#!/usr/bin/lua

local site = require 'gluon.site'
local users = require 'gluon.users'
local util = require 'gluon.util'
local fs = require 'nixio.fs'

local uci = require('simple-uci').cursor()


uci:section('network', 'interface', 'mesh_vpn', {
	ifname = 'mesh-vpn',
	proto = 'gluon_mesh',
	transitive = true,
	fixed_mtu = true,
	macaddr = util.generate_mac(7),
	mtu = site.mesh_vpn.mtu(),
})

uci:save('network')


if fs.access('/etc/config/gluon-simple-tc') then
	os.rename('/etc/config/gluon-simple-tc', '/etc/config/simple-tc')
end

if not uci:get('simple-tc', 'mesh_vpn') then
	uci:section('simple-tc', 'interface', 'mesh_vpn', {
		ifname = 'mesh-vpn',
		enabled = site.mesh_vpn.bandwidth_limit.enabled(false),
		limit_ingress = site.mesh_vpn.bandwidth_limit.ingress(),
		limit_egress = site.mesh_vpn.bandwidth_limit.egress(),
	})
	uci:save('simple-tc')
end


-- The previously used user and group are removed, we now have a generic group
users.remove_user('gluon-fastd')
users.remove_group('gluon-fastd')

users.add_group('gluon-mesh-vpn', 800)

uci:section('firewall', 'include', 'mesh_vpn_dns', {
	type = 'restore',
	path = '/lib/gluon/mesh-vpn/iptables.rules',
	family = 'ipv4',
})

uci:save('firewall')


-- VPN migration
local has_fastd = fs.access('/lib/gluon/mesh-vpn/fastd')
local fastd_enabled = uci:get('fastd', 'mesh_vpn', 'enabled')

local has_tunneldigger = fs.access('/lib/gluon/mesh-vpn/tunneldigger')
local tunneldigger_enabled = uci:get('tunneldigger', 'mesh_vpn', 'enabled')

local enabled

-- If the installed VPN package has its enabled state set, keep the value
if has_fastd and fastd_enabled then
	enabled = fastd_enabled == '1'
elseif has_tunneldigger and tunneldigger_enabled then
	enabled = tunneldigger_enabled == '1'
-- Otherwise, migrate the other package's value if any is set
elseif fastd_enabled or tunneldigger_enabled then
	enabled = fastd_enabled == '1' or tunneldigger_enabled == '1'
-- If nothing is set, use the default
else
	enabled = site.mesh_vpn.enabled(false)
end

if has_fastd then
	uci:set('fastd', 'mesh_vpn', 'enabled', enabled)
else
	uci:delete('fastd', 'mesh_vpn')
end
uci:save('fastd')

if has_tunneldigger then
	uci:set('tunneldigger', 'mesh_vpn', 'enabled', enabled)
else
	uci:delete('tunneldigger', 'mesh_vpn')
end
uci:save('tunneldigger')