#!/bin/sh
#
# $FreeBSD$
#
# PROVIDE: dnscrypt_proxy
# REQUIRE: SERVERS cleanvar ldconfig
# BEFORE: named local_unbound unbound
# KEYWORD: shutdown
#
# Add the following lines to /etc/rc.conf to enable dnscrypt-proxy:
#
# dnscrypt_proxy_enable (bool):	Set to NO by default.
#				Set to YES to enable dnscrypt-proxy.
# dnscrypt_proxy_conf (str):    Unset by default. Will override all other
#                               settings and only use the config file.
# dnscrypt_proxy_uid (str):	Set to "_dnscrypt-proxy" by default.
#                              	User to switch to after starting.
# dnscrypt_proxy_resolver (str):Set to "random" by default.
#                              	Better to select one of your own choice.
# dnscrypt_proxy_pidfile (str):	default: "/var/run/dnscrypt-proxy.pid"
#                              	Location of pid file.
# dnscrypt_proxy_logfile (str):	default: "/var/log/dnscrypt-proxy.log"
#                              	Location of log file.
#
# To redirect a local resolver through dnscrypt-proxy, point it at 127.0.0.2
# and add the following to rc.conf:
# ifconfig_lo0_alias0="inet 127.0.0.2 netmask 0xffffffff"
# dnscrypt_proxy_flags='-a 127.0.0.2'

. /etc/rc.subr

name=dnscrypt_proxy
rcvar=dnscrypt_proxy_enable

load_rc_config ${name}

: ${dnscrypt_proxy_enable:=NO}
: ${dnscrypt_proxy_uid=_dnscrypt-proxy} # User to run daemon as
: ${dnscrypt_proxy_resolver=random} # resolver to use
: ${dnscrypt_proxy_pidfile=/var/run/dnscrypt-proxy.pid} # Path to pid file
: ${dnscrypt_proxy_logfile=/var/log/dnscrypt-proxy.log} # Path to log file

command=/usr/local/sbin/dnscrypt-proxy
if [ ${dnscrypt_proxy_conf} ]; then
command_args="${dnscrypt_proxy_conf}"
else
command_args="-d -p ${dnscrypt_proxy_pidfile} -l ${dnscrypt_proxy_logfile} -u ${dnscrypt_proxy_uid} -R ${dnscrypt_proxy_resolver}"
fi
procname=/usr/local/sbin/dnscrypt-proxy
pidfile=${dnscrypt_proxy_pidfile}

run_rc_command "$1"
