From cf48388de287adbc01a7773de1c7596dcd6595ac Mon Sep 17 00:00:00 2001
From: Daniel Gray <dng@disroot.org>
Date: Tue, 25 May 2021 09:39:34 +0000
Subject: [PATCH] Add VPN_CONFIG_FILE option

---
 README.md             |  1 +
 data/scripts/entry.sh | 23 +++++++++++++----------
 2 files changed, 14 insertions(+), 10 deletions(-)

diff --git a/README.md b/README.md
index 7dae4a7..00bca16 100644
--- a/README.md
+++ b/README.md
@@ -70,6 +70,7 @@ services:
 | --- | --- | --- |
 | `KILL_SWITCH` | `on` | The on/off status of the network kill switch. |
 | `SUBNETS` | | A list of one or more comma-separated subnets (e.g. `192.168.0.0/24,192.168.1.0/24`) to allow outside of the VPN tunnel. See important note about this [below](#subnets). |
+| `VPN_CONFIG_FILE` | | The OpenVPN config file to use. If this is unset, the first file with the extension .conf will be used. |
 | `VPN_LOG_LEVEL` | `3` | OpenVPN verbosity (`1`-`11`) |
 | `HTTP_PROXY` | `off` | The on/off status of Tinyproxy, the built-in HTTP proxy server. To enable, set to `on`. Any other value (including unset) will cause the proxy server to not start. It listens on port 8080. |
 | `SOCKS_PROXY` | `off` | The on/off status of Dante, the built-in SOCKS proxy server. To enable, set to `on`. Any other value (including unset) will cause the proxy server to not start. It listens on port 1080. |
diff --git a/data/scripts/entry.sh b/data/scripts/entry.sh
index da1565b..5ee8c97 100755
--- a/data/scripts/entry.sh
+++ b/data/scripts/entry.sh
@@ -23,13 +23,6 @@ is_ip() {
     echo "$1" | grep -Eq "[0-9][0-9]*\.[0-9][0-9]*\.[0-9][0-9]*\.[0-9][0-9]*"
 }
 
-# Capture the filename of the first .conf file to use as the OpenVPN config.
-config_file_original=$(find /data/vpn -name "*.conf" 2> /dev/null | sort | head -1)
-if [ -z "$config_file_original" ]; then
-    >&2 echo "ERROR: No configuration file found. Please check your mount and file permissions. Exiting."
-    exit 1
-fi
-
 # shellcheck disable=SC2153
 if ! (echo "$VPN_LOG_LEVEL" | grep -Eq '^([1-9]|1[0-1])$'); then
     echo "WARNING: Invalid log level $VPN_LOG_LEVEL. Setting to default."
@@ -46,9 +39,19 @@ SOCKS proxy: ${SOCKS_PROXY:-off}
 Proxy username secret: ${PROXY_PASSWORD_SECRET:-none}
 Proxy password secret: ${PROXY_USERNAME_SECRET:-none}
 Allowing subnets: ${SUBNETS:-none}
-Using configuration file: $config_file_original
-Using OpenVPN log level: $vpn_log_level
-"
+Using OpenVPN log level: $vpn_log_level"
+
+if [ -n "$VPN_CONFIG_FILE" ]; then
+    config_file_original="/data/vpn/$VPN_CONFIG_FILE"
+else
+    # Capture the filename of the first .conf file to use as the OpenVPN config.
+    config_file_original=$(find /data/vpn -name "*.conf" 2> /dev/null | sort | head -1)
+    if [ -z "$config_file_original" ]; then
+        >&2 echo "ERROR: No configuration file found. Please check your mount and file permissions. Exiting."
+        exit 1
+    fi
+fi
+echo "Using configuration file: $config_file_original"
 
 # Create a new configuration file to modify so the original is left untouched.
 config_file_modified="${config_file_original}.modified"