VAR_LIB=/var/lib/nordlayer
NORDLAYER_RESOLVCONF=/usr/bin/nordlayer-resolvconf

post_install() {

  # Allow the daemon executable to bind to port 500 and administer network
  setcap CAP_NET_BIND_SERVICE,CAP_NET_ADMIN,CAP_NET_RAW+eip /usr/bin/nordlayerd
  setcap CAP_NET_BIND_SERVICE,CAP_NET_ADMIN,CAP_NET_RAW+eip /usr/bin/nordlayer-openvpn

 groupadd -r -f nordlayer
 groupadd -r -f nordlayer-resolve

  if ! id "nordlayer" >/dev/null 2>&1; then
    useradd -s /usr/bin/nologin -c "Used for running NordLayer" -r -M -d /run/nordlayer -g nordlayer nordlayer
  fi

  usermod -a -G nordlayer-resolve nordlayer

  mkdir -p ${VAR_LIB}
  chmod 0770 -R ${VAR_LIB}
  chown nordlayer:nordlayer -R ${VAR_LIB}

  chown root:nordlayer-resolve ${NORDLAYER_RESOLVCONF}
  chmod 4750 ${NORDLAYER_RESOLVCONF}

  # Reload config
  systemctl daemon-reload

  # Create tmpfiles
  systemd-tmpfiles --create

  # Start service on boot
  systemctl enable nordlayer.socket
  systemctl enable nordlayer.service

  # Restart service now
  systemctl start nordlayer.socket
  systemctl start nordlayer.service

}

post_upgrade() {
  post_install
}

pre_remove() {

  rm -rf ${VAR_LIB}
  systemctl disable nordlayer.service
  systemctl disable nordlayer.socket

  systemctl stop nordlayer.service
  systemctl stop nordlayer.socket
}