gluon-firmware/package/gluon-mesh-vpn-core/luasrc/lib/gluon/upgrade/500-mesh-vpn

#!/usr/bin/lua

local site = require 'gluon.site'
local users = require 'gluon.users'
local util = require 'gluon.util'

local uci = require('simple-uci').cursor()
local unistd = require 'posix.unistd'


uci:section('network', 'interface', 'mesh_vpn', {
	ifname = 'mesh-vpn',
	proto = 'gluon_mesh',
	transitive = true,
	fixed_mtu = true,
	macaddr = util.generate_mac(7),
	mtu = site.mesh_vpn.mtu(),
})

uci:save('network')


if unistd.access('/etc/config/gluon-simple-tc') then
	os.rename('/etc/config/gluon-simple-tc', '/etc/config/simple-tc')
end

if not uci:get('simple-tc', 'mesh_vpn') then
	uci:section('simple-tc', 'interface', 'mesh_vpn', {
		ifname = 'mesh-vpn',
		enabled = site.mesh_vpn.bandwidth_limit.enabled(false),
		limit_ingress = site.mesh_vpn.bandwidth_limit.ingress(),
		limit_egress = site.mesh_vpn.bandwidth_limit.egress(),
	})
	uci:save('simple-tc')
end


-- The previously used user and group are removed, we now have a generic group
users.remove_user('gluon-fastd')
users.remove_group('gluon-fastd')

uci:section('firewall', 'include', 'mesh_vpn_dns', {
	type = 'restore',
	path = '/lib/gluon/mesh-vpn/iptables.rules',
	family = 'ipv4',
})

uci:save('firewall')


-- VPN migration
local has_fastd = unistd.access('/lib/gluon/mesh-vpn/fastd')
local fastd_enabled = uci:get('fastd', 'mesh_vpn', 'enabled')

local has_tunneldigger = (not has_fastd) and unistd.access('/lib/gluon/mesh-vpn/tunneldigger')
local tunneldigger_enabled = uci:get('tunneldigger', 'mesh_vpn', 'enabled')

local enabled

-- If the installed VPN package has its enabled state set, keep the value
if has_fastd and fastd_enabled then
	enabled = fastd_enabled == '1'
elseif has_tunneldigger and tunneldigger_enabled then
	enabled = tunneldigger_enabled == '1'
-- Otherwise, migrate the other package's value if any is set
elseif fastd_enabled or tunneldigger_enabled then
	enabled = fastd_enabled == '1' or tunneldigger_enabled == '1'
-- If nothing is set, use the default
else
	enabled = site.mesh_vpn.enabled(false)
end

if has_fastd then
	uci:set('fastd', 'mesh_vpn', 'enabled', enabled)
else
	uci:delete('fastd', 'mesh_vpn')
end
uci:save('fastd')

if has_tunneldigger then
	uci:set('tunneldigger', 'mesh_vpn', 'enabled', enabled)
	if site.mesh_vpn.bandwidth_limit.enabled(false) then
		uci:set('tunneldigger', 'mesh_vpn', 'limit_bw_down', site.mesh_vpn.bandwidth_limit.ingress())
		uci:set('simple-tc', 'mesh_vpn', 'limit_ingress', 0)
		uci:save('simple-tc')
	end
else
	uci:delete('tunneldigger', 'mesh_vpn')
end
uci:save('tunneldigger')
Refactor common parts of gluon-mesh-vpn-fastd into a gluon-mesh-vpn-core package The fastd_mesh_vpn site.conf section is renamed to mesh_vpn.fastd. 2017-03-10 15:21:32 +00:00			`#!/usr/bin/lua`

treewide: use new gluon.site Lua library Some files have received some additional refactoring. 2017-08-11 18:47:35 +00:00			`local site = require 'gluon.site'`
Refactor common parts of gluon-mesh-vpn-fastd into a gluon-mesh-vpn-core package The fastd_mesh_vpn site.conf section is renamed to mesh_vpn.fastd. 2017-03-10 15:21:32 +00:00			`local users = require 'gluon.users'`
			`local util = require 'gluon.util'`

			`local uci = require('simple-uci').cursor()`
gluon-mesh-vpn-core: replace nixio with luaposix 2018-07-13 17:32:55 +00:00			`local unistd = require 'posix.unistd'`
Refactor common parts of gluon-mesh-vpn-fastd into a gluon-mesh-vpn-core package The fastd_mesh_vpn site.conf section is renamed to mesh_vpn.fastd. 2017-03-10 15:21:32 +00:00

