Allow specifying pf_rules file to patch on init

When altering more complex setups automatically, pot's
way of patching pf.conf is a bit too simplistic.

By adding this flag, the user has multiple choices of modifying
pf.conf in a controlled way:

1. Write to a different file that's included in pf.conf
   using its include keyword.
2. Write to a different file that's parsed by additional
   tooling to assemble a pf.conf (e.g., in automation).
3. In setups where pots modifications serve no real purpose,
   running `pot init -f ''` can be used to skip touching
   pf.conf completely.

Help text intentionally shows the default to be determined
by a command, not the result of it.

This is the first patch of a series, with more complex ones
to follow, which serve the ultimate purpose of making pot's
networking more flexible/customizable using hooks, so it
can be integrated into different network environments (as
one size doesn't fit all).

Author: grembo

CHANGELOG.md

@@ -8,6 +8,7 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 ### Added
 - copy-in: -c option to create missing dirs on copy-in (#172)
 - create: New command copy-in-flv, which is the same as copy-in, but always relative to flavourdir (#173)
+- init: -f option to specify pf file to patch on init (#181)
 
 ### Changed
 - start: do not write jid files to POT_TMP (#178)

share/pot/init.sh

@@ -7,17 +7,22 @@
 
 init-help()
 {
-	echo 'pot init [-h][-v]'
+	echo 'pot init [-h][-v] [-f pf_file]'
+	echo '  -f pf_file : write pot anchors to this file (empty to skip),'
+	echo '     defaults to result of `sysrc -n pf_rules`'
 	echo '  -h print this help'
 	echo '  -v verbose'
 }
 
 pot-init()
 {
 	local pf_file
+	pf_file="$(sysrc -n pf_rules)"
 	OPTIND=1
-	while getopts "hv" _o ; do
+	while getopts "hvf:" _o ; do
 		case "$_o" in
+		f)	pf_file="$OPTARG"
+			;;
 		h)
 			init-help
 			${EXIT} 0
@@ -122,21 +127,24 @@ pot-init()
 	# service syslogd restart
 
 	# Add pot anchors if needed
-	pf_file="$(sysrc -n pf_rules)"
-	if [ -r "$pf_file" ] && [ "$(grep -c '^nat-anchor pot-nat$' "$pf_file" )" -eq 1 ] && [ "$(grep -c '^rdr-anchor "pot-rdr/\*"$' "$pf_file" )" -eq 1 ] ; then
-		_debug "pf alredy properly configured"
-	else
-		if [ -w "$pf_file" ]; then
-			echo "Creating a backup of your $pf_file"
-			cp -v "$pf_file" "$pf_file".bkp-pot
-			# delete incomplete/broken ancory entries - just in case
-			sed -i '' '/^nat-anchor pot-nat$/d' "$pf_file"
-			sed -i '' '/^rdr-anchor "pot-rdr\/\*"$/d' "$pf_file"
+	if [ -n "$pf_file" ]; then
+		if [ -r "$pf_file" ] && [ "$(grep -c '^nat-anchor pot-nat$' "$pf_file" )" -eq 1 ] && [ "$(grep -c '^rdr-anchor "pot-rdr/\*"$' "$pf_file" )" -eq 1 ] ; then
+			_debug "pf already properly configured"
 		else
-			touch "$pf_file"
+			if [ -w "$pf_file" ]; then
+				echo "Creating a backup of your $pf_file"
+				cp -v "$pf_file" "$pf_file".bkp-pot
+				# delete incomplete/broken ancory entries - just in case
+				sed -i '' '/^nat-anchor pot-nat$/d' "$pf_file"
+				sed -i '' '/^rdr-anchor "pot-rdr\/\*"$/d' "$pf_file"
+			else
+				touch "$pf_file"
+			fi
+			echo "auto-magically editing your $pf_file"
+			printf "%s\n" 0a "nat-anchor pot-nat" "rdr-anchor \"pot-rdr/*\"" . x | ex "$pf_file"
+			echo "Please, check that your PF configuration file $pf_file is still valid!"
 		fi
-		echo "auto-magically editing your $pf_file"
-		printf "%s\n" 0a "nat-anchor pot-nat" "rdr-anchor \"pot-rdr/*\"" . x | ex "$pf_file"
-		echo "Please, check that your PF configuration file $pf_file is still valid!"
+	else
+		_debug "pf configuration skipped"
 	fi
 }