%define debug_package %{nil}

Name:           %(make name)
Version:        %(make version)
Release:        %(make release)
Summary:        %(make summary)
License:        %(make license)
URL:            %(make url)

Source0:        %(make source0)
Buildarch:      %(make arch)
BuildRequires:  make
Requires:       netoik-rp netoik-db vaultwarden

%description
Install the secrets vault called vaultwarden with a predefined configuration.

%prep
%autosetup -v

%install
%make_install

%post
# Display commands and exit on error
set -xe

# Change rights of config file
chgrp vaultwarden %{_sysconfdir}/vaultwarden/netoik_vaultwarden.cfg

# Add vaultwarden user to postgres group
usermod --groups postgres --append vaultwarden

# Create postgres user and db
if ! runuser --user=postgres -- psql --quiet --tuples-only --command='\du' | grep --quiet vaultwarden; then
  runuser --user=postgres -- createuser vaultwarden
fi
if ! runuser --user=postgres -- psql --quiet --tuples-only --command='\l' | grep --quiet vaultwarden; then
  runuser --user=postgres -- createdb --owner=vaultwarden vaultwarden
fi

# Restart services
systemctl daemon-reload
systemctl reenable nginx.service vaultwarden.service
systemctl restart nginx.service vaultwarden.service

%postun
# Display commands and exit on error
set -xe

# If uninstalling, then delete users and db
if [ $1 == 0 ]; then
  # Remove gitea database if existing
  if runuser --user=postgres -- psql --quiet --tuples-only --command='\l' | grep --quiet vaultwarden; then
    runuser --user=postgres -- dropdb vaultwarden
  fi
  if runuser --user=postgres -- psql --quiet --tuples-only --command='\du' | grep --quiet vaultwarden; then
    runuser --user=postgres -- dropuser vaultwarden
  fi
fi

%files
%attr(644, root, root) %{_sysconfdir}/nginx/conf.d/vault.netoik.io.conf
%attr(640, root, -) %{_sysconfdir}/vaultwarden/netoik_vaultwarden.cfg

%dir %attr(755, root, root) %{_unitdir}/vaultwarden.service.d
%attr(644, root, root) %{_unitdir}/vaultwarden.service.d/vaultwarden.conf

%changelog
%autochangelog