			`uci:section('network', 'interface', 'mesh_vpn', {`
			`ifname = 'mesh-vpn',`
			`proto = 'gluon_mesh',`
			`transitive = true,`
			`fixed_mtu = true,`
			`macaddr = util.generate_mac(7),`
treewide: use new gluon.site Lua library Some files have received some additional refactoring. 2017-08-11 18:47:35 +00:00			`mtu = site.mesh_vpn.mtu(),`
Refactor common parts of gluon-mesh-vpn-fastd into a gluon-mesh-vpn-core package The fastd_mesh_vpn site.conf section is renamed to mesh_vpn.fastd. 2017-03-10 15:21:32 +00:00			`})`

			`uci:save('network')`


gluon-mesh-vpn-core: replace nixio with luaposix 2018-07-13 17:32:55 +00:00			`if unistd.access('/etc/config/gluon-simple-tc') then`
Refactor common parts of gluon-mesh-vpn-fastd into a gluon-mesh-vpn-core package The fastd_mesh_vpn site.conf section is renamed to mesh_vpn.fastd. 2017-03-10 15:21:32 +00:00			`os.rename('/etc/config/gluon-simple-tc', '/etc/config/simple-tc')`
			`end`

			`if not uci:get('simple-tc', 'mesh_vpn') then`
treewide: use new gluon.site Lua library Some files have received some additional refactoring. 2017-08-11 18:47:35 +00:00			`uci:section('simple-tc', 'interface', 'mesh_vpn', {`
Refactor common parts of gluon-mesh-vpn-fastd into a gluon-mesh-vpn-core package The fastd_mesh_vpn site.conf section is renamed to mesh_vpn.fastd. 2017-03-10 15:21:32 +00:00			`ifname = 'mesh-vpn',`
treewide: use new gluon.site Lua library Some files have received some additional refactoring. 2017-08-11 18:47:35 +00:00			`enabled = site.mesh_vpn.bandwidth_limit.enabled(false),`
			`limit_ingress = site.mesh_vpn.bandwidth_limit.ingress(),`
			`limit_egress = site.mesh_vpn.bandwidth_limit.egress(),`
			`})`
Refactor common parts of gluon-mesh-vpn-fastd into a gluon-mesh-vpn-core package The fastd_mesh_vpn site.conf section is renamed to mesh_vpn.fastd. 2017-03-10 15:21:32 +00:00			`uci:save('simple-tc')`
			`end`


			`-- The previously used user and group are removed, we now have a generic group`
			`users.remove_user('gluon-fastd')`
			`users.remove_group('gluon-fastd')`

			`uci:section('firewall', 'include', 'mesh_vpn_dns', {`
			`type = 'restore',`
			`path = '/lib/gluon/mesh-vpn/iptables.rules',`
			`family = 'ipv4',`
			`})`

			`uci:save('firewall')`
gluon-mesh-vpn-core: add code for migration of enabled state between fastd and tunneldigger Based-on-patch-by: Cyrus Fox <cyrus@lambdacore.de> 2017-03-10 18:10:01 +00:00

			`-- VPN migration`
gluon-mesh-vpn-core: replace nixio with luaposix 2018-07-13 17:32:55 +00:00			`local has_fastd = unistd.access('/lib/gluon/mesh-vpn/fastd')`
gluon-mesh-vpn: fix fastd <-> tunneldigger migration The generic upgrade script is moved to run after the more specific scripts. In addition, the script will now remove the configuration sections of uninstalled VPN packages, so both positive and negative changes of the default enable state can be migrated correctly. Based-on-patch-by: Cyrus Fox <cyrus@lambdacore.de> Fixes: #1187 2017-08-07 23:28:53 +00:00			`local fastd_enabled = uci:get('fastd', 'mesh_vpn', 'enabled')`
gluon-mesh-vpn-core: add code for migration of enabled state between fastd and tunneldigger Based-on-patch-by: Cyrus Fox <cyrus@lambdacore.de> 2017-03-10 18:10:01 +00:00
gluon-mesh-vpn-core: don't consider tunneldigger when fastd is installed None of our scripts can handle fastd and tunneldigger running at the same time. When both are installed, ignore tunneldigger. 2019-06-09 15:36:22 +00:00			`local has_tunneldigger = (not has_fastd) and unistd.access('/lib/gluon/mesh-vpn/tunneldigger')`
gluon-mesh-vpn: fix fastd <-> tunneldigger migration The generic upgrade script is moved to run after the more specific scripts. In addition, the script will now remove the configuration sections of uninstalled VPN packages, so both positive and negative changes of the default enable state can be migrated correctly. Based-on-patch-by: Cyrus Fox <cyrus@lambdacore.de> Fixes: #1187 2017-08-07 23:28:53 +00:00			`local tunneldigger_enabled = uci:get('tunneldigger', 'mesh_vpn', 'enabled')`

