# vim: ft=sh ts=4 sw=4 et

post_install () {
    getent passwd vault > /dev/null || useradd \
        -s /bin/nologin -c 'Vault daemon' -d /var/lib/vault -M -r -U vault
    if [[ ! -d /var/lib/vault ]] ; then
        mkdir /var/lib/vault
        chown vault:vault /var/lib/vault
    fi
    setcap cap_ipc_lock=+ep /usr/bin/vault
}

post_upgrade () {
    if [[ -d /var/lib/vault ]] ; then
        local badperms=false
        while read -r path ; do
            if [[ $(stat --format=%U:%G "${path}") != vault:vault ]]
            then
                badperms=true
                break
            fi
        done < <( find /var/lib/vault )
        if ${badperms} ; then
            echo 'Bad permissions detected in /var/lib/vault, fixing...'
            chown -R vault:vault /var/lib/vault
        fi
    fi
    post_install
}