#!/bin/bash

build() {
    if ! pacman -Qi nftables >/dev/null 2>&1; then
        error "Package nftables not installed"
        return 1
    fi

    SD_NFTABLES_CONFIG="${SD_NFTABLES_CONFIG:-/etc/nftables.conf}"
    if [[ ! -f "$SD_NFTABLES_CONFIG" ]]; then
        error "${SD_NFTABLES_CONFIG} is not a file or does not exist"
        return 1
    fi

    add_file "$SD_NFTABLES_CONFIG" /etc/nftables.conf

    add_systemd_unit network-pre.target
    add_systemd_unit nftables.service

    local drop_in=(
        "[Unit]"
        "DefaultDependencies=no"
    )
    printf "%s\n" "${drop_in[@]}" | add_systemd_drop_in nftables.service override

    # enable nftables.service
    add_symlink /etc/systemd/system/sysinit.target.wants/nftables.service \
        /usr/lib/systemd/systemd/nftables.service

    # needed to support port names in rules
    [[ -f /etc/services ]] && add_file /etc/services

    add_binary /usr/bin/nft
    add_all_modules /net/bridge/netfilter
    add_all_modules /net/ipv4/netfilter
    add_all_modules /net/ipv6/netfilter
    add_all_modules /net/netfilter
    add_module br_netfilter
}

help() {
    cat <<__EOF_HELP__
This hook enables netfilter capabilities with nftables during early boot.

It copies all the required files, binaries and modules to initramfs and enables
nftables.service. Configuration is copied either

 o  from the file specified by \$SD_NFTABLES_CONFIG or

 o  from /etc/nftables.conf (in case \$SD_NFTABLES_CONFIG has not been set).

If required SD_NFTABLES_CONFIG must be set in /etc/mkinitcpio.conf.
__EOF_HELP__
}
