#!/sbin/openrc-run

name="ipsec pluto daemon"
extra_commands="configtest"
extra_started_commands="reload"
description="pluto is an IKE daemon that is used to setup IPSEC VPN connections."
description_configtest="Run syntax tests for configuration files only."
description_reload="reloads the configuration - does not affect existing connections"

PLUTO_BINARY=${PLUTO_BINARY:-/usr/libexec/ipsec/pluto}
PLUTO_CONFFILE=${PLUTO_CONFFILE:-/etc/ipsec.conf}
IPSEC_BINARY=${IPSEC_BINARY:-/usr/sbin/ipsec}
IPSEC_NSSDIR=${IPSEC_NSSDIR:-/run/pluto/nss}
pidfile=${PLUTO_PIDFILE:-/var/run/pluto/pluto.pid}

command="${PLUTO_BINARY}"
command_args="--config ${PLUTO_CONFFILE} ${PLUTO_OPTS}"

depend() {
	need net
	use logger dns
}

checkconfig() {
	checkpath --directory /run/pluto
	checkpath --directory "${IPSEC_NSSDIR}"
	${IPSEC_BINARY} addconn --checkconfig || return 1
}

configtest() {
	ebegin "Checking ${SVCNAME} configuration"
	checkconfig
	eend $?
}

start_pre() {
	checkconfig || return 1

	${IPSEC_BINARY} --checknss --nssdir "${IPSEC_NSSDIR}"
	${IPSEC_BINARY} --checknflog
	${IPSEC_BINARY} _stackmanager start
}

stop_pre() {
	if [ "${RC_CMD}" = "restart" ] ; then
		checkconfig || return 1
	fi
}

stop_post() {
	${IPSEC_BINARY} _stackmanager stop
	${IPSEC_BINARY} --stopnflog
	eend $RETVAL
}

reload() {
	checkconfig || return $?
	ebegin "Reloading ${SVCNAME}"
	${IPSEC_BINARY} auto --rereadall
	eend $?
}