aports/main/openvpn/openvpn.initd

#!/sbin/openrc-run

extra_commands="checkconfig"
extra_started_commands="reload stats"

description_reload="Reload OpenVPN using SIGUSR1"
description_stats="Dump OpenVPN statistics to syslog"

instance_name=${RC_SVCNAME#*.}
[ "$instance_name" != "openvpn" ] \
	&& name="OpenVPN ($instance_name)" \
	|| name="OpenVPN"

# Upper case variables are for backward compatibility with Alpine < v3.8.
: ${cfgdir:=${VPNDIR:-"/etc/openvpn"}}
: ${cfgfile:="$cfgdir/$instance_name.conf"}
: ${detect_client:="${DETECT_CLIENT:-yes}"}
: ${up_script:="$cfgdir/up.sh"}
: ${down_script:="$cfgdir/down.sh"}
: ${peer_dns:=${PEER_DNS:-"yes"}}

pidfile="/run/$RC_SVCNAME.pid"
command="/usr/sbin/openvpn"
command_args="
	--daemon $instance_name
	--config $cfgfile
	--writepid $pidfile
	--setenv RC_SVCNAME $RC_SVCNAME
	--setenv PEER_DNS $peer_dns
	$command_args"

required_dirs="$cfgdir"
required_files="$cfgfile"


depend() {
	need localmount net
	use dns
	after bootmisc
}

checkconfig() {
	# Note: This is not just a check; we need to detect the mode both for
	# "start" and "checkconfig" commands, that's why it's here.
	if [ -z "$client_mode" ] && yesno "$detect_client"; then
		cfgfile_has_option 'remote' \
			&& client_mode=yes \
			|| client_mode=no
	fi

	if [ ! -e /dev/net/tun ]; then
		if ! modprobe tun; then
			eerror "TUN/TAP support is not available in this kernel"
			return 1
		fi
	fi
	if [ -h /dev/net/tun ] && [ -c /dev/misc/net/tun ]; then
		ebegin "Detected broken /dev/net/tun symlink, fixing"
		rm -f /dev/net/tun
		ln -s /dev/misc/net/tun /dev/net/tun
		eend $?
	fi

	if yesno "$client_mode"; then
		local f; for f in "$up_script" "$down_script"; do
			[ -r "$f" ] || { eerror "'$f' is not readable"; return 1; }
		done

		# Warn about setting scripts as we override them
		if cfgfile_has_option "(up|down)"; then
			ewarn "WARNING: You have defined your own up/down scripts"
			ewarn "As you're running as a client, we now force Alpine specific"
			ewarn "scripts to be run for up and down events."
			ewarn "These scripts will call /etc/openvpn/$RC_SVCNAME-{up,down}.sh"
			ewarn "where you can put your own code."
		fi
		# Warn about the inability to change ip/route/dns information when
		# dropping privs
		if cfgfile_has_option "user"; then
			ewarn "WARNING: You are dropping root privileges!"
			ewarn "As such openvpn may not be able to change ip, routing"
			ewarn "or DNS configuration."
		fi
	fi
}

start_pre() {
	checkconfig || return 1

	if yesno "$client_mode"; then
		command_args="$command_args
			--up-delay
			--up-restart
			--down-pre
			--script-security 2
			--up $up_script
			--down $down_script"
		start_inactive="yes"
	else
		# Run as openvpn unless otherwise specified.
		cfgfile_has_option "user" || command_args="$command_args --user openvpn"
		cfgfile_has_option "group" || command_args="$command_args --group openvpn"
	fi

	# If the config file does not specify the cd option, we do.
	# But if we specify it, we override the config option which we do not want.
	if cfgfile_has_option "cd"; then
		command_args="$command_args --cd $cfgdir"
	fi
}

start() {
	# If we are re-called by the up.sh script, then we don't actually want
	# to start OpenVPN. We do this so we can "start" ourselves from
	# inactive (from the up.sh script) which then triggers other
	# services to start which depend on us.
	yesno "$IN_BACKGROUND" && return 0

	default_start
}

stop() {
	# If we are re-called by the down.sh script, then we don't actually
	# want to stop OpenVPN.
	if yesno "$IN_BACKGROUND"; then
		mark_service_inactive "$RC_SVCNAME"
		return 0
	fi

	default_stop
}

reload() {
	ebegin "Reloading $name"
	start-stop-daemon --signal USR1 --pidfile "$pidfile"
	eend $?
}

stats() {
	ebegin "Dumping $name statistics to syslog"
	start-stop-daemon --signal USR2 --pidfile "$pidfile"
	eend $?
}

cfgfile_has_option() {
	grep -Eq "^\s*$1\s" "$cfgfile"
}