#!/usr/bin/env bash
set -euo pipefail

FILESVC_UID="${FILESVC_UID:-10050}"
FILESVC_GID="${FILESVC_GID:-10050}"

if ! getent group filesvc >/dev/null 2>&1; then
  groupadd -g "${FILESVC_GID}" filesvc
fi

if ! id filesvc >/dev/null 2>&1; then
  useradd -u "${FILESVC_UID}" -g filesvc -M -s /usr/sbin/nologin filesvc
fi

if [ -n "${DOMAIN_REALM:-}" ]; then
  cat > /etc/krb5.conf <<EOF
[libdefaults]
  default_realm = ${DOMAIN_REALM}
  dns_lookup_realm = true
  dns_lookup_kdc = true
EOF
fi

if [ -f /etc/samba/smb.conf.template ]; then
  envsubst < /etc/samba/smb.conf.template > /etc/samba/smb.conf
fi

if ! grep -q "winbind" /etc/nsswitch.conf; then
  sed -i 's/^passwd:.*/& winbind/' /etc/nsswitch.conf
  sed -i 's/^group:.*/& winbind/' /etc/nsswitch.conf
fi

mkdir -p /samba-generated
touch /samba-generated/shares.generated.conf
ln -sf /samba-generated/shares.generated.conf /etc/samba/shares.generated.conf

if [ ! -f /var/lib/samba/private/secrets.tdb ]; then
  if [ -z "${DOMAIN_JOIN_USER:-}" ] || [ -z "${DOMAIN_JOIN_PASSWORD:-}" ]; then
    echo "DOMAIN_JOIN_USER and DOMAIN_JOIN_PASSWORD must be set to join the domain." >&2
    exit 1
  fi
  echo "Joining AD domain ${DOMAIN_REALM}..."
  net ads join -U "${DOMAIN_JOIN_USER}%${DOMAIN_JOIN_PASSWORD}"
fi

winbindd -F &
WINBIND_PID=$!

smbd -F &
SMBD_PID=$!

/usr/local/bin/watch-reload &
WATCH_PID=$!

trap 'kill ${WINBIND_PID} ${SMBD_PID} ${WATCH_PID}' TERM INT

wait -n ${WINBIND_PID} ${SMBD_PID} ${WATCH_PID}