base_role/overlay/Linux/usr/local/sbin/bootstrap_proxy.bash

#!/bin/bash
# -*-mode: sh; tab-width: 8; coding: utf-8-unix -*-

set -e
shopt -o -s pipefail

prog=$( basename $0 .bash )
ROLE=base
. /usr/local/bin/usr_local_tput.bash

[ -z "$UPTMP"] && UPTMP=/usr/local/tmp

# [ $( id -u ) -eq 0 ] || { ERROR "this must be run as root" ; exit 1 ; }

# consider PIP_CONFIG_FILE [defaults] ini
export PLAY_PIP_CERT="/usr/local/etc/ssl/cacert-testforge.pem"

if [ -n "$http_proxy" ] || [ -n "$https_proxy" ] ; then
    INFO "proxy.sh YES http_proxy=$http_proxy https_proxy=$https_proxy"
    if [ -d /etc/portage ] ; then
	grep ^http_proxy /etc/portage/make.conf || \
        cat >> /etc/portage/make.conf << EOF
# BEGIN ANSIBLE MANAGED BLOCK proxy
http_proxy="$http_proxy"
https_proxy="$https_proxy"
# END ANSIBLE MANAGED BLOCK proxy
EOF
    elif [ ! -f /etc/apt/apt.conf.d/80proxy.conf ] || ! grep -q Proxy /etc/apt/apt.conf.d/80proxy.conf ; then \
        cat > /etc/apt/apt.conf.d/80proxy.conf << EOF
# BEGIN ANSIBLE MANAGED BLOCK proxy
Acquire::http::Proxy "$http_proxy";
Acquire::https::Proxy "$https_proxy";
# END ANSIBLE MANAGED BLOCK proxy
EOF
    fi

    # FixMe: should be able to remove check_certificate = off now
    [ -z "$no_proxy" ] && no_proxy=localhost,127.0.0.1
    if [ ! -f /etc/wgetrc ] || grep -q "^http_proxy=$http_proxy" /etc/wgetrc ; then
	cat >> /etc/wgetrc << EOF
# BEGIN ANSIBLE MANAGED BLOCK proxy
http_proxy=$http_proxy
https_proxy=$https_proxy
no_proxy=$no_proxy
ca-certificate=$PLAY_PIP_CERT
check_certificate = on
quiet = on
# END ANSIBLE MANAGED BLOCK proxy
EOF
      fi
  else
    INFO "proxy.sh NO http_proxy=$http_proxy https_proxy=$https_proxy"
    grep -q "^check_certificate = on" /etc/wgetrc || \
      cat >> /etc/wgetrc << EOF
# BEGIN ANSIBLE MANAGED BLOCK proxy
check_certificate = on
quiet = on
# END ANSIBLE MANAGED BLOCK proxy
EOF
  fi
exit 0