#!/bin/bash
# v 1.04
# 2025-09-03

# Defaults
. /etc/ntools/mail-config

#DKIMROOT="/var/lib/rspamd/dkim"
#DDFILE="/etc/rspamd/local.d/dkim_domains.map"
#DSFILE="/etc/rspamd/local.d/dkim_selectors.map"

function usage() {
cat << EOF
usage $0 [options] <action> [domain]

This script manage a mail domains

ACTIONS
  add
  del
  list
  enable
  disable

OPTIONS
  -h         Show this message
  -x         Add disabled
  -v         Verbose
EOF
	exit
}

function add_domain() {
	local DOM
	local ACTIVE
	DOM="$1"
	if [ -n "$DISABLED" ]; then
		ACTIVE='FALSE'
	else
		ACTIVE='TRUE'
	fi
	local LDIF
	LDIF=$(cat<<EOF
dn: mailDomain=${DOM},${LDAP_DOMAINS_DN}
changetype: add
objectClass: mailDomain
active: ${ACTIVE}
mailDomain: ${DOM}
EOF
	)
	local RESULT
	if ! RESULT=$(echo "$LDIF" | ldapmodify -x -w "${LDAP_BIND_PASSWORD}" -D "${LDAP_BIND_DN}"); then
		echo "Error! Can't add domain to ldap"
		exit 1
	fi
	[ "$VERBOSE" ] && echo "$RESULT"
# Add DKIM
#	mkdir -m 750 -p "$DKIMROOT"
#	chown rspamd:rspamd "$DKIMROOT"
#	cd "$DKIMROOT" || exit 1
#	if [ -f "${DOM}.mail.private" ]; then
#		echo "DKIM key for domain ${DOM} already exists."
#        read -p "Do you wish to replace it by new key? (y/N): " -r
#
#        if ! [[ "$REPLY" =~ ^[yY]$ ]]; then
#                exit 1
#        fi
#	fi
#
#	rspamadm dkim_keygen -s 'mail' -b 4096 -d "$DOM" -k "${DOM}.mail.private" > "${DOM}.mail.public"
#
#	grep "^#*${DOM}[[:blank:]]" "$DDFILE" && sed -i "s|^#\?\s*\(${DOM}\s\+\).*$|\1 ${DKIMROOT}/${DOM}.mail.private|" "$DDFILE" || echo "${DOM}	${DKIMROOT}/${DOM}.mail.private" >>"$DDFILE"
#	grep "^#*${DOM}[[:blank:]]" "$DSFILE" && sed -i "s|^#\?\s*\(${DOM}\s\+\).*$|\1 mail|" "$DSFILE" || echo "${DOM}	mail" >>"$DSFILE"
}

function del_domain() {
	local DOM
	DOM="$1"
	local RESULT
	RESULT=$(ldapsearch -x -w "$LDAP_BIND_PASSWORD" -b "${LDAP_USERS_DN}" -D "${LDAP_BIND_DN}" -LLL "(&(objectClass=mailAccount)(mailDomain=${DOM}))" uid)
	if [ -n "$RESULT" ]; then
		echo "Error! Domain contains mailboxes."
		exit 1
	fi
	if ! RESULT=$(cat <<EOF | ldapmodify -x -w "${LDAP_BIND_PASSWORD}" -D "${LDAP_BIND_DN}"
dn: mailDomain=${DOM},${LDAP_DOMAINS_DN}
changetype: delete
EOF
	); then
		echo "Error! Can't delete domain from ldap"
		exit 1
	fi
	[ "$VERBOSE" ] && echo "$RESULT"
# Remove DKIM
#	sed -i "s|^\s*\(${DOM}\s\+.*\)$|#\1|" "$DDFILE"
#	sed -i "s|^\s*\(${DOM}\s\+.*\)$|#\1|" "$DSFILE"
}

function disable_domain() {
	local DOM
	DOM="$1"
	local RESULT
	RESULT=$(cat <<EOF | ldapmodify -x -w "${LDAP_BIND_PASSWORD}" -D "${LDAP_BIND_DN}"
dn: mailDomain=${DOM},${LDAP_DOMAINS_DN}
changetype: modify
replace: active
active: FALSE
EOF
	)
	[ "$VERBOSE" ] && echo "$RESULT"
}

function enable_domain() {
	local DOM
	DOM="$1"
	local RESULT
	RESULT=$(cat <<EOF | ldapmodify -x -w "${LDAP_BIND_PASSWORD}" -D "${LDAP_BIND_DN}"
dn: mailDomain=${DOM},${LDAP_DOMAINS_DN}
changetype: modify
replace: active
active: TRUE
EOF
	)
	[ "$VERBOSE" ] && echo "$RESULT"
}

function list_domains() {
	local DOMAINS
	DOMAINS=$(ldapsearch -x -w "$LDAP_BIND_PASSWORD" -b "${LDAP_DOMAINS_DN}" -D "${LDAP_BIND_DN}" -LLL "(objectClass=mailDomain)" mailDomain | grep -e '^mail' | cut -d':' -f2 | sort)
	echo "Domains:"
	for cdom in $DOMAINS; do
		local ACTIVE
		ACTIVE=$(ldapsearch -x -w "$LDAP_BIND_PASSWORD" -b "${LDAP_DOMAINS_DN}" -D "${LDAP_BIND_DN}" -LLL "(&(objectClass=mailDomain)(mailDomain=${cdom}))" active | grep -e '^active' | cut -d':' -f2)
		local STATE
		STATE='unknown'
		[ "$ACTIVE" == " TRUE" ] && STATE='active'
		[ "$ACTIVE" == " FALSE" ] && STATE='inactive'
		echo "  ${cdom} - $STATE"
	done
	echo
}

while getopts ":hxv" OPTION; do
	case $OPTION in
		h)
			usage
		;;
		v)
			VERBOSE=1
		;;
		x)
			DISABLED=1
		;;
		\?)
			echo "Invalid option: -$OPTARG" >&2
			usage
		;;
		:)
			echo "Option -$OPTARG requires an argument." >&2
			usage
		;;
	esac
done

shift $((OPTIND -1))

ACTION=$1
shift
case $ACTION in
	add)
		MAIL_DOM="$1"
		[ -z "$MAIL_DOM" ] && usage
		[ -n "$2" ] && usage
		add_domain "$@"
	;;
	del)
		MAIL_DOM="$1"
		[ -z "$MAIL_DOM" ] && usage
		[ -n "$2" ] && usage
		del_domain "${MAIL_DOM}"
	;;
	disable)
		MAIL_DOM="$1"
		[ -z "$MAIL_DOM" ] && usage
		[ -n "$2" ] && usage
		disable_domain "${MAIL_DOM}"
	;;
	enable)
		MAIL_DOM="$1"
		[ -z "$MAIL_DOM" ] && usage
		[ -n "$2" ] && usage
		enable_domain "${MAIL_DOM}"
	;;
	list)
		list_domains
	;;
	*)
		usage
	;;
esac

