#!/usr/bin/lua

local site = require 'gluon.site_config'
local users = require 'gluon.users'
local util = require 'gluon.util'

local uci = require 'luci.model.uci'

local c = uci.cursor()


-- The previously used user is removed, we need root privileges to use the packet_mark option
users.remove_user('gluon-fastd')

-- Group for iptables rule
users.add_group('gluon-fastd', 800)


c:section('fastd', 'fastd', 'mesh_vpn',
	  {
		  group = 'gluon-fastd',
		  syslog_level = 'verbose',
		  interface = 'mesh-vpn',
		  mode = 'tap',
		  mtu = site.fastd_mesh_vpn.mtu,
		  secure_handshakes = '1',
		  method = site.fastd_mesh_vpn.methods,
		  packet_mark = 1,
		  status_socket = '/var/run/fastd.mesh_vpn.socket',
	  }
)
c:delete('fastd', 'mesh_vpn', 'user')

c:delete('fastd', 'mesh_vpn_backbone')
c:section('fastd', 'peer_group', 'mesh_vpn_backbone',
	  {
		  enabled = 1,
		  net = 'mesh_vpn',
		  peer_limit = site.fastd_mesh_vpn.backbone.limit,
	  }
)

c:delete_all('fastd', 'peer',
	     function(peer)
	       return peer.net == 'mesh_vpn' and peer.group == 'mesh_vpn_backbone'
	     end
)

for name, config in pairs(site.fastd_mesh_vpn.backbone.peers) do
	c:section('fastd', 'peer', 'mesh_vpn_backbone_peer_' .. name,
		  {
			  enabled = 1,
			  net = 'mesh_vpn',
			  group = 'mesh_vpn_backbone',
			  key = config.key,
			  remote = config.remotes,
		  }
	)
end

c:save('fastd')
c:commit('fastd')


c:section('network', 'interface', 'mesh_vpn',
	  {
		  ifname = 'mesh-vpn',
		  proto = 'batadv',
		  mesh = 'bat0',
		  mesh_no_rebroadcast = 1,
		  macaddr = util.generate_mac(4, 0),
	  }
)

c:save('network')
c:commit('network')


c:section('firewall', 'include', 'mesh_vpn_dns',
	  {
	    type = 'restore',
	    path = '/lib/gluon/mesh-vpn-fastd/iptables.rules',
	    family = 'ipv4',
	  }
)

c:save('firewall')
c:commit('firewall')