#!/sbin/openrc-run
# Copyright 1999-2014 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Id$

DNSCRYPT_LOGFILE=${DNSCRYPT_LOGFILE:-syslog}
DNSCRYPT_RESOLVERS_LIST=${DNSCRYPT_RESOLVERS_LIST:-/usr/share/dnscrypt-proxy/dnscrypt-resolvers.csv}

rundir=${rundir:-/var/run/dnscrypt-proxy}
pidfile=${pidfile:-${rundir}/dnscrypt-proxy.pid}
rundir=${rundir:-/var/run/dnscrypt-proxy}
runas_user=${runas_user:-dnscrypt}
runas_group=${runas_user:-dnscrypt}

depend() {
	use net
	before dns
	after logger
}

start() {
	if [ ! -d "${rundir}" ]; then
		mkdir "${rundir}"
		if [ -n "${runas_user}" ]; then
			touch "${DNSCRYPT_LOGFILE}"
			chown ${runas_user}:${runas_group} "${DNSCRYPT_LOGFILE}"
			chown -R ${runas_user}:${runas_group} "${rundir}"
		fi
	fi

	if [ -n "$DNSCRYPT_RESOLVER_NAME" -a -n "$DNSCRYPT_RESOLVERIP" ]; then
		eerror "You must set exactly one of DNSCRYPT_RESOLVER_NAME or DNSCRYPT_RESOLVERIP!"
		return 1
	elif [ -n "$DNSCRYPT_RESOLVER_NAME" ]; then
		resolver_opts="--resolvers-list=${DNSCRYPT_RESOLVERS_LIST} --resolver-name=${DNSCRYPT_RESOLVER_NAME}"
	elif [ -n "$DNSCRYPT_RESOLVERIP" ]; then
		resolver_opts="--resolver-address=${DNSCRYPT_RESOLVERIP}:${DNSCRYPT_RESOLVERPORT} --provider-name=${DNSCRYPT_PROVIDER_NAME} --provider-key=${DNSCRYPT_PROVIDER_KEY}"
	else
		eerror "You must set exactly one of DNSCRYPT_RESOLVER_NAME or DNSCRYPT_RESOLVERIP!"
		return 1
	fi

	if [[ "${DNSCRYPT_LOGFILE}" == "syslog" ]]; then
		logopt="--syslog"
	else
		logopt="--logfile='${DNSCRYPT_LOGFILE}'"
	fi
	ebegin "Starting dnscrypt-proxy"
	start-stop-daemon --start --quiet \
		--exec /usr/sbin/dnscrypt-proxy \
		-- \
		$logopt \
		--pidfile="${pidfile}" \
		--daemonize --user=${runas_user} \
		--local-address=${DNSCRYPT_LOCALIP}:${DNSCRYPT_LOCALPORT} \
		$resolver_opts \
		${DNSCRYPT_OPTIONS}
	eend $?
}

stop() {
	ebegin "Stopping dnscrypt-proxy"
	start-stop-daemon --stop --quiet --exec /usr/sbin/dnscrypt-proxy
	eend $?
}