#!/usr/bin/bash

# If we don't have an authseed yet, generate a random one...
if [ ! -s /etc/sysconfig/authseed ]; then
    touch /etc/sysconfig/authseed
    chown root:root /etc/sysconfig/authseed
    chmod 0600 /etc/sysconfig/authseed
    mkpasswd -l 42 -c 12 -C 12 -d 12 -s 0 \
      | sed -re 's/(......)/\1-/g' -e 's/-$//g' \
      >/etc/sysconfig/authseed
fi

# Only (re)generate the sshd keys if we're managing the ssh config
SSHD_IMMUTABLE=$(lsattr /etc/ssh/sshd_config | cut -c 5)
if [ "$SSHD_IMMUTABLE" != "i" ]; then
    /usr/libexec/ng-server-config/sshd-keygen --force
fi
