinst> `abort-upgrade' <new version>
#	 * <conflictor's-postinst> `abort-remove' `in-favour' <package>
#	   <new-version>
#	 * <postinst> `abort-remove'
#	 * <deconfigured's-postinst> `abort-deconfigure' `in-favour'
#	   <failed-install-package> <version> `removing'
#	   <conflicting-package> <version>
# for details, see http://www.debian.org/doc/debian-policy/ or
# the debian-policy package


case "$1" in
    configure)
	# motd generieren
	uname -a > /etc/motd.tmp
	[ -f /etc/motd ] && sed 1d /etc/motd >> /etc/motd.tmp
	mv /etc/motd.tmp /etc/motd
	# nrpe mit inetd konfigurieren
	if [ ! -f /etc/nrpe.cfg ] ; then
		echo -e "/etc/nrpe.cfg doesn't exists on your system..."
		cp /usr/share/doc/noris-server/examples/nrpe.cfg /etc/nrpe.cfg
		echo "using example."
	fi
	grep -e '^nrpe' /etc/services > /dev/null || echo "nrpe		5666/tcp" >> /etc/services
	if [ -f /etc/inetd.conf ] ; then 
		echo "Configuring nrpe as inetd-service."
		cp /etc/inetd.conf /etc/inetd.conf.dpkg-old
		sed -e '/^nrpe/d' /etc/inetd.conf.dpkg-old > /etc/inetd.conf
		echo "nrpe	stream	tcp	nowait	nagios	/usr/sbin/tcpd	/usr/sbin/nrpe -c /etc/nrpe.cfg -i" >> /etc/inetd.conf
		/usr/sbin/update-rc.d -f nagios-nrpe-server remove
		[ -x /etc/init.d/nagios-nrpe-server ] && /etc/init.d/nagios-nrpe-server stop
		adduser --system nagios
	fi
	[ -x /etc/init.d/openbsd-inetd ] && /etc/init.d/openbsd-inetd restart

	# nrpe.cfg pimpen
	grep -e "^command\[check_noris_backup\]" /etc/nrpe.cfg > /dev/null || \
	echo "command[check_noris_backup]=/usr/lib/nagios/plugins/check_noris_backup" >> /etc/nrpe.cfg
	grep -e "^command\[check_cron\]" /etc/nrpe.cfg > /dev/null || \
	echo "command[check_cron]=/usr/lib/nagios/plugins/check_cron" >> /etc/nrpe.cfg
	grep -e "^command\[check_apt\]" /etc/nrpe.cfg > /dev/null || \
	echo "command[check_apt]=/usr/lib/nagios/plugins/check_apt" >> /etc/nrpe.cfg
	
