#!/usr/bin/env bash
#
# Full desktop provision example
#
# Copyright (C) 2017 Silvio Rhatto - rhatto at riseup.net
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published
# by the Free Software Foundation, either version 3 of the License,
# or any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program.  If not, see <http://www.gnu.org/licenses/>.
#

# Parameters
DIRNAME="`dirname $0`"
BASENAME="`basename $0`"
HOSTNAME="$1"
DOMAIN="$2"
MIRROR="$3"
APT_INSTALL="sudo LC_ALL=C DEBIAN_FRONTEND=noninteractive apt-get install -y"

# Provision the basic stuff
$DIRNAME/vpn $HOSTNAME $DOMAIN $MIRROR

# Firewall
# See https://blog.ipredator.se/linux-firewall-howto.html
$APT_INSTALL ferm ulogd2 ulogd2-pcap
sudo cp $DIRNAME/files/ipredator/etc/ferm/ferm.conf /etc/ferm
sudo cp $DIRNAME/files/ipredator/etc/udev/rules.d/81-vpn-firewall.rules /etc/udev/rules.d
sudo cp $DIRNAME/files/ipredator/usr/local/bin/fermreload.sh /usr/local/bin
sudo chmod 555 /usr/local/bin/fermreload.sh
sudo sed -i -e 's/^ENABLED=.*$/ENABLED="yes"/' /etc/default/ferm
sudo service ferm restart

# IPredator 
# See https://www.ipredator.se/guide/openvpn/debian/native
sudo cp $DIRNAME/files/ipredator/etc/openvpn/ipredator.conf /etc/openvpn
sudo touch /etc/openvpn/ipredator.auth
sudo chown root:root /etc/openvpn/ipredator.conf
sudo chown root:root /etc/openvpn/ipredator.auth
sudo chmod 400 /etc/openvpn/ipredator.conf
sudo chmod 400 /etc/openvpn/ipredator.auth
echo "Please set user/password at /etc/openvpn/ipredator.auth"