#!/bin/bash

# Copyright (c) 2015 Peter Palfrader
#
# Permission is hereby granted, free of charge, to any person obtaining
# a copy of this software and associated documentation files (the
# "Software"), to deal in the Software without restriction, including
# without limitation the rights to use, copy, modify, merge, publish,
# distribute, sublicense, and/or sell copies of the Software, and to
# permit persons to whom the Software is furnished to do so, subject to
# the following conditions:
#
# The above copyright notice and this permission notice shall be
# included in all copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

# create an instance of a tor service

set -e
set -u

BASEETC="/etc/tor/instances"
BASEDATA="/var/lib/tor-instances"

shopt -s extglob

usage() {
    echo "Usage: $0 <instance-name>"
}

while getopts "h" OPTION
do
    case "$OPTION" in
        h)
            usage
            exit 0
            ;;
        *)
            usage >&2
            exit 1
    esac
done
shift $(($OPTIND - 1))

if [ "${1:-}" = "--help" ]; then
    usage
    exit 0
elif [ "$#" -lt 1 ]; then
    usage >&2
    exit 1
fi

name="$1"; shift
# XXX verify name is valid

if echo "x$name" | grep -q '[^a-zA-Z0-9]' ||
  [ "$name" = "default" ] ; then
    echo >&2 "Invalid name: $name."
    exit 1
fi

etc="$BASEETC/$name"
torrc="$etc/torrc"
home="$BASEDATA/$name"
user="_tor-$name"

adduser --quiet \
        --system \
        --disabled-password \
        --home "$home" \
        --no-create-home \
        --shell /bin/false \
        --group \
        --force-badname \
        "$user"
install -Z -d -m 02700 -o "$user" -g "$user" "$home"
install -d "$etc"

[ -e "$torrc" ] || cat > "$torrc" << EOF
# This is the tor configuration file for tor instance $name.
#
# To start/reload/etc this instance, run "systemctl start tor@$name" (or reload, or..).
# This instance will run as user $user; its data directory is $home.
#
# Append to the list of socks interfaces configured via
# /usr/share/tor/tor-service-defaults-torrc-instances
# which is unix:/run/tor-instances/$name/socks

+SocksPort auto
EOF

[ -x /bin/systemctl ] && systemctl daemon-reload || true