			`local enabled`

			`-- If the installed VPN package has its enabled state set, keep the value`
			`if has_fastd and fastd_enabled then`
			`enabled = fastd_enabled == '1'`
			`elseif has_tunneldigger and tunneldigger_enabled then`
			`enabled = tunneldigger_enabled == '1'`
			`-- Otherwise, migrate the other package's value if any is set`
			`elseif fastd_enabled or tunneldigger_enabled then`
			`enabled = fastd_enabled == '1' or tunneldigger_enabled == '1'`
			`-- If nothing is set, use the default`
			`else`
treewide: use new gluon.site Lua library Some files have received some additional refactoring. 2017-08-11 18:47:35 +00:00			`enabled = site.mesh_vpn.enabled(false)`
gluon-mesh-vpn: fix fastd <-> tunneldigger migration The generic upgrade script is moved to run after the more specific scripts. In addition, the script will now remove the configuration sections of uninstalled VPN packages, so both positive and negative changes of the default enable state can be migrated correctly. Based-on-patch-by: Cyrus Fox <cyrus@lambdacore.de> Fixes: #1187 2017-08-07 23:28:53 +00:00			`end`
gluon-mesh-vpn-core: add code for migration of enabled state between fastd and tunneldigger Based-on-patch-by: Cyrus Fox <cyrus@lambdacore.de> 2017-03-10 18:10:01 +00:00
gluon-mesh-vpn: fix fastd <-> tunneldigger migration The generic upgrade script is moved to run after the more specific scripts. In addition, the script will now remove the configuration sections of uninstalled VPN packages, so both positive and negative changes of the default enable state can be migrated correctly. Based-on-patch-by: Cyrus Fox <cyrus@lambdacore.de> Fixes: #1187 2017-08-07 23:28:53 +00:00			`if has_fastd then`
			`uci:set('fastd', 'mesh_vpn', 'enabled', enabled)`
			`else`
			`uci:delete('fastd', 'mesh_vpn')`
			`end`
			`uci:save('fastd')`
gluon-mesh-vpn-core: add code for migration of enabled state between fastd and tunneldigger Based-on-patch-by: Cyrus Fox <cyrus@lambdacore.de> 2017-03-10 18:10:01 +00:00
gluon-mesh-vpn: fix fastd <-> tunneldigger migration The generic upgrade script is moved to run after the more specific scripts. In addition, the script will now remove the configuration sections of uninstalled VPN packages, so both positive and negative changes of the default enable state can be migrated correctly. Based-on-patch-by: Cyrus Fox <cyrus@lambdacore.de> Fixes: #1187 2017-08-07 23:28:53 +00:00			`if has_tunneldigger then`
			`uci:set('tunneldigger', 'mesh_vpn', 'enabled', enabled)`
gluon-mesh-vpn: support ingress bandwidth shaping with tunneldigger (#1460) Signed-off-by: Felix Kaechele <felix@kaechele.ca> 2018-07-25 23:26:00 +00:00			`if site.mesh_vpn.bandwidth_limit.enabled(false) then`
			`uci:set('tunneldigger', 'mesh_vpn', 'limit_bw_down', site.mesh_vpn.bandwidth_limit.ingress())`
			`uci:set('simple-tc', 'mesh_vpn', 'limit_ingress', 0)`
			`uci:save('simple-tc')`
			`end`
gluon-mesh-vpn: fix fastd <-> tunneldigger migration The generic upgrade script is moved to run after the more specific scripts. In addition, the script will now remove the configuration sections of uninstalled VPN packages, so both positive and negative changes of the default enable state can be migrated correctly. Based-on-patch-by: Cyrus Fox <cyrus@lambdacore.de> Fixes: #1187 2017-08-07 23:28:53 +00:00			`else`
			`uci:delete('tunneldigger', 'mesh_vpn')`
			`end`
			`uci:save('tunneldigger')`