#!/bin/bash

## Copyright (C) 2020 - 2025 ENCRYPTED SUPPORT LLC <adrelanos@whonix.org>
## See the file COPYING for copying conditions.

#### meta start
#### project Whonix
#### category tor
#### gateway_only yes
#### description
## helper script to:
##
## * run <code>/usr/libexec/helper-scripts/repair-torrc</code>
## * wait for IPv6 on <code>eth1</code> at boot (once, outside Qubes TemplateVM)
## * run <code>/usr/libexec/anon-gw-anonymizer-config/generate-tor-service-defaults-torrc-anondist</code>
## * run <code>/usr/lib/qubes-whonix/replace-ips</code> when inside Qubes (but not in TemplateVM)
##
## notes:
##
## * creates state file <code>/run/anon-gw-anonymizer-config/initial-wait-at-boot</code>
##   to skip repeated initial wait logic during the same boot
#### meta end

set -x

true "$0: START"

qubes_replace_ips_maybe() {
  if ! test -f /usr/share/qubes/marker-vm ; then
    true "$0: INFO: Do not run replace-ips since not running inside Qubes."
    return 0
  fi
  true "$0: INFO: Running inside Qubes."
  if test -f /run/qubes/this-is-templatevm ; then
    true "$0: INFO: Do not run replace-ips since running inside Qubes Template."
    return 0
  fi
  true "$0: INFO: Not running inside Qubes Template. Running Qubes replace-ips..."
  ## XXX: Duplicated in 'qubes-whonix-postinit.service'.
  ## Replace IP addresses in known configuration files / scripts with the
  ## currently discovered IP addresses.
  /usr/lib/qubes-whonix/replace-ips
  true "$0: INFO: Qubes replace-ips done."
}

tor_wait_for_network_maybe() {
  if test -f /run/qubes/this-is-templatevm ; then
    true "$0: INFO: Do not run tor-wait-for-network inside Qubes Template."
    return 0
  fi
  if test -f /run/anon-gw-anonymizer-config/initial-wait-at-boot ; then
    true "$0: INFO: State file /run/anon-gw-anonymizer-config/initial-wait-at-boot already exists. Skip waiting for IPv6 eth1."
    return 0
  fi

  true "$0: INFO: Not running inside Qubes Template. Waiting for IPv6 on eth1... Waiting for IPv6 eth1..."
  timeout --kill-after 1 10 /usr/lib/systemd/systemd-networkd-wait-online --interface eth1 --ipv6 --operational-state=routable
  ## Also use 'tor-wait-for-network'.
  ## 'tor-wait-for-network'. has its own timeout functionality built in.
  ## May be unnecessary. Disabled for now.
  #/usr/libexec/anon-gw-anonymizer-config/tor-wait-for-network

  ## Folder '/run/anon-gw-anonymizer-config' is expected to have already been
  ## created by '/usr/lib/tmpfiles.d/anon-gw-anonymizer-config.conf'.
  if ! test -d /run/anon-gw-anonymizer-config; then
    mkdir --parents -- /run/anon-gw-anonymizer-config
  fi
  touch -- /run/anon-gw-anonymizer-config/initial-wait-at-boot

  true "$0: INFO: IPv6 eth1 done."
}

/usr/libexec/helper-scripts/repair-torrc

tor_wait_for_network_maybe

true "$0: INFO: Conditionally disable IPv6, if unavailable... Running generate-tor-service-defaults-torrc-anondist..."
/usr/libexec/anon-gw-anonymizer-config/generate-tor-service-defaults-torrc-anondist
true "$0: INFO: generate-tor-service-defaults-torrc-anondist done."

qubes_replace_ips_maybe

true "$0: END"
