#!/bin/bash

# Unraid Network Configuration Script
# This script configures the game server routing through Tailscale

# Color codes for output
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
NC='\033[0m'

# Configuration variables
TAILSCALE_INTERFACE="tailscale0"
WAN_INTERFACE="br0"  # Typical Unraid bridge interface
VPS_IP="YOUR_VPS_IP"  # Replace with your Dallas VPS IP
GAME_SUBNET="172.16.0.0/24"  # Replace with your game servers' subnet

# Function to check if script is run as root
check_root() {
    if [ "$EUID" -ne 0 ]; then
        echo -e "${RED}Error: This script must be run as root${NC}"
        exit 1
    fi
}

# Function to check if Tailscale is installed
check_tailscale() {
    if ! command -v tailscale &> /dev/null; then
        echo -e "${RED}Error: Tailscale is not installed${NC}"
        exit 1
    fi
}

# Function to configure iptables
configure_iptables() {
    echo -e "${YELLOW}Configuring iptables rules...${NC}"
    
    # Clear existing rules
    iptables -F
    iptables -t nat -F
    
    # Set default policies
    iptables -P INPUT ACCEPT
    iptables -P FORWARD ACCEPT
    iptables -P OUTPUT ACCEPT
    
    # Allow established connections
    iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
    
    # UDP Ports
    for port in 8766 8767 16261 19132; do
        iptables -A INPUT -p udp --dport $port -j ACCEPT
        iptables -A FORWARD -p udp --dport $port -j ACCEPT
    done
    
    # TCP Port Ranges
    iptables -A INPUT -p tcp --match multiport --dports 16262,27015:27050,25500:25600 -j ACCEPT
    iptables -A FORWARD -p tcp --match multiport --dports 16262,27015:27050,25500:25600 -j ACCEPT
    
    # Route game traffic through Tailscale
    iptables -t nat -A POSTROUTING -o $TAILSCALE_INTERFACE -j MASQUERADE
    
    echo -e "${GREEN}iptables rules configured successfully${NC}"
}

# Function to configure routing
configure_routing() {
    echo -e "${YELLOW}Configuring routing...${NC}"
    
    # Enable IP forwarding
    echo 1 > /proc/sys/net/ipv4/ip_forward
    
    # Add route for game servers through Tailscale
    ip route add $VPS_IP via $(ip route | grep $TAILSCALE_INTERFACE | awk '{print $1}')
    
    echo -e "${GREEN}Routing configured successfully${NC}"
}

# Function to make settings persistent
make_persistent() {
    echo -e "${YELLOW}Making settings persistent...${NC}"
    
    # Save iptables rules
    if [ -d "/boot/config/iptables" ]; then
        iptables-save > /boot/config/iptables/rules.v4
        echo -e "${GREEN}iptables rules saved to /boot/config/iptables/rules.v4${NC}"
    else
        mkdir -p /boot/config/iptables
        iptables-save > /boot/config/iptables/rules.v4
        echo -e "${GREEN}Created iptables directory and saved rules${NC}"
    fi
    
    # Ensure IP forwarding is enabled on boot
    if ! grep -q "net.ipv4.ip_forward=1" /etc/sysctl.conf; then
        echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf
    fi
}

# Main execution
main() {
    echo -e "${YELLOW}Starting Unraid network configuration...${NC}"
    
    check_root
    check_tailscale
    configure_iptables
    configure_routing
    make_persistent
    
    echo -e "${GREEN}Unraid network configuration completed successfully${NC}"
    echo -e "${YELLOW}Please test your game server connectivity${NC}"
}

# Run main function
main

exit 0