#!/bin/bash
# Make files required for OpenVPN servers.
#
# © 2012, Multapplied Networks, Inc.
set -e

. /usr/share/bondingadmin/default/ca-vars
. /usr/share/bondingadmin/default/openvpn-vars

mkdir -p $OPENVPN_DIR
cd $OPENVPN_DIR

umask 077 # User can do anything, group and others get nothing

# Make TLS auth file
if [ ! -f "$TLS_AUTH_FILE" ]; then
    echo "Writing TLS auth file..."
    $OPENVPN --genkey --secret $TLS_AUTH_FILE
    # http has to be able to read this file
    chown $HTTPD_USER:$HTTPD_GROUP $TLS_AUTH_FILE
fi

# Make Diffie-Hellman file
if [ ! -f "$DH_FILE" ]; then
    echo "Writing node server DH file..."
    $OPENSSL dhparam -out $DH_FILE $KEY_SIZE
fi
