#!/bin/sh /etc/rc.common

START=95
STOP=10
USE_PROCD=1

PROG="/usr/bin/peervpnd"
UCI_CONFIG="lionvpn"
UCI_SECTION="main"
CONFIG_JSON="/var/etc/lionvpn/peervpnd.json"

extra_command "doctor" "Generate config and run peervpnd preflight"
extra_command "print_config" "Print generated peervpnd JSON config"

json_escape() {
	printf '%s' "$1" | sed 's/\\/\\\\/g; s/"/\\"/g'
}

uci_string() {
	local __var="$1"
	local __option="$2"
	local __default="$3"
	config_get "$__var" "$UCI_SECTION" "$__option" "$__default"
}

load_lionvpn_config() {
	config_load "$UCI_CONFIG"
	config_get_bool enabled "$UCI_SECTION" enabled 0
}

generate_config() {
	load_lionvpn_config
	if [ "$enabled" != "1" ]; then
		echo "lionvpn is disabled in /etc/config/lionvpn" >&2
		return 1
	fi

	uci_string socket_path socket_path "/var/run/peervpn/peervpnd.sock"
	uci_string access_url access_url ""
	uci_string access_protocol access_protocol "socks"
	uci_string xray_binary xray_binary "/usr/lib/lionvpn/runtime/xray"
	uci_string tun2socks_binary tun2socks_binary "/usr/lib/lionvpn/runtime/tun2socks"
	uci_string state_dir state_dir "/etc/peervpn/state"
	uci_string tun_name tun_name "peervpn0"
	uci_string tun_address tun_address "10.128.225.1/32"
	uci_string tun_mtu tun_mtu "1350"
	uci_string dns_servers dns_servers "1.1.1.1,8.8.8.8"
	uci_string kill_switch_mode kill_switch_mode "nft"
	uci_string gateway_lan_interface gateway_lan_interface "br-lan"
	uci_string gateway_lan_cidr gateway_lan_cidr "192.168.50.0/24"
	uci_string gateway_dns_listen gateway_dns_listen "192.168.50.1:53"

	case "$tun_mtu" in
		''|*[!0-9]*) tun_mtu="1350" ;;
	esac

	mkdir -p "$(dirname "$CONFIG_JSON")" "$(dirname "$socket_path")" "$state_dir" /etc/peervpn
	chmod 0755 "$(dirname "$CONFIG_JSON")" "$(dirname "$socket_path")" /etc/peervpn
	chmod 0700 "$state_dir"

	cat > "$CONFIG_JSON" <<EOF
{
  "socket_path": "$(json_escape "$socket_path")",
  "access_url": "$(json_escape "$access_url")",
  "access_protocol": "$(json_escape "$access_protocol")",
  "xray_binary": "$(json_escape "$xray_binary")",
  "tun2socks_binary": "$(json_escape "$tun2socks_binary")",
  "tun2socks_mode": "external",
  "state_dir": "$(json_escape "$state_dir")",
  "tun_name": "$(json_escape "$tun_name")",
  "tun_mode": "open",
  "tun_address": "$(json_escape "$tun_address")",
  "tun_mtu": $tun_mtu,
  "dns_mode": "disabled",
  "dns_servers": "$(json_escape "$dns_servers")",
  "netops_mode": "apply",
  "kill_switch_mode": "$(json_escape "$kill_switch_mode")",
  "gateway_mode": "router",
  "gateway_lan_interface": "$(json_escape "$gateway_lan_interface")",
  "gateway_lan_cidr": "$(json_escape "$gateway_lan_cidr")",
  "gateway_dns_listen": "$(json_escape "$gateway_dns_listen")",
  "runtime_deps_manifest": "",
  "runtime_deps_signature": "",
  "runtime_deps_public_key": "",
  "runtime_deps_root": "",
  "runtime_deps_target": ""
}
EOF
	chmod 0600 "$CONFIG_JSON"
}

start_service() {
	load_lionvpn_config
	if [ "$enabled" != "1" ]; then
		echo "lionvpn is disabled in /etc/config/lionvpn"
		return 0
	fi

	generate_config
	procd_open_instance
	procd_set_param command "$PROG" -config "$CONFIG_JSON"
	procd_set_param file /etc/config/lionvpn "$CONFIG_JSON"
	procd_set_param respawn 3600 5 5
	procd_set_param stdout 1
	procd_set_param stderr 1
	procd_close_instance
}

service_triggers() {
	procd_add_reload_trigger "$UCI_CONFIG"
}

reload_service() {
	stop
	start
}

doctor() {
	generate_config
	"$PROG" -config "$CONFIG_JSON" -doctor
}

print_config() {
	generate_config
	cat "$CONFIG_JSON"
}
