The service is now based on yunohost settings, allowing to update the setup though the web interface with yunohost app setting commands

conf/init_ynh-vpnclient

@@ -9,79 +9,200 @@
 # Description:       Start VPN client.
 ### END INIT INFO
 
+# Functions
+## State functions
+
 has_nativeip6() {
-  ip -6 r | grep -q default\ via
+  ip -6 route | grep -q default\ via
+}
+
+has_hotspot_app() {
+  yunohost app list -f hotspot --json | grep -q '"installed": true'
 }
 
 is_ip6addr_set() {
-  yunohost app list -f hotspot --json | grep -q '"installed": true'\
-  || ip a s dev tun0 2> /dev/null | grep -q <TPL:IP6_ADDR>/128
+  ip address show dev tun0 2> /dev/null | grep -q "${ynh_ip6_addr}/128"
 }
 
 is_serverip6route_set() {
-  ip -6 r | grep -q <TPL:SERVER_IP6>/
+  server_ip6=$1
+
+  ip -6 route | grep -q "${server_ip6}/"
 }
 
 is_openvpn_running() {
   # service openvpn status seems to be a joke
-  ip l sh dev tun0 &> /dev/null
+  ip link show dev tun0 &> /dev/null
 }
 
 is_running() {
-  ((has_nativeip6 && is_serverip6route_set) || ! has_nativeip6) && is_openvpn_running
+  ((has_nativeip6 && is_serverip6route_set "${new_server_ip6}") || ! has_nativeip6)\
+  && ((! has_hotspot_app && is_ip6addr_set) || has_hotspot_app)\
+  && is_openvpn_running
+}
+
+## Setters
+
+set_ip6addr() {
+  ip address add "${ynh_ip6_addr}/128" dev tun0
+}
+
+set_serverip6route() {
+  server_ip6=$1
+  ip6_gw=$2
+  wired_device=$3
+
+  ip route add "${server_ip6}/128" via "${ip6_gw}" dev "${wired_device}"
+}
+
+start_openvpn() {
+  ip6_gw=$1
+  server_ip6=$2
+  proto=udp
+
+  [ ! -z "${ip6_gw}" -a ! -z "${server_ip6}" ] && proto=udp6
+  cp /etc/openvpn/client.conf{.tpl,}
+
+  sed "s|<TPL:SERVER_NAME>|${ynh_server_name}|g" -i /etc/openvpn/client.conf
+  sed "s|<TPL:PROTO>|${proto}|" -i /etc/openvpn/client.conf
+  sed 's|^<TPL:UDP_COMMENT>||' -i /etc/openvpn/client.conf
+
+  service openvpn start client
+}
+
+## Unsetters
+
+unset_ip6addr() {
+  ip address delete "${ynh_ip6_addr}/128" dev tun0
+}
+
+unset_serverip6route() {
+  server_ip6=$1
+  ip6_gw=$2
+  wired_device=$3
+
+  ip route delete "${server_ip6}/128" via "${ip6_gw}" dev "${wired_device}"
+}
+
+stop_openvpn() {
+  service openvpn stop
+}
+
+## Tools
+
+moulinette_get() {
+  var=$1
+
+  value=$(yunohost app setting vpnclient "${var}")
+
+  if [[ "${value}" =~ "An instance is already running" ]]; then
+    echo "${value}" >&2
+    exit 1
+  fi
+
+  echo "${value}"
+} 
+
+moulinette_set() {
+  var=$1
+  value=$2
+
+  msg=$(yunohost app setting vpnclient "${var}" -v "${value}")
+
+  if [ ! $? -eq 0 ]; then
+    echo "${msg}" >&2
+    exit 1
+  fi
 }
 
-gw6=$(ip -6 r | grep default\ via | awk '{ print $3 }')
+# Variables
+
+echo -n "Retrieving Yunohost settings... "
+
+ynh_server_name=$(moulinette_get server_name)
+ynh_ip6_addr=$(moulinette_get ip6_addr)
+
+old_ip6_gw=$(moulinette_get ip6_gw)
+old_wired_device=$(moulinette_get wired_device)
+old_server_ip6=$(moulinette_get server_ip6)
+
+new_ip6_gw=$(ip -6 route | grep default\ via | awk '{ print $3 }')
+new_wired_device=$(ip route | awk '/default via/ { print $NF; }')
+new_server_ip6=$(host "${ynh_server_name}" | awk '/IPv6/ { print $NF; }')
+
+if [ -z "${new_server_ip6}" ]; then
+  new_server_ip6=$(host "${ynh_server_name}" 80.67.188.188 | awk '/IPv6/ { print $NF; }')
+fi
+
+echo "OK"
+
+# Script
 
 case "$1" in
   start)
     if is_running; then
-      echo "Already correctly set"
+      echo "Already started"
     else
+      echo "Starting..."
+
+      # Run openvpn
       if ! is_openvpn_running; then
         echo "Run openvpn"
 
