From c9c017af09178bd46f3da14fa77ac54b063d3ce5 Mon Sep 17 00:00:00 2001
From: OniriCorpe <oniricorpe@disroot.org>
Date: Tue, 26 Dec 2023 22:17:18 +0100
Subject: [PATCH] open or close DoH/DoQ ports according to the selected choice
 in the config panel

---
 config_panel.toml |  2 +-
 scripts/config    | 38 ++++++++++++++++++++++++++++++++++++++
 2 files changed, 39 insertions(+), 1 deletion(-)
 create mode 100644 scripts/config

diff --git a/config_panel.toml b/config_panel.toml
index 7e9540d..ce27c17 100644
--- a/config_panel.toml
+++ b/config_panel.toml
@@ -5,7 +5,7 @@ name = "AdguardHome configuration"
 services = ["__APP__"]
 
 [main.options.dns_over_https]
-ask = "Enable DNS-over-HTTPS"
+ask = "Enable DNS-over-HTTPS/QUIC"
 bind = "tls>enabled:__INSTALL_DIR__/AdGuardHome.yaml"
 no = "false"
 type = "boolean"
diff --git a/scripts/config b/scripts/config
new file mode 100644
index 0000000..7141bdb
--- /dev/null
+++ b/scripts/config
@@ -0,0 +1,38 @@
+#!/bin/bash
+
+#=================================================
+# GENERIC STARTING
+#=================================================
+# IMPORT GENERIC HELPERS
+#=================================================
+
+source _common.sh
+source /usr/share/yunohost/helpers
+
+ynh_abort_if_errors
+
+#=================================================
+# CUSTOM THINGS
+#=================================================
+
+ynh_app_config_apply() {
+    _ynh_app_config_apply
+
+    if [ "$dns_over_https" == "true" ]; then
+        ynh_script_progression --message="Opening DoH and DoQ ports..."
+        # if DNS over HTTPS/QUIC is activated, open the associated ports
+        ynh_exec_warn_less yunohost firewall allow --no-upnp TCP "$port_dns_over_http"
+        ynh_exec_warn_less yunohost firewall allow --no-upnp TCP "$port_dns_over_quic"
+        yunohost firewall reload
+    elif [ "$dns_over_https" == "false" ]; then
+        # else if false, close them
+        ynh_script_progression --message="Closing DoH and DoQ ports..."
+        ynh_exec_warn_less yunohost firewall disallow --no-upnp TCP "$port_dns_over_http"
+        ynh_exec_warn_less yunohost firewall disallow --no-upnp TCP "$port_dns_over_quic"
+        yunohost firewall reload
+    else
+        # else, throw error
+        ynh_print_warn --message="The variable 'dns_over_https' should be 'true' or 'false' but isn't, please report this."
+    fi
+
+}
\ No newline at end of file