#!/sbin/openrc-run

description="strongSwan charon IKE daemon"
command="/usr/lib/strongswan/charon"
pidfile="/var/run/charon.pid"
start_stop_daemon_args="--background"
extra_started_commands="reload fullstatus"

depend() {
        need net
        after firewall
        provide ipsec
}

start_pre() {
        sysctl -p /etc/sysctl.conf &>/dev/null
}

start_post() {
        ebegin "Loading ${name:-$RC_SVCNAME} configuration"
        while [ ! -e $pidfile ]; do
                sleep 0.1
        done
        swanctl --load-all &>/dev/null
        eend $?
}

{% if strongswan_restore_dns | d(false) == true -%}
stop_post() {
        echo "nameserver 1.1.1.1" > /etc/resolv.conf
}
{% endif -%}

reload() {
        swanctl --reload-settings
        swanctl --load-all
}

fullstatus() {
        swanctl --list-conns
        swanctl --list-sas
}