From df7743b5c2c5a0666132251ef582edc7da8fcdbb Mon Sep 17 00:00:00 2001
From: GoliathLabs <felix.golatofski@gmx.de>
Date: Sun, 23 Sep 2018 14:58:37 +0200
Subject: [PATCH] Re-add Arch Linux support

---
 README.md          |  1 +
 openvpn-install.sh | 62 +++++++++++++++++++++++++++++++++++++++++++---
 2 files changed, 60 insertions(+), 3 deletions(-)

diff --git a/README.md b/README.md
index c91993c..bdd8e74 100644
--- a/README.md
+++ b/README.md
@@ -67,6 +67,7 @@ The script supports these OS and architectures:
 |   CentOS 7   |   ✅  |  ✅  |   ❔   |   ❌  |
 |   Fedora 27  |   ❔  |  ✅  |   ❔   |   ❔  |
 |   Fedora 28  |   ❔  |  ✅  |   ❔   |   ❔  |
+|  Arch Linux  |   ❔  |  ✅  |   ❔   |   ❔  |
 
 To be noted:
 
diff --git a/openvpn-install.sh b/openvpn-install.sh
index 9756cc8..d3ed8b1 100644
--- a/openvpn-install.sh
+++ b/openvpn-install.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 
-# Secure OpenVPN server installer for Debian, Ubuntu, CentOS and Fedora
+# Secure OpenVPN server installer for Debian, Ubuntu, CentOS, Fedora and Arch Linux
 # https://github.com/angristan/openvpn-install
 
 function isRoot () {
@@ -51,8 +51,12 @@ function checkOS () {
 			fi
 		fi
 		OS=centos
+	elif [[ -e /etc/arch-release ]]; then
+		OS=arch
+		IPTABLES='/etc/iptables/iptables.rules'
+		SYSCTL='/etc/sysctl.d/openvpn.conf'
 	else
-		echo "Looks like you aren't running this installer on a Debian, Ubuntu, Fedora or CentOS system"
+		echo "Looks like you aren't running this installer on a Debian, Ubuntu, Fedora, CentOS or Arch Linux system"
 		exit 1
 	fi
 }
@@ -102,7 +106,32 @@ prefetch: yes' >> /etc/unbound/unbound.conf
 			sed -i 's|# hide-identity: no|hide-identity: yes|' /etc/unbound/unbound.conf
 			sed -i 's|# hide-version: no|hide-version: yes|' /etc/unbound/unbound.conf
 			sed -i 's|# use-caps-for-id: no|use-caps-for-id: yes|' /etc/unbound/unbound.conf
+			
 		fi
+		elif [[ "$OS" = "arch" ]]; then
+			# Install Unbound
+			pacman -Syu unbound expat
+			#Permissions for the DNSSEC keys
+			chown root:unbound /etc/unbound
+			chmod 775 /etc/unbound
+			# Get root servers list
+			wget https://www.internic.net/domain/named.root -O /etc/unbound/root.hints
+			# Configuration
+			mv /etc/unbound/unbound.conf /etc/unbound/unbound.conf.old
+			echo 'server:
+root-hints: root.hints
+auto-trust-anchor-file: trusted-key.key
+interface: 10.8.0.1
+access-control: 10.8.0.1/24 allow
+port: 53
+do-daemonize: yes
+num-threads: 2
+use-caps-for-id: yes
+harden-glue: yes
+hide-identity: yes
+hide-version: yes
+qname-minimisation: yes
+prefetch: yes' > /etc/unbound/unbound.conf
 
 		if [[ ! "$OS" =~ (fedora|centos) ]];then
 			# DNS Rebinding fix
@@ -525,6 +554,29 @@ function installOpenVPN () {
 		yum install epel-release openvpn iptables openssl wget ca-certificates curl -y
 	elif [[ "$OS" = 'fedora' ]]; then
 		dnf install openvpn iptables openssl wget ca-certificates curl -y
+	elif [[ "$OS" = 'archlinux' ]]; then
+		# Else, the distro is ArchLinux
+		echo ""
+		echo ""
+		echo "As you're using ArchLinux, I need to update the packages on your system to install those I need."
+		echo "Not doing that could cause problems between dependencies, or missing files in repositories."
+		echo ""
+		echo "Continuing will update your installed packages and install needed ones."
+		until [[ $CONTINUE == "y" || $CONTINUE == "n" ]]; do
+			read -rp "Continue ? [y/n]: " -e -i y CONTINUE
+		done
+		if [[ "$CONTINUE" = "n" ]]; then
+			echo "Ok, bye !"
+			exit 4
+		fi
+		if [[ "$OS" = 'arch' ]]; then
+			# Install dependencies
+			pacman -Syu openvpn iptables openssl wget ca-certificates curl --needed --noconfirm
+			iptables-save > /etc/iptables/iptables.rules # iptables won't start if this file does not exist
+			systemctl daemon-reload
+			systemctl enable iptables
+			systemctl start iptables
+		fi
 	fi
 
 	# Find out if the machine uses nogroup or nobody for the permissionless group
@@ -729,7 +781,7 @@ verb 3" >> /etc/openvpn/server.conf
 	fi
 
 	# Finally, restart and enable OpenVPN
-	if [[ "$OS" == 'fedora' ]]; then
+	if [[ "$OS" = 'arch' || "$OS" = 'fedora' ]]; then
 		# Workaround to fix OpenVPN service on OpenVZ
 		sed -i 's|LimitNPROC|#LimitNPROC|' /usr/lib/systemd/system/openvpn-server@.service
 		# Another workaround to keep using /etc/openvpn/
@@ -984,6 +1036,8 @@ function removeUnbound () {
 
 		if [[ "$OS" = 'debian' ]]; then
 			apt-get autoremove --purge -y unbound
+		elif [[ "$OS" = 'arch' ]]; then
+			pacman -R unbound --noconfirm
 		elif [[ "$OS" = 'centos' ]]; then
 			yum remove unbound -y
 		elif [[ "$OS" = 'fedora' ]]; then
@@ -1043,6 +1097,8 @@ function removeOpenVPN () {
 				rm /etc/apt/sources.list.d/openvpn.list
 				apt-get update
 			fi
+		elif [[ "$OS" = 'arch' ]]; then
+			pacman -R openvpn --noconfirm
 		elif [[ "$OS" = 'centos' ]]; then
 			yum remove openvpn -y
 		elif [[ "$OS" = 'fedora' ]]; then