#!/bin/sh

if ! uci -q get openvpn.myvpn >/dev/null 2>&1; then
	uci -q batch <<-'EOF' >/dev/null
		set openvpn.myvpn=openvpn
		set openvpn.myvpn.enabled='0'
		set openvpn.myvpn.proto='tcp-server'
		set openvpn.myvpn.port='1194'
		set openvpn.myvpn.ddns='example.com'
		set openvpn.myvpn.dev='tun'
		set openvpn.myvpn.topology='subnet'
		set openvpn.myvpn.server='10.8.0.0 255.255.255.0'
		set openvpn.myvpn.comp_lzo='adaptive'
		set openvpn.myvpn.ca='/etc/openvpn/pki/ca.crt'
		set openvpn.myvpn.dh='/etc/openvpn/pki/dh.pem'
		set openvpn.myvpn.cert='/etc/openvpn/pki/server.crt'
		set openvpn.myvpn.key='/etc/openvpn/pki/server.key'
		set openvpn.myvpn.persist_key='1'
		set openvpn.myvpn.persist_tun='1'
		set openvpn.myvpn.user='nobody'
		set openvpn.myvpn.group='nogroup'
		set openvpn.myvpn.max_clients='10'
		set openvpn.myvpn.keepalive='10 120'
		set openvpn.myvpn.verb='3'
		set openvpn.myvpn.status='/var/log/openvpn_status.log'
		set openvpn.myvpn.log='/tmp/openvpn.log'
		add_list openvpn.myvpn.push='route 192.168.1.0 255.255.255.0'
		add_list openvpn.myvpn.push='comp-lzo adaptive'
		add_list openvpn.myvpn.push='redirect-gateway def1 bypass-dhcp'
		add_list openvpn.myvpn.push='dhcp-option DNS 192.168.1.1'
		commit openvpn
EOF
fi

openvpn_port="$(uci -q get openvpn.myvpn.port)"
[ -z "$openvpn_port" ] && openvpn_port=1194

uci -q batch <<-EOF >/dev/null
	delete network.vpn0
	set network.vpn0=interface
	set network.vpn0.device='tun0'
	set network.vpn0.proto='none'

	commit network

	delete firewall.openvpn
	set firewall.openvpn=rule
	set firewall.openvpn.name='openvpn'
	set firewall.openvpn.target='ACCEPT'
	set firewall.openvpn.src='wan'
	set firewall.openvpn.proto='tcp udp'
	set firewall.openvpn.dest_port="$openvpn_port"

	delete firewall.vpn
	set firewall.vpn=zone
	set firewall.vpn.name='vpn'
	set firewall.vpn.input='ACCEPT'
	set firewall.vpn.forward='ACCEPT'
	set firewall.vpn.output='ACCEPT'
	set firewall.vpn.masq='1'
	set firewall.vpn.network='vpn0'

	delete firewall.vpntowan
	set firewall.vpntowan=forwarding
	set firewall.vpntowan.src='vpn'
	set firewall.vpntowan.dest='wan'

	delete firewall.vpntolan
	set firewall.vpntolan=forwarding
	set firewall.vpntolan.src='vpn'
	set firewall.vpntolan.dest='lan'

	delete firewall.lantovpn
	set firewall.lantovpn=forwarding
	set firewall.lantovpn.src='lan'
	set firewall.lantovpn.dest='vpn'

	commit firewall
EOF

mkdir -p /etc/openvpn/pki

[ "$(uci -q get openvpn.myvpn.ca)" = "/etc/openvpn/ca.crt" ] && \
	uci -q set openvpn.myvpn.ca='/etc/openvpn/pki/ca.crt'
[ "$(uci -q get openvpn.myvpn.dh)" = "/etc/openvpn/dh.pem" ] && \
	uci -q set openvpn.myvpn.dh='/etc/openvpn/pki/dh.pem'
[ "$(uci -q get openvpn.myvpn.cert)" = "/etc/openvpn/server.crt" ] && \
	uci -q set openvpn.myvpn.cert='/etc/openvpn/pki/server.crt'
[ "$(uci -q get openvpn.myvpn.key)" = "/etc/openvpn/server.key" ] && \
	uci -q set openvpn.myvpn.key='/etc/openvpn/pki/server.key'

uci -q commit openvpn

rm -f /tmp/luci-indexcache
exit 0
