#!/bin/sh
exec 2>&1

ie_url='static.innovenergy.ch'
ie_data_dir='/data/innovenergy'
ovpn_bin_dir='/opt/innovenergy/openvpn'
ovpn_data_dir=${ie_data_dir}'/openvpn'
ovpn_status_file='/var/volatile/ovpnstatus'

# somehow the new (static) openvpn binary lost the ability to dns lookup, so we have to do this:
ie_ip=$(nslookup "$ie_url" | grep -F -A 1 "$ie_url" | grep -o -E '[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+')

# certificate query
query="https://${ie_url}/get_cert?machine_serial="
serial=$(cat /data/venus/serial-number)
delay=1


# create data dirs if necessary
[ -d ${ie_data_dir}   ] || mkdir ${ie_data_dir}
[ -d ${ovpn_data_dir} ] || mkdir ${ovpn_data_dir}


# download certificates from server if necessary
while [ ! -f ${ovpn_data_dir}/client-certificate ]
do
    curl ${query}${serial} | tar -C ${ovpn_data_dir} -xv
    sleep ${delay}
    delay=$(( $delay * 2 ))
done

# run ovpn
exe="${ovpn_bin_dir}/openvpn
--client
--nobind
--resolv-retry infinite
--ca ${ovpn_data_dir}/ca-certificate
--cert ${ovpn_data_dir}/client-certificate
--key ${ovpn_data_dir}/client-key
--status ${ovpn_status_file} 5
--remote ${ie_ip}
--port 7002
--proto udp
--dev innovenergy
--dev-type tun
--auth SHA256
--cipher AES-256-CBC
--verb 3
--keepalive 10 120
--persist-key
--persist-tun"

exec ${exe}