-        proto=udp
-        [ ! -z "${gw6}" ] && proto=udp6
-        sed "s|<TPL:PROTO>|${proto}|" /etc/openvpn/client.conf.tpl > /etc/openvpn/client.conf
-        sed 's|^<TPL:UDP_COMMENT>||' -i /etc/openvpn/client.conf
-
-        service openvpn start client
+        start_openvpn "${new_ip6_gw}" "${new_server_ip6}"
 
+        i=0
         false || while [ $? -ne 0 ]; do
+          (( i++ ))
+          [ $i -gt 15 ] && exit 1
           sleep 1
-          ip l sh dev tun0 &> /dev/null
-        done
+          ip link show dev tun0 &> /dev/null
+        done && sleep 2
+      fi
+
+      # Check old state of the server ipv6 route
+      if [ ! -z "${old_server_ip6}" -a ! -z "${new_ip6_gw}" -a ! -z "${old_wired_device}"\
+           -a \( "${new_server_ip6}" != "${old_server_ip6}" -o "${new_ip6_gw}" != "${old_ip6_gw}"\
+           -o "${new_wired_device}" != "${old_wired_device}" \) ]\
+         && is_serverip6route_set "${old_server_ip6}" "${old_ip6_gw}" "${old_wired_device}"; then
 
-        sleep 2
+        unset_serverip6route "${old_server_ip6}" "${old_ip6_gw}" "${old_wired_device}"
       fi
 
-      if has_nativeip6 && ! is_serverip6route_set; then
+      # Set the new server ipv6 route
+      if has_nativeip6 && ! is_serverip6route_set "${new_server_ip6}"; then
         echo "Set IPv6 server route"
-        ip r a <TPL:SERVER_IP6>/128 via ${gw6} dev <TPL:WIRED_DEVICE>
+
+        set_serverip6route "${new_server_ip6}" "${new_ip6_gw}" "${new_wired_device}"
       fi
 
-      if ! is_ip6addr_set; then
+      # Set the ipv6 address
+      if ! has_hotspot_app && ! is_ip6addr_set; then
         echo "Set IPv6 address"
-        ip a a <TPL:IP6_ADDR>/128 dev tun0
+        set_ip6addr
       fi
     fi
+
+    moulinette_set server_ip6 "${new_server_ip6}"
+    moulinette_set ip6_gw "${new_ip6_gw}"
+    moulinette_set wired_device "${new_wired_device}"
   ;;
   stop)
-    if is_ip6addr_set; then
+    echo "Stopping..."
+
+    if ! has_hotspot_app && is_ip6addr_set; then
       echo "Unset IPv6 address"
-      # Not useful if hotspot is installed
-      ip a d <TPL:IP6_ADDR>/128 dev tun0 2> /dev/null
+      unset_ip6addr
     fi
 
-    if is_serverip6route_set; then
+    if is_serverip6route_set "${old_server_ip6}"; then
       echo "Unset IPv6 server route"
-      ip r d <TPL:SERVER_IP6>/128 via ${gw6} dev <TPL:WIRED_DEVICE>
+      unset_serverip6route "${old_server_ip6}" "${old_ip6_gw}" "${old_wired_device}"
     fi
   
     if is_openvpn_running; then
       echo "Stop openvpn"
-      service openvpn stop
+      stop_openvpn
     fi
   ;;
   restart)
@@ -91,15 +212,19 @@ case "$1" in
   status)
     exitcode=0
 
