#!/bin/sh

. /etc/image_features

if [ "$FEATURE_OPENVPN" = "1" ]  ; then

	CONF=/etc/fiad-conf/openvpn/conf/server.conf

	if [ ! -f /etc/fiad-conf/openvpn/vars ] ; then
		cp -fR /etc/default-conf/openvpn /etc/fiad-conf/
	fi
	if [ ! -f $CONF ] ; then
		cp -fR /etc/default-conf/openvpn/conf  /etc/fiad-conf/openvpn/
	fi
	if [ ! -d /etc/openvpn/work/keys/client ]; then
		/bin/mkdir -p /etc/openvpn/work/keys/client
	fi
	Local=$(/bin/cat $CONF | /bin/grep "local 0.0.0.0")
	if [ ! -z "$Local" ]; then
		sed -i 's/local 0.0.0.0/local ::/g' $CONF
	fi
	topology=$(/bin/cat $CONF | /bin/grep "topology")
	if [ -z "$topology" ]; then
		echo "topology subnet" >> $CONF
		echo "push topology subnet" >> $CONF
	fi
	clientconfdir=$(/bin/cat $CONF | /bin/grep "client-config-dir")
	if [ -z "$clientconfdir" ]; then
		echo "client-config-dir /etc/openvpn/work/keys/client" >> $CONF
	fi

	SERVER=$(/bin/cat $CONF | grep '^server')
	if [ ! -z "$SERVER" ]; then
		IP=$(echo $SERVER | cut -f2 -d" ")
		MASK=$(echo $SERVER | cut -f3 -d" ")
		if [ ! -z "$IP" ] && [ ! -z "$MASK" ]; then
		IPSTART=${IP%.*}
		TOREPLACE="mode server\ntls-server\nifconfig $IPSTART.1 $MASK\nifconfig-pool $IPSTART.150 $IPSTART.254 $MASK"
		sed -i -e "s/$SERVER/$TOREPLACE/g" $CONF
		fi	    
	fi	

	MANAGEMENT=$(/bin/cat $CONF | grep '^management')
	if [ -z "$MANAGEMENT" ]; then
		echo "management localhost 49777" >> $CONF
	fi

	TLS_VERIFY=$(/bin/cat $CONF | grep '^tls-verify')
	if [ -z "$TLS_VERIFY" ]; then
		echo "tls-verify \"/etc/openvpn/scripts/server/verify-cn.sh /etc/openvpn/work/serveruserlist.txt\"" >> $CONF
	fi

	sed -i -e "s/status \/tmp\/logs\/openvpn-status.log.*/status \/tmp\/logs\/openvpn-status.log 20/g" $CONF

	push=$(/bin/cat $CONF | /bin/grep "push" | /bin/grep "\"" )
	if [ -z "$push" ]; then
	  sed -i 's/\push \(.*\)/push "\1"/g' $CONF
	fi

	ncp=$(/bin/cat $CONF | /bin/grep "ncp-ciphers" )
	if [ -z "$ncp" ]; then
	  echo "ncp-ciphers AES-256-GCM:AES-256-CBC:AES-128-GCM:AES-128-CBC" >> $CONF
	fi

	if [ -f /etc/openvpn/work/keys/crl.pem ]; then
	  . /etc/openvpn/work/vars && $OPENSSL ca -gencrl -out "/etc/openvpn/work/keys/crl.pem" -config "$KEY_CONFIG"
	fi
fi
