From 3ccf7fdd966f257e97ff3398f154921008b13156 Mon Sep 17 00:00:00 2001
From: Matthias Schiffer <mschiffer@universe-factory.net>
Date: Sun, 10 May 2020 13:32:39 +0200
Subject: [PATCH] gluon-mesh-vpn-fastd: clean up peers and groups on update

The 'preserve' flag can be used to mark a peer so it is not removed or
modified on upgrades. In addition, groups containing preserved peers are
not removed.

Fixes: #557
---
 docs/user/site.rst                            |  6 +++
 .../lib/gluon/upgrade/400-mesh-vpn-fastd      | 41 +++++++++++++++----
 2 files changed, 40 insertions(+), 7 deletions(-)

diff --git a/docs/user/site.rst b/docs/user/site.rst
index 2d68ed92..1f56b3b7 100644
--- a/docs/user/site.rst
+++ b/docs/user/site.rst
@@ -302,6 +302,12 @@ mesh_vpn
 
     You can set syslog_level from verbose (default) to warn to reduce syslog output.
 
+    fastd allows to configure a tree of peer groups and peers. By default, the
+    list of groups and peers configured in the *fastd* UCI config is completely
+    replaced by the list from site.conf on upgrades. To allow custom modifications
+    to the peer list, removal and modification of peers can be prevented by
+    setting the *preserve* option of a peer to ``1`` in UCI.
+
     The `tunneldigger` section is used to define the *tunneldigger* broker list.
 
     **Note:** It doesn't make sense to include both `fastd` and `tunneldigger`
diff --git a/package/gluon-mesh-vpn-fastd/luasrc/lib/gluon/upgrade/400-mesh-vpn-fastd b/package/gluon-mesh-vpn-fastd/luasrc/lib/gluon/upgrade/400-mesh-vpn-fastd
index c901590f..0312b29c 100755
--- a/package/gluon-mesh-vpn-fastd/luasrc/lib/gluon/upgrade/400-mesh-vpn-fastd
+++ b/package/gluon-mesh-vpn-fastd/luasrc/lib/gluon/upgrade/400-mesh-vpn-fastd
@@ -48,10 +48,43 @@ uci:section('fastd', 'fastd', 'mesh_vpn', {
 uci:delete('fastd', 'mesh_vpn', 'user')
 
 
+-- Collect list of groups that have peers with 'preserve' flag
+local preserve_groups = {}
+
+local function preserve_group(name)
+	if not name or preserve_groups[name] then
+		return
+	end
+	preserve_groups[name] = true
+
+	local parent = uci:get('fastd', name, 'group')
+	preserve_group(parent)
+end
+
+uci:foreach('fastd', 'peer', function(peer)
+	if peer.net == 'mesh_vpn' and peer.preserve == '1' then
+		preserve_group(peer.group)
+	end
+end)
+
+
+-- Clean up previous configuration
+uci:delete_all('fastd', 'peer', function(peer)
+	return (peer.net == 'mesh_vpn' and peer.preserve ~= '1')
+end)
+uci:delete_all('fastd', 'peer_group', function(group)
+	return (group.net == 'mesh_vpn' and not preserve_groups[group['.name']])
+end)
+
+
 local add_groups
 
 local function add_peer(group, name, config)
-	uci:section('fastd', 'peer', group .. '_peer_' .. name, {
+	local uci_name = group .. '_peer_' .. name
+	if uci:get_bool('fastd', uci_name, 'preserve') then
+		return
+	end
+	uci:section('fastd', 'peer', uci_name, {
 		enabled = true,
 		net = 'mesh_vpn',
 		group = group,
@@ -61,12 +94,6 @@ local function add_peer(group, name, config)
 end
 
 local function add_group(name, config, parent)
-	uci:delete('fastd', name)
-	uci:delete_all('fastd', 'peer',	function(peer)
-		return (peer.net == 'mesh_vpn' and peer.group == name)
-	end)
-
-
 	uci:section('fastd', 'peer_group', name, {
 		enabled = true,
 		net = 'mesh_vpn',