#!/bin/sh

# Create the necessary file structure for /dev/net/tun
# required to run on docker swarm, as there are no devices available
if ( [ ! -c /dev/net/tun ] ); then
  if ( [ ! -d /dev/net ] ); then
    mkdir -m 755 /dev/net
  fi
  mknod /dev/net/tun c 10 200
  chmod 0755 /dev/net/tun
  echo "Created /dev/net/tun."
fi

PVDIR=/root/.pvpn-cli

if [ -z "$PVPN_USERNAME" ] && [ -z "$PVPN_USERNAME_FILE" ]; then
	echo "Error: Either env var \$PVPN_USERNAME or \$PVPN_USERNAME_FILE is required."
	exit 1
fi

if [ -z "$PVPN_PASSWORD" ] && [ -z "$PVPN_PASSWORD_FILE" ]; then
	echo "Error: Either env var \$PVPN_PASSWORD or \$PVPN_PASSWORD_FILE is required."
	exit 1
fi

[ -f "$PVPN_USERNAME_FILE" ] && PVPN_USERNAME=$(cat "$PVPN_USERNAME_FILE")
[ -f "$PVPN_PASSWORD_FILE" ] && PVPN_PASSWORD=$(cat "$PVPN_PASSWORD_FILE")

# Initialize config
if [ ! -f $PVDIR/pvpn-cli.cfg ]; then
	cp $PVDIR/pvpn-cli.cfg.clean $PVDIR/pvpn-cli.cfg
	sed -i \
		-e "s/PVPN_USERNAME/$PVPN_USERNAME/" \
		-e "s/PVPN_PROTOCOL/$PVPN_PROTOCOL/" \
		-e "s/PVPN_TIER/$PVPN_TIER/" \
		$PVDIR/pvpn-cli.cfg
fi

echo "$PVPN_USERNAME" > $PVDIR/pvpnpass
echo "$PVPN_PASSWORD" >> $PVDIR/pvpnpass
chmod 0600 $PVDIR/pvpnpass

# Connect to ProtonVPN
protonvpn refresh
# shellcheck disable=SC2086
protonvpn $PVPN_CMD_ARGS

if ! ip link show proton0 > /dev/null; then
	echo "Failed to bring up VPN :("
	exit 1
fi

if [ -n "$DNS_SERVERS_OVERRIDE" ]; then
	# This needs to run at this point, because ProtonVPN will have changed the
	# DNS servers in /etc/resolv.conf.
	cp /etc/resolv.conf /etc/resolv.conf.bak
	echo "$DNS_SERVERS_OVERRIDE" | sed -e 's/^/nameserver /' -e 's/,/\nnameserver /' > /etc/resolv.conf
fi

# Setup route for host network
if [ -n "$HOST_NETWORK" ]; then
	gw=$(ip route | awk '$1 == "default" { print $3 }')
	ip route add "$HOST_NETWORK" via "$gw"
fi

# Start Privoxy
ln -s /etc/privoxy/templates /app/proton-privoxy/
exec privoxy --no-daemon