From 803fb1970c7fd2fe3ee48329ea589b83b8e2e3ff Mon Sep 17 00:00:00 2001
From: Kristian Haugene <kristian@haugene.net>
Date: Sun, 11 Oct 2020 21:29:52 +0200
Subject: [PATCH] Add configuration script for PIA, downloading and modifying
 configs on startup

---
 openvpn/modify-openvpn-config.sh | 12 ++++++++---
 openvpn/pia/configure-openvpn.sh | 34 ++++++++++++++++++++++++++++++++
 openvpn/start.sh                 |  6 +++---
 3 files changed, 46 insertions(+), 6 deletions(-)
 create mode 100755 openvpn/pia/configure-openvpn.sh

diff --git a/openvpn/modify-openvpn-config.sh b/openvpn/modify-openvpn-config.sh
index 8db4faf02..e6332cbca 100755
--- a/openvpn/modify-openvpn-config.sh
+++ b/openvpn/modify-openvpn-config.sh
@@ -1,6 +1,12 @@
 #!/bin/bash
 
-echo "Modify chosen OpenVPN config for best behaviour in this container"
+if [ "$#" -ne 1 ]; then
+    echo "Illegal number of parameters"
+    exit 1
+fi
+CONFIG=$1
+
+[[ "${DEBUG}" == "true" ]] && echo "Modifying $CONFIG for best behaviour in this container"
 
 # Every config modification have its own environemnt variable that can configure the behaviour.
 # Different users, providers or host systems might have specific preferences.
@@ -11,6 +17,6 @@ CONFIG_MOD_USERPASS=${CONFIG_MOD_USERPASS:-"1"}
 
 ## Option 1 - Change the auth-user-pass line to point to credentials file
 if [[ $CONFIG_MOD_USERPASS == "1" ]]; then
-    echo "Point auth-user-pass option to the username/password file"
-    sed -i "s/auth-user-pass/auth-user-pass \/config\/openvpn-credentials.txt/" "$CHOSEN_OPENVPN_CONFIG"
+    [[ "${DEBUG}" == "true" ]] && echo "Point auth-user-pass option to the username/password file"
+    sed -i "s/auth-user-pass/auth-user-pass \/config\/openvpn-credentials.txt/" "$CONFIG"
 fi
diff --git a/openvpn/pia/configure-openvpn.sh b/openvpn/pia/configure-openvpn.sh
new file mode 100755
index 000000000..f99b143dd
--- /dev/null
+++ b/openvpn/pia/configure-openvpn.sh
@@ -0,0 +1,34 @@
+#! /bin/bash
+
+set -e
+
+# These are the possible bundles from PIA
+# https://www.privateinternetaccess.com/openvpn/openvpn-nextgen.zip
+# https://www.privateinternetaccess.com/openvpn/openvpn-strong-nextgen.zip
+# https://www.privateinternetaccess.com/openvpn/openvpn-ip-nextgen.zip
+# https://www.privateinternetaccess.com/openvpn/openvpn-tcp-nextgen.zip
+# https://www.privateinternetaccess.com/openvpn/openvpn-strong-tcp-nextgen.zip
+
+baseURL="https://www.privateinternetaccess.com/openvpn"
+PIA_OPENVPN_CONFIG_BUNDLE=${PIA_OPENVPN_CONFIG_BUNDLE:-"openvpn-nextgen"}
+
+if [ -z "$VPN_PROVIDER_HOME" ]; then
+    echo "ERROR: Need to have VPN_PROVIDER_HOME set to call this script" && exit 1
+fi
+
+# Delete all files for PIA provider, except scripts
+find "$VPN_PROVIDER_HOME" -type f ! -name "*.sh" -delete
+
+# Download and extract wanted bundle into temporary file
+tmp_file=$(mktemp)
+echo "Downloading OpenVPN config bundle $PIA_OPENVPN_CONFIG_BUNDLE into temporary file $tmp_file"
+curl -sSL "${baseURL}/${PIA_OPENVPN_CONFIG_BUNDLE}.zip" -o "$tmp_file"
+
+echo "Extract OpenVPN config bundle into PIA directory $VPN_PROVIDER_HOME"
+unzip -qjo "$tmp_file" -d "$VPN_PROVIDER_HOME"
+
+echo "Modify configs for this container"
+find "$VPN_PROVIDER_HOME" -type f -name "*.ovpn" -exec /etc/openvpn/modify-openvpn-config.sh {} \;
+
+# Select a random server as default.ovpn
+ln -sf "$(find "$VPN_PROVIDER_HOME" -name "*.ovpn" | shuf -n 1)" "$VPN_PROVIDER_HOME"/default.ovpn
diff --git a/openvpn/start.sh b/openvpn/start.sh
index 1e9151fc3..b98343e7b 100755
--- a/openvpn/start.sh
+++ b/openvpn/start.sh
@@ -43,8 +43,8 @@ if [[ -n $OPENVPN_CONFIG_URL ]]; then
   echo "Found URL to OpenVPN config, will download it."
   CHOSEN_OPENVPN_CONFIG=$VPN_PROVIDER_HOME/downloaded_config.ovpn
   curl -o "$CHOSEN_OPENVPN_CONFIG" -sSL "$OPENVPN_CONFIG_URL"
-  # shellcheck source=/dev/null
-  . /etc/openvpn/modify-openvpn-config.sh
+  # shellcheck source=openvpn/modify-openvpn-config.sh
+  /etc/openvpn/modify-openvpn-config.sh $CHOSEN_OPENVPN_CONFIG
 elif [[ -x $VPN_PROVIDER_HOME/configure-openvpn.sh ]]; then
   echo "Provider $OPENVPN_PROVIDER has a custom startup script, executing it"
   # shellcheck source=/dev/null
@@ -91,7 +91,7 @@ if [[ "${OPENVPN_USERNAME}" == "**None**" ]] || [[ "${OPENVPN_PASSWORD}" == "**N
   fi
   echo "Found existing OPENVPN credentials at /config/openvpn-credentials.txt"
 else
-  echo "Setting OPENVPN credentials..."
+  echo "Setting OpenVPN credentials..."
   mkdir -p /config
   echo "${OPENVPN_USERNAME}" > /config/openvpn-credentials.txt
   echo "${OPENVPN_PASSWORD}" >> /config/openvpn-credentials.txt