        # ssh
        sshfile="sshd_config" 
	cp /etc/ssh/$sshfile /etc/ssh/sshd_config.dpkg-old
        sed -e 's/X11Forwarding\ no/X11Forwarding\ yes/g;s/PasswordAuthentication\ yes/PasswordAuthentication\ no/g;s/PermitRootLogin\ yes/PermitRootLogin\ without-password/g' /etc/ssh/sshd_config.dpkg-old > /etc/ssh/$sshfile
	acceptenv=0
	if [ -f /etc/ssh/$sshfile ]; then
        	if egrep -q '^AcceptEnv[[:space:]]*LANG LC_\*' /etc/ssh/$sshfile; then
                	acceptenv=1
        	fi
        	if [ $acceptenv -eq 0 ]; then
                	sed -e '/^.*AcceptEnv.*$/d' /etc/ssh/$sshfile > /tmp/$sshfile
                	echo '# Allow client to pass locale environment variables' \
                 	 >> /tmp/$sshfile
                	echo '#RT477338' >> /tmp/$sshfile
                	echo 'AcceptEnv LANG LC_*' >> /tmp/$sshfile
			cp /tmp/$sshfile /etc/ssh
			chmod 644 /etc/ssh/$sshfile
			rm /tmp/$sshfile
		fi
		if ! egrep -q '^PermitUserEnvironment.*$' /etc/ssh/$sshfile; then
			echo '#RT471027' >> /etc/ssh/$sshfile
			echo 'PermitUserEnvironment yes' >> /etc/ssh/$sshfile
		fi
	fi
        /etc/init.d/ssh reload
        [ -d ~sysadm/.ssh ] || mkdir ~sysadm/.ssh
        [ -f ~sysadm/.ssh/authorized_keys ] && mv ~sysadm/.ssh/authorized_keys ~sysadm/.ssh/authorized_keys.old
        cp /etc/default/authorized_keys.sysadm ~sysadm/.ssh/authorized_keys
        chown -R sysadm:sysadm ~sysadm
	# inputrc
	cp /etc/inputrc /etc/inputrc.dpkg-old
	sed -e 's/^# "\\e\[5~": beginning-of-history/"\\e\[5~": beginning-of-history/g;s/^# "\\e\[6~": end-of-history/"\\e\[6~": end-of-history/g' /etc/inputrc.dpkg-old > /etc/inputrc
	# alten cron.daily entfernen
	[ -f /etc/cron.daily/noris-apt ] && rm /etc/cron.daily/noris-apt
        # syslog 90 tage rotieren
        if [ -f /etc/cron.daily/sysklogd ] ; then
                cp /etc/cron.daily/sysklogd /etc/cron.daily/sysklogd.dpkg-old
                sed -e 's/\-c 7/\-c 90/g' /etc/cron.daily/sysklogd.dpkg-old > /etc/cron.daily/sysklogd
	fi
        # noris collectd config verwenden
        if ! grep -q '^CONFIGFILE' /etc/default/collectd; then
		echo 'CONFIGFILE="/etc/collectd/noris.conf"' >> /etc/default/collectd
		/etc/init.d/collectd restart
	fi
	if ! grep -q '^apt-update' /etc/aliases; then
		echo "apt-update: server-update@noris.net" >> /etc/aliases
	fi
	# /etc/sudoers pimpen; RT#477273
	grep -e "^sysadm ALL = (root) NOPASSWD: \/bin\/false" /etc/sudoers > /dev/null || \
	echo "sysadm ALL = (root) NOPASSWD: /bin/false" >> /etc/sudoers
	# .bash_profile im sysadm home pimpen
	if [ -f ~sysadm/.bash_profile ]; then
		grep -e "\[ -f \/usr\/sbin\/logname.sh \] && \. \/usr\/sbin\/logname.sh" ~sysadm/.bash_profile > /dev/null || \
		echo "[ -f /usr/sbin/logname.sh ] && . /usr/sbin/logname.sh" >> ~sysadm/.bash_profile
		grep -e "\[ -f \/usr\/bin\/sudo ] && \/usr\/bin\/sudo -l" ~sysadm/.bash_profile > /dev/null || \
		echo "[ -f /usr/bin/sudo ] && /usr/bin/sudo -l" >> ~sysadm/.bash_profile
	else
		cp /etc/default/bash_profile.sysadm ~sysadm/.bash_profile
		chown sysadm:sysadm ~sysadm/.bash_profile
	fi
	# local1.* nach /car/log/entwicklung; RT#490612
	if [ -f /etc/syslog.conf ]; then
		if ! grep -q '^local1.\*' /etc/syslog.conf; then
			echo '# local1.* to /var/log/entwicklung; RT#490612' >> /etc/syslog.conf
			echo "local1.*	-/var/log/entwicklung" >> /etc/syslog.conf
			/etc/init.d/sysklogd reload
		fi
	fi
	if [ -f /etc/syslog-ng/syslog-ng.conf ]; then
		if ! grep -q '^destination entwicklung.*' /etc/syslog-ng/syslog-ng.conf; then
			echo '# local1.* to /var/log/entwicklung; RT#490612' >> /etc/syslog-ng/syslog-ng.conf
			echo 'destination entwicklung { file("/var/log/entwicklung" owner("root") group("adm") perm(0640)); };' >> /etc/syslog-ng/syslog-ng.conf
			echo 'filter f_entwicklung { facility(local1); };' >> /etc/syslog-ng/syslog-ng.conf
			echo 'log { source(src); filter(f_entwicklung); destination(entwicklung); };' >> /etc/syslog-ng/syslog-ng.conf
			/etc/init.d/syslog-ng reload
		fi
	fi



	# TEMPORAER; itchy fragen
	echo -e "removing check_backup from /etc/nrpe.cfg; not more in use"
	cp /etc/nrpe.cfg /etc/nrpe.cfg.dpkg-old
	grep -ve "^command\[check_backup\]" /etc/nrpe.cfg.dpkg-old > /etc/nrpe.cfg
	echo -e "removing gorleben stuff from /etc/hosts"
	cp /etc/hosts /etc/hosts.dpkg-old
        grep -ve "^10...0.100" /etc/hosts.dpkg-old > /etc/hosts
	echo -e "removing omni stuff from /etc/services"
	cp /etc/services /etc/services.dpkg-old
	grep -ve "^omni.*5555" /etc/services.dpkg-old > /etc/services
	echo -e "removing omni stuff from /etc/inetd.conf"
	cp /etc/inetd.conf /etc/inetd.conf.dpkg-old
	grep -ve "^omni" /etc/inetd.conf.dpkg-old > /etc/inetd.conf
	[ -x /etc/init.d/openbsd-inetd ] && /etc/init.d/openbsd-inetd restart

	echo -e "#!/bin/bash\nexit 0" > /var/lib/dpkg/info/ob2-core.prerm
	echo -e "#!/bin/bash\nexit 0" > /var/lib/dpkg/info/ob2-da.prerm

	# RT#558288
	if [ "`hostname`" != "vserver" ] && [ "`hostname`" != "vserver1" ]; then
		if sysctl vm.mmap_min_addr; then
			echo "vm.mmap_min_addr bekannt"
			if [ "`sysctl -n vm.mmap_min_addr`" == "0" ]; then
				echo "setze vm.mmap_min_addr auf 4096"
				sysctl -w vm.mmap_min_addr=4096 && \
				echo "vm.mmap_min_addr=4096" >> /etc/sysctl.conf
			fi
		fi
	fi


    ;;

    abort-upgrade|abort-remove|abort-deconfigure)
    ;;

    *)
	echo "postinst called with unknown argument \`$1'" >&2
	exit 1
    ;;
esac


# dh_installdeb will replace this with shell code automatically
# generated by other debhelper scripts.

#DEBHELPER#

exit 0


