#!/bin/sh
# Begin $rc_base/init.d/unbound

# Description : Unbound DNS resolver boot script for IPfire
# Author      : Marcel Lorenz <marcel.lorenz@ipfire.org>
#
# Comment     : This init script additional starts the dhcpd watcher daemon
#               if DNS-Update (RFC2136) in web interface enabled

. /etc/sysconfig/rc
. ${rc_functions}

USE_FORWARDERS=1

# Load optional configuration
[ -e "/etc/sysconfig/unbound" ] && . /etc/sysconfig/unbound

function cidr() {
    local cidr nbits IFS;
    IFS=. read -r i1 i2 i3 i4 <<< ${1}
    IFS=. read -r m1 m2 m3 m4 <<< ${2}
    cidr=$(printf "%d.%d.%d.%d\n" "$((i1 & m1))" "$((i2 & m2))" "$((i3 & m3))" "$((i4 & m4))")
    nbits=0
    IFS=.
    for dec in $2 ; do
        case $dec in
            255) let nbits+=8;;
            254) let nbits+=7;;
            252) let nbits+=6;;
            248) let nbits+=5;;
            240) let nbits+=4;;
            224) let nbits+=3;;
            192) let nbits+=2;;
            128) let nbits+=1;;
            0);;
            *) echo "Error: $dec is not recognised"; exit 1
        esac
    done
    echo "${cidr}/${nbits}"
}

read_name_servers() {
	local i
	for i in 1 2; do
		echo "$(</var/ipfire/red/dns${i})"
	done | xargs echo
}

config_header() {
	echo "# This file is automatically generated and any changes"
	echo "# will be overwritten. DO NOT EDIT!"
	echo
}

update_forwarders() {
	local forwarders="$(read_name_servers)"

	if [ "${USE_FORWARDERS}" = "1" ] && [ -n "${forwarders}" ]; then
		boot_mesg "Using Name Server(s): ${forwarders}"
		boot_mesg_flush

		unbound-control -q forward ${forwarders}

	# If forwarders cannot be used we run in recursor mode
	else
		unbound-control -q forward off
	fi
}

write_interfaces_conf() {
	(
		config_header

		if [ -n "${GREEN_ADDRESS}" ]; then
			echo "# GREEN"
			echo "interface: ${GREEN_ADDRESS}"
			echo "access-control: $(cidr ${GREEN_NETADDRESS} ${GREEN_NETMASK}) allow"
		fi

		if [ -n "${BLUE_ADDRESS}" ]; then
			echo "# BLUE"
			echo "interface: ${BLUE_ADDRESS}"
			echo "access-control: $(cidr ${BLUE_NETADDRESS} ${BLUE_NETMASK}) allow"
		fi
	) > /etc/unbound/interfaces.conf
}

write_forward_conf() {
	(
		config_header

		local enabled zone server remark
		while IFS="," read -r enabled zone server remark; do
			# Line must be enabled.
			[ "${enabled}" = "on" ] || continue

			echo "forward-zone:"
			echo "	name: ${zone}"
			echo "	forward-addr: ${server}"
			echo
		done < /var/ipfire/dnsforward/config
	) > /etc/unbound/forward.conf
}


case "$1" in
	start)
		eval $(/usr/local/bin/readhash /var/ipfire/ethernet/settings)
		eval $(/usr/local/bin/readhash /var/ipfire/dhcp/settings)

		# Create control keys at first run
		if [ ! -r "/etc/unbound/unbound_control.key" ]; then
			unbound-control-setup -d /etc/unbound &>/dev/null
		fi

		# Update configuration files
		write_interfaces_conf
		write_forward_conf

		boot_mesg "Starting Unbound DNS Proxy..."
		loadproc /usr/sbin/unbound || exit $?

		# Update any known forwarding name servers
		update_forwarders

		# Start Unbound DHCP Lease Bridge unless RFC2136 is used
		if [ "${DNS_UPDATE_ENABLED}" != on ]; then
			boot_mesg "Starting Unbound DHCP Leases Bridge..."
			loadproc /usr/sbin/unbound-dhcp-leases-bridge -d
		fi
		;;

	stop)
		boot_mesg "Stopping Unbound DHCP Leases Bridge..."
		killproc /usr/sbin/unbound-dhcp-leases-bridge

		boot_mesg "Stopping Unbound DNS Proxy..."
		killproc /usr/sbin/unbound
		;;

	restart)
		$0 stop
		sleep 1
		$0 start
		;;

	status)
		statusproc /usr/sbin/unbound
		statusproc /usr/sbin/unbound-dhcp-leases-bridge
		;;

	update-forwarders)
		update_forwarders
		;;

	*)
		echo "Usage: $0 {start|stop|restart|status|update-forwarders}"
		exit 1
		;;
esac

# End $rc_base/init.d/unbound