openvpn: add generic hotplug mechanism

Pass a default --up and --down executable to each started OpenVPN instance
which triggers /etc/hotplug.d/openvpn/ scripts whenever an instance
goes up or down.

User-configured up and down scripts are invoked by the default shipped
01-user hotplug handler to ensure that existing setups continue to work
as before.

As a consequence of this change, the up, down and script_security OpenVPN
options are removed from the option file, since we're always passing them
via the command line, they do not need to get included into the generated
configuration.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
[reword commit message, move hotplug executable to /usr/libexec]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>

package/network/services/openvpn/files/openvpn.init

@@ -73,13 +73,17 @@ openvpn_add_instance() {
 	local name="$1"
 	local dir="$2"
 	local conf="$3"
+	local security="$4"
 
 	procd_open_instance "$name"
 	procd_set_param command "$PROG"	\
 		--syslog "openvpn($name)" \
 		--status "/var/run/openvpn.$name.status" \
 		--cd "$dir" \
-		--config "$conf"
+		--config "$conf" \
+		--up "/usr/libexec/openvpn-hotplug up $name" \
+		--down "/usr/libexec/openvpn-hotplug down $name" \
+		--script-security "${security:-2}"
 	procd_set_param file "$dir/$conf"
 	procd_set_param term_timeout 15
 	procd_set_param respawn
@@ -100,11 +104,14 @@ start_instance() {
 		return 1
 	}
 
+	local script_security
+	config_get script_security "$s" script_security
+
 	[ ! -d "/var/run" ] && mkdir -p "/var/run"
 
 	if [ ! -z "$config" ]; then
 		append UCI_STARTED "$config" "$LIST_SEP"
-		openvpn_add_instance "$s" "${config%/*}" "$config"
+		openvpn_add_instance "$s" "${config%/*}" "$config" "$script_security"
 		return
 	fi
 
@@ -115,7 +122,7 @@ start_instance() {
 	append_params "$s" $OPENVPN_PARAMS
 	append_list "$s" $OPENVPN_LIST
 
-	openvpn_add_instance "$s" "/var/etc" "openvpn-$s.conf"
+	openvpn_add_instance "$s" "/var/etc" "openvpn-$s.conf" "$script_security"
 }
 
 start_service() {