-    if is_ip6addr_set; then
-      echo "IPv6 address is correctly set"
+    if ! has_hotspot_app; then
+      if is_ip6addr_set; then
+        echo "IPv6 address is correctly set"
+      else
+        echo "IPv6 address is NOT set"
+        exitcode=1
+      fi
     else
-      echo "IPv6 address is NOT set"
-      exitcode=1
+      echo "Hotspot app detected"
     fi
 
     if has_nativeip6; then
-      if is_serverip6route_set; then
+      if is_serverip6route_set "${new_server_ip6}"; then
         echo "IPv6 server route is correctly set"
       else
         echo "IPv6 server route is NOT set"

scripts/install

@@ -14,7 +14,7 @@ ip6_net=$7
 
 # Check domain/path availability
 sudo yunohost app checkurl ${domain}${url_path} -a vpnclient
-if [[ ! $? -eq 0 ]]; then
+if [ ! $? -eq 0 ]; then
   exit 1
 fi
 
@@ -25,27 +25,19 @@ sudo apt-get --assume-yes --force-yes install openvpn php5-fpm
 sudo apt-get --assume-yes --force-yes install sipcalc
 
 # Compute extra arguments
-wired_device=$(ip r | awk '/default via/ { print $NF; }')
-ip6_expanded_net=$(sipcalc ${ip6_net} | grep Expanded | awk '{ print $NF; }')
-ip6_net=$(sipcalc ${ip6_net} | grep Compressed | awk '{ print $NF; }')
-ip6_addr=$(echo "$(echo ${ip6_expanded_net} | cut -d: -f1-7):1")
-ip6_addr=$(sipcalc ${ip6_addr} | grep Compressed | awk '{ print $NF; }')
-server_ip6=$(host ${server_name} | awk '/IPv6/ { print $NF; }')
-
-if [ -z "${server_ip6}" ]; then
-  server_ip6=$(host ${server_name} 80.67.188.188 | awk '/IPv6/ { print $NF; }')
-fi
+ip6_expanded_net=$(sipcalc "${ip6_net}" | grep Expanded | awk '{ print $NF; }')
+ip6_net=$(sipcalc "${ip6_net}" | grep Compressed | awk '{ print $NF; }')
+ip6_addr=$(echo "$(echo "${ip6_expanded_net}" | cut -d: -f1-7):1")
+ip6_addr=$(sipcalc "${ip6_addr}" | grep Compressed | awk '{ print $NF; }')
 
 # Save arguments for future upgrades
-sudo yunohost app setting vpnclient wired_device -v ${wired_device}
-sudo yunohost app setting vpnclient ip6_addr -v ${ip6_addr}
-sudo yunohost app setting vpnclient ip6_net -v ${ip6_net}
-sudo yunohost app setting vpnclient server_name -v ${server_name}
-sudo yunohost app setting vpnclient server_ip6 -v ${server_ip6}
+sudo yunohost app setting vpnclient server_name -v "${server_name}"
+sudo yunohost app setting vpnclient ip6_addr -v "${ip6_addr}"
+sudo yunohost app setting vpnclient ip6_net -v "${ip6_net}"
 
 # Copy confs
 sudo install -b -o root -g root -m 0644 ../conf/openvpn_client.conf.tpl /etc/openvpn/client.conf.tpl
-sudo install -b -o root -g root -m 0644 ../conf/nginx_vpnadmin.conf /etc/nginx/conf.d/${domain}.d/vpnadmin.conf
+sudo install -b -o root -g root -m 0644 ../conf/nginx_vpnadmin.conf "/etc/nginx/conf.d/${domain}.d/vpnadmin.conf"
 sudo install -b -o root -g root -m 0644 ../conf/phpfpm_vpnadmin.conf /etc/php5/fpm/pool.d/vpnadmin.conf
 
 # Copy web sources
@@ -61,23 +53,20 @@ sudo find /var/www/vpnadmin/ -type d -exec chmod +x {} \;
 sudo mkdir -pm 0700 /etc/openvpn/keys/
 sudo chown root: /etc/openvpn/keys/
 
-sudo install -b -o root -g root -m 0600 ${crt_client_path} /etc/openvpn/keys/user.crt
-sudo install -b -o root -g root -m 0600 ${crt_client_key_path} /etc/openvpn/keys/user.key
-sudo install -b -o root -g root -m 0600 ${crt_server_ca_path} /etc/openvpn/keys/ca-server.crt
+sudo install -b -o root -g root -m 0600 "${crt_client_path}" /etc/openvpn/keys/user.crt
+sudo install -b -o root -g root -m 0600 "${crt_client_key_path}" /etc/openvpn/keys/user.key
+sudo install -b -o root -g root -m 0600 "${crt_server_ca_path}" /etc/openvpn/keys/ca-server.crt
 
