#!/bin/bash
#
#  MHT MCU OpenVPN Upgrade Tool v1.0.0
#  Created by Enrico Buttignol (ebuttignol@messana.tech) on Apr 23, 2025
#  Copyright by Messana Hydronic Technologies
#
#  Changelog:
#
#  Mmm dd, yyyy - Name Surname (email@server.com) - description
#
#  sudo ./openvpn-upgrade.sh

set -e

# Variable definitions
# Colors
COLOR_SECTION='\033[0;36m'
COLOR_INFO='\033[0;96m'
COLOR_EXECUTED='\033[0;32m'
COLOR_WARNING='\033[33m'
COLOR_ERR='\033[0;31m'
NOCOLOR='\033[0m'

# Section title
printf "\n"
printf "%s""${COLOR_SECTION}[»»»] MHT OPENVPN UPGRADE STARTED [«««]${NOCOLOR}"
printf "\n"

# Detect system version
DISTRO=$(lsb_release -sc)
OVPN_VERSION=$(openvpn --version 2>/dev/null | head -n1 | awk '{print $2}')
MAJOR=$(echo "$OVPN_VERSION" | cut -d. -f1)
MINOR=$(echo "$OVPN_VERSION" | cut -d. -f2)

# Install OpenVPN 2.5.x only on Debian 10 (buster) if current version is older
if [[ "$DISTRO" == "buster" && ( -z "$OVPN_VERSION" || "$MAJOR" -lt 2 || ( "$MAJOR" -eq 2 && "$MINOR" -lt 5 ) ) ]]; then
    printf "%s""\n${COLOR_INFO}[i]${NOCOLOR} System: Debian 10 (buster), current OpenVPN version: $OVPN_VERSION\n"

    # Clean broken or outdated backports repo
    rm -f /etc/apt/sources.list.d/backports.list

    # Add archive-based backports repo
    echo "deb http://archive.debian.org/debian buster-backports main" | tee /etc/apt/sources.list.d/buster-backports-archive.list > /dev/null
    printf "%s""${COLOR_EXECUTED}[+]${NOCOLOR} Added buster-backports from archive.debian.org\n\n"

    # Allow apt to update from archives
    echo 'Acquire::Check-Valid-Until "false";' | tee /etc/apt/apt.conf.d/99no-check-valid > /dev/null

    # Update and install
    apt update -o Acquire::Check-Valid-Until=false

    printf "%s""\n${COLOR_EXECUTED}[+]${NOCOLOR} Installing OpenVPN 2.5.x from buster-backports...\n\n"

    DEBIAN_FRONTEND=noninteractive \
    apt -y -t buster-backports \
        -o APT::Get::Show-User-Interface=false \
        -o Dpkg::Options::="--force-confdef" \
        -o Dpkg::Options::="--force-confold" \
        install openvpn

    printf "%s""\n${COLOR_EXECUTED}[✔]${NOCOLOR} OpenVPN has been updated.\n\n"

    # Clean up buster-backports archive list before reboot
    rm -f /etc/apt/sources.list.d/buster-backports-archive.list
    apt update
    printf "%s""\n${COLOR_EXECUTED}[✓]${NOCOLOR} Removed the temporary buster-backports-archive.list\n\n"

    # Countdown before reboot
    COUNTDOWN=10
    while [ $COUNTDOWN -gt 0 ]; do
        printf "\r${COLOR_WARNING}[!]${NOCOLOR} Rebooting in %2d seconds... Press Enter to reboot now or press CTRL+C to abort.\033[K" "$COUNTDOWN" > /dev/tty
        if read -t 1 -n 1 key < /dev/tty; then
            break
        fi
        COUNTDOWN=$((COUNTDOWN - 1))
    done
    printf "\n" > /dev/tty

    # Reboot system
    printf "%s""${COLOR_EXECUTED}[+]${NOCOLOR} Rebooting now...\n"
    reboot
else
    printf "%s""${COLOR_INFO}[✓]${NOCOLOR} No action needed. System: $DISTRO, OpenVPN version: $OVPN_VERSION\n"
fi

if [ -f /etc/cron.daily/mht-openvpn-upgrade  ]; then
	shred -u /etc/cron.daily/mht-openvpn-upgrade
fi
