#!/bin/bash
#
# Update PKI nssdb files in users' homedirs.
#

set -e

BASE_HOME=/skole/tjener
for dir in "$BASE_HOME"/*/*; do
    # Skip if not a directory
    test -d "$dir" || continue

    # Extract username and check existence
    username=${dir##*/}
    id "$username" >/dev/null 2>&1 || continue

    if [ -d "$dir/.pki/nssdb" ] ; then
        su - $username sh -c 'certutil  -A -d sql:$HOME/.pki/nssdb/ -t "CT,CT," -n "DebianEdu" -i /etc/ssl/certs/Debian-Edu_rootCA.crt'
    fi
    logger -t update-cert-dbs "Updated PKI nssdb files for user $username in $dir"
done
