#!/bin/sh

set -e

BASE_HOME=/skole/tjener
for dir in "$BASE_HOME"/*/*; do
    # Skip if not a directory
    test -d "$dir" || continue

    # Extract username and check existence
    username=${dir##*/}
    id "$username" >/dev/null 2>&1 || continue

    if [ -d "$dir/.pki/nssdb" ] ; then
        su - $username sh -c 'certutil  -A -d sql:$HOME/.pki/nssdb/ -t "CT,CT," -n "DebianEdu" -i /etc/ssl/certs/Debian-Edu_rootCA.crt'
    else
        mkdir -p $dir/.pki/nssdb
        chmod -R 700 $dir/.pki/nssdb
        chown -R $i:$i $dir/.pki/nssdb
        certutil  -A -d sql:$dir/.pki/nssdb/ -t "CT,CT," -n "DebianEdu" -i /etc/ssl/certs/Debian-Edu_rootCA.crt
    fi
    logger -t create-user-nssdb -p notice PKI nssdb files created in $dir.
done

exit 0