-sudo rm -f ${crt_client_path} ${crt_client_key_path} ${crt_server_ca_path}
+sudo rm -f "${crt_client_path}" "${crt_client_key_path}" "${crt_server_ca_path}"
 
 # Create user for the web admin
 sudo useradd -MUr vpnadmin
 
 # Fix confs
-## openvpn
-sudo sed "s|<TPL:SERVER_NAME>|${server_name}|g" -i /etc/openvpn/client.conf.tpl
-
 ## nginx
-sudo sed "s|<TPL:NGINX_LOCATION>|${url_path}|g" -i /etc/nginx/conf.d/${domain}.d/vpnadmin.conf
-sudo sed 's|<TPL:NGINX_REALPATH>|/var/www/vpnadmin/|g' -i /etc/nginx/conf.d/${domain}.d/vpnadmin.conf
-sudo sed 's|<TPL:PHP_NAME>|vpnadmin|g' -i /etc/nginx/conf.d/${domain}.d/vpnadmin.conf
+sudo sed "s|<TPL:NGINX_LOCATION>|${url_path}|g" -i "/etc/nginx/conf.d/${domain}.d/vpnadmin.conf"
+sudo sed 's|<TPL:NGINX_REALPATH>|/var/www/vpnadmin/|g' -i "/etc/nginx/conf.d/${domain}.d/vpnadmin.conf"
+sudo sed 's|<TPL:PHP_NAME>|vpnadmin|g' -i "/etc/nginx/conf.d/${domain}.d/vpnadmin.conf"
 
 ## php-fpm
 sudo sed 's|<TPL:PHP_NAME>|vpnadmin|g' -i /etc/php5/fpm/pool.d/vpnadmin.conf
@@ -91,11 +80,9 @@ sudo sed "s|<TPL:NGINX_LOCATION>|${url_path}|g" -i /var/www/vpnadmin/config.php
 # Copy init script
 sudo install -b -o root -g root -m 0755 ../conf/init_ynh-vpnclient /etc/init.d/ynh-vpnclient
 
-# Fix init script
-## ynh-vpnclient
-sudo sed "s|<TPL:IP6_ADDR>|${ip6_addr}|g" -i /etc/init.d/ynh-vpnclient
-sudo sed "s|<TPL:SERVER_IP6>|${server_ip6}|g" -i /etc/init.d/ynh-vpnclient
-sudo sed "s|<TPL:WIRED_DEVICE>|${wired_device}|g" -i /etc/init.d/ynh-vpnclient
+# Allow vpnadmin web interface to manage rights
+sudo chmod 0470 /etc/yunohost/apps/vpnclient/settings.yml
+sudo chown root:vpnadmin /etc/yunohost/apps/vpnclient/settings.yml
 
 # Set default inits
 # The openvpn configuration is modified before the start, so the service is disabled by default
@@ -112,7 +99,8 @@ sudo yunohost service start php5-fpm
 
 sudo yunohost service add ynh-vpnclient
 sudo yunohost service enable ynh-vpnclient
-sudo yunohost service start ynh-vpnclient
+#sudo yunohost service start ynh-vpnclient
+sudo service ynh-vpnclient start
 
 sudo service nginx reload
 
@@ -120,9 +108,9 @@ sudo service nginx reload
 sudo yunohost app ssowatconf
 
 # Restart hotspot service if installed to change NAT configuration (now on tun0)
+# A new start will fix the interface without unsetting all stuff
 sudo yunohost app list -f hotspot --json | grep -q '"installed": true'
-if [ "$?" -eq 0 ]; then
-  sudo yunohost service stop ynh-hotspot
+if [ $? -eq 0 ]; then
   sudo yunohost service start ynh-hotspot
 fi
 

scripts/remove

@@ -28,10 +28,9 @@ sudo rm -rf /var/www/vpnadmin/
 sudo userdel -f vpnadmin
 
 # Restart hotspot service if installed to change NAT configuration
+# A new start will fix the interface without unsetting all stuff
 sudo yunohost app list -f hotspot --json | grep -q '"installed": true'
 if [ "$?" -eq 0 ]; then
-  sleep 2
-  sudo yunohost service stop ynh-hotspot
   sudo yunohost service start ynh-hotspot
 fi