#!/bin/sh
#
# /usr/local/sbin/localrmstaleaccounts
# Copyright 2012, 2014, 2019 Jonas Smedegaard <dr@jones.dk>
#
# Remove unused user accounts
#
# TODO: collect all indicators before making a verdict
# TODO: ask before actual removal, listing reasons, unless --force

set -e

PRG=$(basename "$0")

exit1() {
	echo >&2 "ERROR: $1"
	exit 1
}

TEMP=$(getopt -s sh -o vqnh --long verbose,quiet,dry-run,help -n "$PRG" -- "$@") || exit1 "Internal getopt error"
eval set -- "$TEMP"

usage() {
	cat <<EOF >&2
Usage: $PRG [opts...] USER [USER...]

 -v, --verbose               increase verbosity
 -q, --quiet                 suppress non-error messages
 -n, --dry-run               perform a trial run with no changes made
 -h, --help                  show this help
EOF
	exit 0
}

VERBOSE=
QUIET=
DRY_RUN=
while true ; do
	case "$1" in
		-v|--verbose) VERBOSE=1; shift;;
		-q|--quiet) QUIET=1; shift;;
		-n|--dry-run) DRY_RUN=1; shift;;
		-h|--help) usage;;
		--) shift; break;;
		*) exit1 "Internal getopt parsing error";;
	esac
done

warn() {
	[ -n "$QUIET" ] || echo >&2 "WARNING: $1"
}

info() {
	[ -n "$QUIET" ] || [ -z "$VERBOSE" ] || echo >&2 "INFO: $1"
}

remove_account() {
	warn "Removing user $1: $2"
	[ -n "$DRY_RUN" ] || localrmaccount "$1" "$2"
}

for user in "$@"; do
	home=$(getent passwd "$user" | cut -d: -f6)
	if [ -z "$home" ]; then
		warn "Skipping user $user: failed resolving homedir"
	elif [ -e "$home/.forward" ]; then
		warn "Skipping user $user: Email gets forwarded"
	elif [ ! -d "$home/Maildir" ]; then
		warn "Skipping user $user: Missing Maildir"
	elif [ -d "/var/www/vhosts/$user" ]; then
		warn "Skipping user $user: Web hosting at /var/www/vhosts"
	elif grep -q "$home" /etc/apache2/sites-enabled/*.conf; then
		warn "Skipping user $user: Web hosting below /etc/apache2/sites-enabled"
	elif postalias -s /etc/aliases | grep -qP ':\s+'"$user"'$'; then
		warn "Skipping user $user: target in /etc/aliases"
	elif find -- /var/lib/radicale/collections/collection-root -maxdepth 1 -type d -name "$user" -not -empty  | grep -q '^'; then
		warn "Skipping user $user: Uses Radicale"
	elif doveadm search -u "$user" MAILBOX INBOX SAVEDBEFORE 52weeks NEW | grep -q . && ! doveadm search -u "$user" MAILBOX INBOX SAVEDSINCE 52weeks \( NOT NEW \) | grep -q .; then
		remove_account "$user" "new mail in INBOX untouched for a year, and none touched more recently"
	else
		info "Skipping user $user"
	fi
done