#!/bin/bash

# Unraid Network Configuration Script
# This script configures game server routing through Tailscale

# Color codes for output
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
NC='\033[0m'

# Configuration variables
TAILSCALE_INTERFACE="tailscale1"
WAN_INTERFACE="br0"
VPS_IP="YOUR_VPS_IP"  # Replace with your Dallas VPS public IP
GAME_SUBNET="172.17.0.0/16"  # docker0 network

# Script paths
SCRIPT_DIR="/boot/config/plugins/game_routing"
ROUTING_SCRIPT="$SCRIPT_DIR/routing.sh"
IPTABLES_SCRIPT="$SCRIPT_DIR/iptables-restore.sh"
IPTABLES_RULES="$SCRIPT_DIR/rules.v4"

# Function to check if script is run as root
check_root() {
    if [ "$EUID" -ne 0 ]; then
        echo -e "${RED}Error: This script must be run as root${NC}"
        exit 1
    fi
}

# Function to check if Tailscale is installed
check_tailscale() {
    if ! command -v tailscale &> /dev/null; then
        echo -e "${RED}Error: Tailscale is not installed${NC}"
        exit 1
    fi
}

# Function to create script directory
create_directories() {
    echo -e "${YELLOW}Creating script directories...${NC}"
    mkdir -p $SCRIPT_DIR
    chmod 755 $SCRIPT_DIR
}

# Function to fix routing
fix_routing() {
    echo -e "${YELLOW}Fixing routing table...${NC}"
    
    # Delete any conflicting default routes
    ip route del default 2>/dev/null
    ip route del 0.0.0.0/0 dev tailscale1 2>/dev/null
    ip route del 0.0.0.0/0 dev wg0 2>/dev/null
    
    # Get default gateway from br0
    local DEFAULT_GATEWAY=$(ip route | grep br0 | grep default | awk '{print $3}')
    
    # Set up main routing
    ip route add default via $DEFAULT_GATEWAY dev br0
    
    # Add specific route only for game traffic to VPS through Tailscale
    ip route add $VPS_IP via $(ip route | grep tailscale1 | awk '{print $1}') dev tailscale1

    # Ensure WireGuard routes are preserved
    if ip link show wg0 >/dev/null 2>&1; then
        local WG_IP=$(ip -4 addr show wg0 | grep -oP '(?<=inet\s)\d+(\.\d+){3}')
        if [ ! -z "$WG_IP" ]; then
            ip route add $WG_IP dev wg0 scope link
        fi
    fi
    
    # Save the routing configuration with proper permissions
    echo "#!/bin/bash" > $ROUTING_SCRIPT
    echo "ip route del default 2>/dev/null" >> $ROUTING_SCRIPT
    echo "ip route del 0.0.0.0/0 dev tailscale1 2>/dev/null" >> $ROUTING_SCRIPT
    echo "ip route del 0.0.0.0/0 dev wg0 2>/dev/null" >> $ROUTING_SCRIPT
    echo "ip route add default via $DEFAULT_GATEWAY dev br0" >> $ROUTING_SCRIPT
    echo "ip route add $VPS_IP via \$(ip route | grep tailscale1 | awk '{print \$1}') dev tailscale1" >> $ROUTING_SCRIPT
    if [ ! -z "$WG_IP" ]; then
        echo "ip route add $WG_IP dev wg0 scope link" >> $ROUTING_SCRIPT
    fi
    chmod 755 $ROUTING_SCRIPT
    
    echo -e "${GREEN}Routing table fixed successfully${NC}"
}

# Function to configure iptables
configure_iptables() {
    echo -e "${YELLOW}Configuring iptables rules...${NC}"
    
    # Clear existing rules
    iptables -F
    iptables -t nat -F
    
    # Set default policies
    iptables -P INPUT ACCEPT
    iptables -P FORWARD ACCEPT
    iptables -P OUTPUT ACCEPT
    
    # Allow established connections
    iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
    
    # UDP Ports for game servers
    for port in 8766 8767 16261 19132; do
        iptables -A INPUT -p udp --dport $port -j ACCEPT
        iptables -A FORWARD -p udp --dport $port -j ACCEPT
    done
    
    # TCP Port ranges for game servers
    iptables -A INPUT -p tcp -m multiport --dports 16262,27015:27050,25500:25600 -j ACCEPT
    iptables -A FORWARD -p tcp -m multiport --dports 16262,27015:27050,25500:25600 -j ACCEPT
    
    # Route game subnet traffic through Tailscale
    iptables -t nat -A POSTROUTING -s $GAME_SUBNET -d $VPS_IP -o $TAILSCALE_INTERFACE -j MASQUERADE
    
    # Allow other Docker traffic through br0
    iptables -t nat -A POSTROUTING -o $WAN_INTERFACE -j MASQUERADE
    
    echo -e "${GREEN}iptables rules configured successfully${NC}"
}

# Function to make settings persistent
make_persistent() {
    echo -e "${YELLOW}Making settings persistent...${NC}"
    
    # Save iptables rules
    iptables-save > $IPTABLES_RULES
    chmod 644 $IPTABLES_RULES
    
    # Create restore script
    echo "#!/bin/bash" > $IPTABLES_SCRIPT
    echo "iptables-restore < $IPTABLES_RULES" >> $IPTABLES_SCRIPT
    chmod 755 $IPTABLES_SCRIPT
    
    # Update go script if needed
    if ! grep -q "$ROUTING_SCRIPT" /boot/config/go; then
        echo "$ROUTING_SCRIPT" >> /boot/config/go
    fi
    if ! grep -q "$IPTABLES_SCRIPT" /boot/config/go; then
        echo "$IPTABLES_SCRIPT" >> /boot/config/go
    fi
    
    # Ensure go script is executable
    chmod 755 /boot/config/go
    
    echo -e "${GREEN}Settings made persistent${NC}"
}

# Main execution
main() {
    echo -e "${YELLOW}Starting Unraid network configuration...${NC}"
    
    check_root
    check_tailscale
    create_directories
    fix_routing
    configure_iptables
    make_persistent
    
    echo -e "${GREEN}Network configuration completed successfully${NC}"
    echo -e "${YELLOW}Please test your docker containers and game server connectivity${NC}"
}

# Run main function
main

exit 0