#!/usr/bin/env bash

if [[ $EUID -ne 0 ]]; then
   echo "This script must be run as root."
   exit 1
fi

# We are here
dir=$(dirname $(realpath $0))

# Wrap into a tmux shell if it not already the case
tmux rename-session babel 2> /dev/null
res=$?
if ! [[ "$res" == 0 ]]; then
	exec tmux new-session $0
	exit 0
fi

tmux rename-window host

function reset() {
  echo "Reset previous configuration..."
  pkill -e babeld
  pkill -e openvpn
  pkill -e re6stnet
  pkill -e vde_plug
  rm -r run/*
  rm -rv $dir/switches
  ip route delete 172.17.1.0/24
  ip route delete 172.17.2.0/24
}

reset

echo "Generate registry certificates..."
mkdir -p $dir/certs/registry
[[ -f $dir/certs/registry/dh4096.pem ]] || openssl dhparam -out $dir/certs/registry/dh4096.pem 4096
[[ -f $dir/certs/registry/ca.key ]] || openssl genpkey -out $dir/certs/registry/ca.key -algorithm rsa -pkeyopt rsa_keygen_bits:4096
[[ -f $dir/certs/registry/ca.crt ]] || openssl req -nodes -new -x509 -key $dir/certs/registry/ca.key -set_serial 0x1fd000042 -days 36500 -out $dir/certs/registry/ca.crt

echo "Setup switches..."
mkdir switches
vde_plug --daemon switch://$dir/switches/ext null://
vde_plug --daemon switch://$dir/switches/switch1 null://
vde_plug --daemon switch://$dir/switches/switch2 null://

# Connect to the exterior
sudo vde_plug --daemon vde://$dir/switches/ext tap://vde0
sudo ip link set dev vde0 address 02:00:00:00:00:00
sudo ip link set dev vde0 up
sudo ip address add 172.17.0.1/30 dev vde0
sleep 1

echo "Configure re6st registry..."
mkdir -p $dir/states/host $dir/certs/host $dir/log/host $dir/run
tmux split-window -t host -h re6st-registry --dh $dir/certs/registry/dh4096.pem --ca $dir/certs/registry/ca.crt --key $dir/certs/registry/ca.key --db $dir/states/host/registry.db --logfile $dir/log/host/registry.log --run $dir/run/registry.pid -4 172.17.0.1 -6 ::1 --prefix-length 64
sleep 1
if ! [[ -f $dir/certs/host/cert.crt ]]; then
  echo "Generating certificates for host..."
  sqlite3 $dir/states/host/registry.db "INSERT INTO token VALUES(\"token\", \"ynerant@ynerant.fr\", 32, 1)"
  sleep 1
  re6st-conf --registry http://172.17.0.1 --dir $dir/certs/host --email ynerant@ynerant.fr --token token
  sleep 15
fi
tmux split-window -t host bash
tmux send-keys -t host "re6stnet --registry http://172.17.0.1 --ip 172.17.0.1 --ca $dir/certs/host/ca.crt --cert $dir/certs/host/cert.crt --key $dir/certs/host/cert.key --state $dir/states/host --log $dir/log/host --run $dir/run/re6stnet-host.pid" Enter
tmux select-pane -t host -L

for i in 1 2 3 4; do
  echo "Creating new namespace..."
  tmux new-window -n ns$i "unshare --net"
  tmux select-window -t host

  sleep 1

  echo "Configure ns$i..."

  tmux send-keys -t ns$i "echo \$\$ > $dir/run/node$i.pid" Enter
  if [[ $i -eq 1 ]]; then
    tmux send-keys -t ns$i "vde_plug --daemon vde://$dir/switches/ext tap://vde0" Enter
    sleep 0.3
    tmux send-keys -t ns$i "ip link set dev vde0 address 02:00:00:00:00:01" Enter
    tmux send-keys -t ns$i "ip link set dev vde0 up" Enter
    tmux send-keys -t ns$i "ip address add 172.17.0.2/30 dev vde0" Enter
  fi
done

echo "Enable links..."

# Switch 1: NS 1, 2, 3
for i in 1 2 3; do
  tmux send-keys -t ns$i "vde_plug --daemon vde://$dir/switches/switch1 tap://vde1" Enter
  sleep 0.3
  tmux send-keys -t ns$i "ip link set dev vde1 address 02:00:00:00:01:0$i" Enter
  tmux send-keys -t ns$i "ip link set dev vde1 up" Enter
  tmux send-keys -t ns$i "ip address add 172.17.1.$i/24 dev vde1" Enter
  tmux send-keys -t ns$i "ip route add 172.17.0.0/30 via 172.17.1.1 dev vde1 proto kernel" Enter
done

# Switch 2: NS 2, 3, 4
for i in 2 3 4; do
  tmux send-keys -t ns$i "vde_plug --daemon vde://$dir/switches/switch2 tap://vde2" Enter
  sleep 0.3
  tmux send-keys -t ns$i "ip link set dev vde2 address 02:00:00:00:02:0$i" Enter
  tmux send-keys -t ns$i "ip link set dev vde2 up" Enter
  tmux send-keys -t ns$i "ip address add 172.17.2.$i/24 dev vde2" Enter
done

# Add IPv4 routes to contact gateway
tmux send-keys -t ns4 "ip route add 172.17.0.0/30 via 172.17.2.2 dev vde2 proto kernel" Enter
tmux send-keys -t ns1 "ip route add 172.17.2.0/24 via 172.17.1.2 dev vde1 proto kernel" Enter
ip route add 172.17.1.0/24 via 172.17.0.2
ip route add 172.17.2.0/24 via 172.17.0.2

# Restrict HTTP transport on nodes 2 and 3
tmux send-keys -t ns2 "nft -f $dir/firewall/restrict-http.conf" Enter
tmux send-keys -t ns3 "nft -f $dir/firewall/restrict-http.conf" Enter
# Disable ip forwarding on node 2, woops
tmux send-keys -t ns2 "sleep 10 && sysctl -w net.ipv6.conf.all.forwarding=0" Enter

for i in 1 2 3 4; do
  mkdir -p $dir/certs/node$i $dir/states/node$i
  if ! [[ -f $dir/certs/node$i/cert.crt ]]; then
    echo "Generating certificates for node $i..."
    sqlite3 $dir/states/host/registry.db "INSERT INTO token VALUES(\"token\", \"ynerant@ynerant.fr\", 32, 1)"
    sleep 1
    re6st-conf --registry http://172.17.0.1 --dir $dir/certs/node$i --email ynerant@ynerant.fr --token token
    sleep 15
  fi
  tmux split-window -h -t ns$i nsenter -t `cat $dir/run/node$i.pid` --net
  subnet=2
  if [[ $i == 1 ]]; then subnet=1; fi
  tmux send-keys -t ns$i "re6stnet --registry http://172.17.0.1 --ip 172.17.$subnet.$i --ca $dir/certs/node$i/ca.crt --cert $dir/certs/node$i/cert.crt --key $dir/certs/node$i/cert.key --state $dir/states/node$i --log $dir/log/node$i --run $dir/run/re6stnet-node$i.pid" Enter
  tmux select-pane -t ns$i -L
done

bash

reset

tmux kill-session