#!/bin/sh
#
# This script is designed to enable the zabbix-vpn system account at agent
# startup if zabbix_agentd is configured to use the "sshtunnel" config
# alternative.
#
# If the sshtunnel config is not in use this script will instead ensure that
# the zabbix-vpn tunnel user is not active
#

VPNUSER=zabbix-vpn

AGENTCONF=$(readlink -f /etc/zabbix/noggin/agent.conf)
if [ "x$AGENTCONF" == "x/etc/zabbix/noggin/agent-sshtunnel.conf" ]; then
  passwd -u ${VPNUSER} >&/dev/null
  chsh -s /bin/false ${VPNUSER} >&/dev/null
  if getent group auth-by-key >/dev/null; then
    gpasswd -a zabbix-vpn auth-by-key
  fi
else 
  passwd -l ${VPNUSER} >&/dev/null
  chsh -s /sbin/nologin ${VPNUSER} >&/dev/null
  if getent group auth-by-key >/dev/null; then
    gpasswd -d zabbix-vpn auth-by-key
  fi
fi
