#!/bin/sh
# 2020-06-13, Nico Schottelius
# See https://ungleich.ch/u/products/viirb-ipv6-box/

if [ $# -ne 3 ]; then
    echo "$0 your-dot-cdist viirb-id public-key"
    echo "    your-dot-cdist: path to YOUR ungleich-dot-cdist repo"
    echo "    viirb-id: number in decimal format"
    echo "    wireguard public key"
    exit 1
fi

set -x
dot_cdist=$1; shift
id=$1; shift
public_key=$1; shift

hex_id=$(printf "%0.2x\n" "$id")
viirb_hostname=viirb${id}

prefix_base=2a0a:e5c1:3
my_prefix=${prefix_base}${hex_id}
my_network=${my_prefix}::/48
my_wireguard_ip=${my_prefix}::42
my_lan_ip=${my_prefix}:cafe::42
my_wifi_ip=${my_prefix}:7ea::42

vpn_endpoint_host=vpn-2a0ae5c1300.ungleich.ch

# cdist
dot_cdist_files=${dot_cdist}/type/__ungleich_wireguard/files
peerfilename=${vpn_endpoint_host}.peer${hex_id}
peerfile=${dot_cdist_files}/${peerfilename}
vpnconfig=${dot_cdist_files}/${vpn_endpoint_host}


# Configure VPN server / update cdist
echo Updating VPNserver
cat <<EOF > ${peerfile}
# ${viirb_hostname}, $(date +%F)
[Peer]
PublicKey = ${public_key}
AllowedIPs = ${my_network}

EOF

# Generate real config
cat ${dot_cdist_files}/${vpn_endpoint_host}.* > ${vpnconfig}
cd ${dot_cdist_files}
git add ${vpn_endpoint_host} ${peerfilename}
git commit -m "[vpn] Updated config for peer ${viirb_hostname} ${my_network}"
git pull
git push

cdist config -vv -j8 ${vpn_endpoint_host} -c ${dot_cdist}

# Test that the VPN connection is established
# Might take longer due to reboot
sleep 10

ping -c10 ${my_wireguard_ip}
ping -c10 ${my_lan_ip}
ping -c90 ${my_wifi_ip}