From 68f22154c2db4db12562e61b452862655001556b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Maciej=20Kr=C3=BCger?= <mkg20001@gmail.com>
Date: Wed, 8 Dec 2021 01:41:34 +0100
Subject: [PATCH] gluon-mesh-vpn-openvpn: initial

---
 package/gluon-mesh-vpn-openvpn/Makefile       | 13 ++++++
 package/gluon-mesh-vpn-openvpn/check_site.lua |  1 +
 .../files/lib/gluon/mesh-vpn/provider/openvpn |  0
 .../files/lib/gluon/reload.d/310-openvpn-stop |  2 +
 .../lib/gluon/reload.d/790-openvpn-start      |  2 +
 .../files/usr/lib/micron.d/openvpn-watchdog   |  1 +
 .../lib/gluon/upgrade/400-mesh-vpn-openvpn    | 31 +++++++++++++
 .../luasrc/usr/bin/openvpn-watchdog           | 46 +++++++++++++++++++
 .../lua/gluon/mesh-vpn/provider/openvpn.lua   | 42 +++++++++++++++++
 9 files changed, 138 insertions(+)
 create mode 100644 package/gluon-mesh-vpn-openvpn/Makefile
 create mode 100644 package/gluon-mesh-vpn-openvpn/check_site.lua
 create mode 100644 package/gluon-mesh-vpn-openvpn/files/lib/gluon/mesh-vpn/provider/openvpn
 create mode 100644 package/gluon-mesh-vpn-openvpn/files/lib/gluon/reload.d/310-openvpn-stop
 create mode 100644 package/gluon-mesh-vpn-openvpn/files/lib/gluon/reload.d/790-openvpn-start
 create mode 100644 package/gluon-mesh-vpn-openvpn/files/usr/lib/micron.d/openvpn-watchdog
 create mode 100644 package/gluon-mesh-vpn-openvpn/luasrc/lib/gluon/upgrade/400-mesh-vpn-openvpn
 create mode 100644 package/gluon-mesh-vpn-openvpn/luasrc/usr/bin/openvpn-watchdog
 create mode 100644 package/gluon-mesh-vpn-openvpn/luasrc/usr/lib/lua/gluon/mesh-vpn/provider/openvpn.lua

diff --git a/package/gluon-mesh-vpn-openvpn/Makefile b/package/gluon-mesh-vpn-openvpn/Makefile
new file mode 100644
index 00000000..bf2c0f73
--- /dev/null
+++ b/package/gluon-mesh-vpn-openvpn/Makefile
@@ -0,0 +1,13 @@
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=gluon-mesh-vpn-openvpn
+PKG_VERSION:=3
+
+include ../gluon.mk
+
+define Package/gluon-mesh-vpn-openvpn
+  TITLE:=Support for connecting meshes via custom openvpn configuration
+  DEPENDS:=+gluon-core +gluon-mesh-vpn-core +openvpn
+endef
+
+$(eval $(call BuildPackageGluon,gluon-mesh-vpn-openvpn))
diff --git a/package/gluon-mesh-vpn-openvpn/check_site.lua b/package/gluon-mesh-vpn-openvpn/check_site.lua
new file mode 100644
index 00000000..baa2132a
--- /dev/null
+++ b/package/gluon-mesh-vpn-openvpn/check_site.lua
@@ -0,0 +1 @@
+need_string(in_domain({'mesh_vpn', 'openvpn', 'config'}))
diff --git a/package/gluon-mesh-vpn-openvpn/files/lib/gluon/mesh-vpn/provider/openvpn b/package/gluon-mesh-vpn-openvpn/files/lib/gluon/mesh-vpn/provider/openvpn
new file mode 100644
index 00000000..e69de29b
diff --git a/package/gluon-mesh-vpn-openvpn/files/lib/gluon/reload.d/310-openvpn-stop b/package/gluon-mesh-vpn-openvpn/files/lib/gluon/reload.d/310-openvpn-stop
new file mode 100644
index 00000000..cef0d451
--- /dev/null
+++ b/package/gluon-mesh-vpn-openvpn/files/lib/gluon/reload.d/310-openvpn-stop
@@ -0,0 +1,2 @@
+#!/bin/sh
+/etc/init.d/openvpn stop
diff --git a/package/gluon-mesh-vpn-openvpn/files/lib/gluon/reload.d/790-openvpn-start b/package/gluon-mesh-vpn-openvpn/files/lib/gluon/reload.d/790-openvpn-start
new file mode 100644
index 00000000..f237604a
--- /dev/null
+++ b/package/gluon-mesh-vpn-openvpn/files/lib/gluon/reload.d/790-openvpn-start
@@ -0,0 +1,2 @@
+#!/bin/sh
+/etc/init.d/openvpn start
diff --git a/package/gluon-mesh-vpn-openvpn/files/usr/lib/micron.d/openvpn-watchdog b/package/gluon-mesh-vpn-openvpn/files/usr/lib/micron.d/openvpn-watchdog
new file mode 100644
index 00000000..c1a8af53
--- /dev/null
+++ b/package/gluon-mesh-vpn-openvpn/files/usr/lib/micron.d/openvpn-watchdog
@@ -0,0 +1 @@
+*/5 * * * * /usr/bin/openvpn-watchdog
