#!/bin/bash

#=================================================
# GENERIC START
#=================================================
# IMPORT GENERIC HELPERS
#=================================================

# Keep this path for calling _common.sh inside the execution's context of backup and restore scripts
source ../settings/scripts/_common.sh
source /usr/share/yunohost/helpers

#=================================================
# PROCESS OPENING/CLOSING PORTS
# no need to open the DoH/DoQ ports, as they were opened at the 'Provisioning ports' step
#=================================================

if [ "$dns_over_https" == "false" ]; then
    # if dns_over_https is false, we need to close ports,
    # as they were opened at the 'Provisioning ports' step
    ynh_exec_warn_less yunohost firewall disallow Both "$port_dns_over_http"
    ynh_exec_warn_less yunohost firewall disallow UDP "$port_dns_over_quic"
    ynh_exec_warn_less yunohost firewall reload
fi

if [ "$open_port_53" == "true" ]; then
	# if open_port_53 is true, we need to open port 53
    ynh_exec_warn_less yunohost firewall allow Both 53
    ynh_exec_warn_less yunohost firewall reload
fi

#=================================================
# RESTORE THE APP MAIN DIR
#=================================================

# adding the adguardhome dedicated user to the 'ssl-cert' group to permit the
# use of the Let's Encrypt certs for DOT/DOQ
usermod -a -G ssl-cert "$app"

ynh_script_progression --message="Restoring the app main directory..." --weight=1

ynh_restore_file --origin_path="$install_dir"

# we need to refresh IP adresses in case the backup is restored in a different
# environment, else AGH will try to bind port 53 on non-existent IPs and crash

# put the network interface in a dedicated dnsmasq config
configure_network_interface_dnsmasq

# get IPv4 for the AGH config file
ipv4_addr=$(process_ips "$(ip -4 route get 1.2.3.4 2> /dev/null | head -n1 | head -n1)")

# get IPv6 for the AGH config file
ipv6_addr=$(process_ips "$(ip -6 route get ::1.2.3.4 2> /dev/null | head -n1)")

# update the IP adresses in the AGH config file
update_agh_config


# this will be treated as a security issue.
chmod 750 "$install_dir"
chmod -R o-rwx "$install_dir"
chown -R "$app:$app" "$install_dir"

setcap 'CAP_NET_BIND_SERVICE=+eip CAP_NET_RAW=+eip' "$install_dir/AdGuardHome"

systemctl restart dnsmasq

#=================================================
# RESTORE THE NGINX CONFIGURATION
#=================================================
ynh_script_progression --message="Restoring the NGINX web server configuration..." --weight=1

ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf"

ynh_restore_file --origin_path="/etc/systemd/system/$app.service"
systemctl enable "$app.service" --quiet

yunohost service add "$app" --description="Ads & trackers blocking DNS server" --needs_exposed_ports "$port_dns_over_http" "$port_dns_over_quic"

#=================================================
# START SYSTEMD SERVICE
#=================================================
ynh_script_progression --message="Starting a systemd service..." --weight=1

ynh_systemd_action --service_name="$app" --action="restart" --log_path="systemd"

ynh_systemd_action --service_name=nginx --action=reload

#=================================================
# END OF SCRIPT
#=================================================

ynh_script_progression --message="Restoration completed for $app" --last