#!/bin/sh

set -e

apply() {
	cp -R /opt/config/etc/nftables.d /etc || return 1
	nft -I /etc/nftables.d -f /etc/nftables.nft || return 2
	cp -R /opt/config/etc/wireguard /etc || return 3
	wg syncconf wg /etc/wireguard/wg.conf || return 4
}

cleanup() {
	rm -fr /opt/config
}

message() {
	logger "${@}"
	echo "${@}"
}

# clean now and on exit
cleanup
trap cleanup EXIT

mkdir -p /opt/config
tar xz -C /opt/config --warning=no-timestamp

current="$(cat /opt/version 2>/dev/null || echo -1)"
next="$(cat /opt/config/version 2>/dev/null || echo -1)"
message "Updating config from v${current} to v${next}"
if [ "${next:-0}" -ne "${current:-0}" ] ; then
	message "Applying config v${next}"
	if apply ; then
		echo "${next}" > /opt/version
		message "Applied config v${next}"
	else
		error="$?"
		message "Could not apply config v${next}, error ${error}"
		exit "${error}"
	fi
fi