#!/usr/bin/env /lib/runit/invoke-run
readonly daemon=/usr/bin/anon
exec 2>&1

# This directory is referenced in /usr/share/anon/anon-service-defaults-anonrc
# and must exist.
readonly rundir=/run/anon
if ! [ -d "${rundir}" ]; then
	mkdir -m 02755 "${rundir}"
	chown debian-anon:debian-anon "${rundir}"
	! [ -x /sbin/restorecon ] || /sbin/restorecon "${rundir}"
fi

MAX_FILEDESCRIPTORS="${MAX_FILEDESCRIPTORS:-65536}"
ulimit -n "${MAX_FILEDESCRIPTORS}"

# default invocation
set -- "${daemon}"                                             \
	--defaults-anonrc /usr/share/anon/anon-service-defaults-anonrc \
	-f /etc/anon/anonrc                                          \
	--Log 'notice stdout'                                      \
	--RunAsDaemon 0

if ! "$@" --verify-config ; then
	echo "persistent error: Anon configuration is not valid"
	exec sv down anon
fi

if aa-status --enabled ; then
	set -- /usr/bin/aa-exec --profile=system_anon -- "$@"
fi

exec /usr/bin/env -i "$@"