diff --git a/package/gluon-mesh-vpn-openvpn/luasrc/lib/gluon/upgrade/400-mesh-vpn-openvpn b/package/gluon-mesh-vpn-openvpn/luasrc/lib/gluon/upgrade/400-mesh-vpn-openvpn
new file mode 100644
index 00000000..700fd975
--- /dev/null
+++ b/package/gluon-mesh-vpn-openvpn/luasrc/lib/gluon/upgrade/400-mesh-vpn-openvpn
@@ -0,0 +1,31 @@
+#!/usr/bin/lua
+
+local site = require 'gluon.site'
+local util = require 'gluon.util'
+local vpn_core = require 'gluon.mesh-vpn'
+
+local uci = require('simple-uci').cursor()
+
+
+local enabled
+
+local file = '/etc/openvpn/mesh_vpn.ovpn'
+
+-- TODO: support for directly specifying options in site conf
+
+fd = io.open(file, 'w')
+fd:write(site.mesh_vpn.openvpn.config())
+fd:close()
+
+uci:section('openvpn', 'mesh_vpn', {
+	enabled = enabled,
+	config = file,
+	-- uuid = util.node_id(),
+	-- interface = vpn_core.get_interface(),
+	-- bind_interface = 'br-wan',
+	-- group = 'gluon-mesh-vpn',
+	-- broker_selection = 'usage',
+	-- address = site.mesh_vpn.openvpn.brokers(),
+})
+
+uci:save('openvpn')
diff --git a/package/gluon-mesh-vpn-openvpn/luasrc/usr/bin/openvpn-watchdog b/package/gluon-mesh-vpn-openvpn/luasrc/usr/bin/openvpn-watchdog
new file mode 100644
index 00000000..6ee339df
--- /dev/null
+++ b/package/gluon-mesh-vpn-openvpn/luasrc/usr/bin/openvpn-watchdog
@@ -0,0 +1,46 @@
+#!/usr/bin/lua
+
+local uci = require('simple-uci').cursor()
+
+local function restart_openvpn()
+	os.execute('logger -t openvpn-watchdog "Restarting openvpn."')
+	os.execute('/etc/init.d/openvpn restart')
+end
+
+local function read_pid_file()
+	local pid_file = io.open('/var/run/openvpn.mesh-vpn.pid', 'r')
+	if not pid_file then
+		return nil
+	end
+	local pid = pid_file:read('*l')
+	pid_file:close()
+	return pid
+end
+
+local function has_mesh_vpn_neighbours()
+	local handle = io.popen('batctl o', 'r')
+	if not handle then
+		return false
+	end
+	for line in handle:lines() do
+		if line:find('mesh%-vpn') then
+			handle:close()
+			return true
+		end
+	end
+	handle:close()
+	return false
+end
+
+if uci:get_bool('openvpn', 'mesh_vpn', 'enabled') then
+	-- if io.popen('pgrep -x /usr/bin/openvpn'):read('*l') ~= read_pid_file() then
+	-- 	os.execute('logger -t openvpn-watchdog "Process-Pid does not match with pid-File."')
+	-- 	restart_openvpn()
+	-- 	return
+	-- end
+	-- if not has_mesh_vpn_neighbours() then
+	-- 	os.execute('logger -t openvpn-watchdog "No vpn-mesh neighbours found."')
+	-- 	restart_openvpn()
+	-- 	return
+	-- end
+end
diff --git a/package/gluon-mesh-vpn-openvpn/luasrc/usr/lib/lua/gluon/mesh-vpn/provider/openvpn.lua b/package/gluon-mesh-vpn-openvpn/luasrc/usr/lib/lua/gluon/mesh-vpn/provider/openvpn.lua
new file mode 100644
index 00000000..f86acbc2
--- /dev/null
+++ b/package/gluon-mesh-vpn-openvpn/luasrc/usr/lib/lua/gluon/mesh-vpn/provider/openvpn.lua
@@ -0,0 +1,42 @@
+local uci = require('simple-uci').cursor()
+
+local site = require 'gluon.site'
+local vpn_core = require 'gluon.mesh-vpn'
+
+local M = {}
+
+function M.public_key()
+	return nil
+end
+
+function M.enable(val)
+	uci:set('openvpn', 'mesh_vpn', 'enabled', val)
+	uci:save('openvpn')
+end
+
+function M.active()
+	return site.mesh_vpn.openvpn() ~= nil
+end
+
+function M.set_limit(ingress_limit, egress_limit)
+	if ingress_limit ~= nil then
+		uci:set('openvpn', 'mesh_vpn', 'limit_bw_down', ingress_limit)
+	else
+		uci:delete('openvpn', 'mesh_vpn', 'limit_bw_down')
+	end
+
+	if egress_limit ~= nil then
+		uci:section('simple-tc', 'interface', 'mesh_vpn', {
+			ifname = vpn_core.get_interface(),
+			enabled = true,
+			limit_egress = egress_limit,
+		})
+	else
+		uci:delete('simple-tc', 'mesh_vpn')
+	end
+
+	uci:save('openvpn')
+	uci:save('simple-tc')
+end
+
+return M