#!/sbin/openrc-run
# Copyright 1999-2014 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Id$

depend() {
	use net
	before dns
	after logger
	provide cryptodns
}

DAEMON=/usr/sbin/dnscrypt-proxy

NAME="${SVCNAME#dnscrypt-proxy}"
NAME="${NAME#.}"

DNSCRYPT_MODE=${DNSCRYPT_MODE,,}
DNSCRYPT_LOGGER=${DNSCRYPT_LOGGER:-/var/log/${SVCNAME}.log}
DNSCRYPT_USER=${DNSCRYPT_USER:-dnscrypt}
DNSCRYPT_GROUP=${DNSCRYPT_GROUP:-dnscrypt}
DNSCRYPT_RESOLVER_NAME=${DNSCRYPT_RESOLVER_NAME:-${NAME}}
DNSCRYPT_RESOLVERS_FILE=${DNSCRYPT_RESOLVERS_FILE:-/usr/share/dnscrypt-proxy/dnscrypt-resolvers.csv}

rundir=/var/run/${SVCNAME}
pidfile="$rundir/dnscrypt-proxy.pid"
outfile="$rundir/out.log"

declare -a LINES

# retval
elines() {
    local l
    for l in "${LINES[@]}"; do
		[[ $1 -eq 0 ]] && einfo "$l" || eerror "$l"
	done
    return 0
}

check() {
	if [[ $DNSCRYPT_MODE == 'name' ]]; then
		[[ -n $DNSCRYPT_RESOLVER_NAME ]] || LINES+=("DNSCRYPT_RESOLVER_NAME not set")
		[[ -s "$DNSCRYPT_RESOLVERS_FILE" ]] || LINES+=("DNSCRYPT_RESOLVERS_FILE not set or not a non-empty file: '$DNSCRYPT_RESOLVERS_FILE'")
	elif [[ $DNSCRYPT_MODE == 'ip' ]]; then
		[[ -n $DNSCRYPT_PROVIDER_ADDRESS ]] || LINES+=("DNSCRYPT_PROVIDER_ADDRESS not set")
		[[ -n $DNSCRYPT_PROVIDER_NAME ]] || LINES+=("DNSCRYPT_PROVIDER_NAME not set")
		[[ -n $DNSCRYPT_PROVIDER_KEY ]] || LINES+=("DNSCRYPT_PROVIDER_KEY not set")
	else
		LINES+=("invalid DNSCRYPT_MODE: '$DNSCRYPT_MODE', expected 'name' or 'ip'")
	fi
	[[ -n $DNSCRYPT_LOCAL_ADDRESS ]] || LINES+=("DNSCRYPT_LOCAL_ADDRESS not set, expected ip[:port]")
	[[ -z ${LINES[@]} ]]
}

start() {
	local log_opts rsl_list res

	ebegin "Checking $SVCNAME"
	if ! check; then
		eindent
		elines 1
		eoutdent
		eend 1
		return 1
	else
		eend 0
	fi

	ebegin "Starting $SVCNAME on $DNSCRYPT_LOCAL_ADDRESS"
	eindent

	res=1
	if [[ "$DNSCRYPT_LOGGER" == 'syslog' ]] || checkpath -f -m 660 --owner "$DNSCRYPT_USER:$DNSCRYPT_GROUP" "$DNSCRYPT_LOGGER"; then
		if checkpath -d -m 660 --owner "$DNSCRYPT_USER:$DNSCRYPT_GROUP" "$rundir"; then

			[[ "$DNSCRYPT_LOGGER" == 'syslog' ]] && log_opts='--syslog' || log_opts="--logfile=$DNSCRYPT_LOGGER"

			if [[ $DNSCRYPT_MODE == 'name' ]]; then
				DNSCRYPT_OPTS="$DNSCRYPT_OPTS --resolver-name=$DNSCRYPT_RESOLVER_NAME"
				rsl_list="--resolvers-list=$DNSCRYPT_RESOLVERS_FILE"
			else
				DNSCRYPT_OPTS="$DNSCRYPT_OPTS --resolver-address=$DNSCRYPT_PROVIDER_ADDRESS --provider-name=$DNSCRYPT_PROVIDER_NAME --provider-key=$DNSCRYPT_PROVIDER_KEY"
			fi

			if [[ $DNSCRYPT_MODE == 'name' ]]; then
				einfo "using $DNSCRYPT_RESOLVER_NAME from '$DNSCRYPT_RESOLVERS_FILE'"
			else
				einfo "using $DNSCRYPT_PROVIDER_NAME on $DNSCRYPT_PROVIDER_ADDRESS"
			fi
			# start-stop-daemon --start \
			# 				  --wait 300 \
			# 				  --exec $DAEMON \
			# 				  -- \
			# 				  --daemonize \
			# 				  --user=$DNSCRYPT_USER \
			# 				  --pidfile=${pidfile} \
			# 				  --local-address=${DNSCRYPT_LOCAL_ADDRESS} \
			# 				  $opts > $outfile 2>&1
			start-stop-daemon --start \
							  --background \
							  --wait 300 \
							  --make-pidfile --pidfile ${pidfile} \
							  --exec $DAEMON \
							  -- \
							  --user=$DNSCRYPT_USER \
							  --pidfile=${pidfile} \
							  --local-address=${DNSCRYPT_LOCAL_ADDRESS} \
							  $DNSCRYPT_OPTS "$log_opts" "$rsl_list" >$outfile 2>&1
			res=$?
			LINES=(); readarray -t LINES <$outfile
			elines $res
			rm -f $outfile
		fi
	fi
	eoutdent
	eend $res
}

stop() {
	ebegin "Stopping $SVCNAME on $DNSCRYPT_LOCAL_ADDRESS"
	start-stop-daemon --stop --pidfile=${pidfile} --exec $DAEMON
	eend $?
}