#!/sbin/openrc-run

description="Bee: configure SSH access (keys or password fallback)"

depend() {
    need localmount
    before dropbear
}

start() {
    # Always create dedicated 'bee' user for password fallback.
    # If no SSH keys embedded: login with bee / eeb
    if ! id bee > /dev/null 2>&1; then
        adduser -D -s /bin/sh bee > /dev/null 2>&1
    fi
    printf 'eeb\neeb\n' | passwd bee > /dev/null 2>&1

    if [ -f /etc/bee-ssh-password-fallback ]; then
        ebegin "SSH key auth unavailable — password fallback active"
        ewarn "Login: bee / eeb"
        ewarn "Generate a key: sh keys/scripts/keygen.sh <name>"
        eend 0
    else
        ebegin "SSH key auth configured"
        # bee user exists but password login less useful when keys work
        eend 0
    fi
}
