#!/usr/bin/env bash 

set -eu

DESC="Configuration de base de societe (hostname, hosts, interfaces)."


setFirewall() {
        vdn-ssh root@societe '
cat << EOF > /etc/network/fw-start
#!/bin/sh

set -x

# Vide les tables

iptables -F
iptables -t nat -F
iptables -t mangle -F
iptables -X

# fixe les politiques par défaut

iptables -P INPUT DROP
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT

# spécifique à VDN (Début)

iptables -A INPUT -i eth3 -j ACCEPT
iptables -A OUTPUT -o eth3 -j ACCEPT

# spécifique à VDN (Fin)

# Autorise l''interface loopback

iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT

# Log 

iptables -A INPUT -j LOG --log-prefix "fw INPUT "

EOF

chmod 755 /etc/network/fw-start

cat << EOF > /etc/network/fw-stop
#!/bin/sh

# Vide les tables

iptables -F
iptables -t nat -F
iptables -t mangle -F
iptables -X

# fixe les politiques par défaut

iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT

EOF

chmod 755 /etc/network/fw-stop

/etc/network/fw-stop

sed -i -re "s/#(net.ipv4.ip_forward=1)/\1/g" /etc/sysctl.conf
sysctl -p

'

        # enable ipv4.ip_forward

        #vdn-ssh root@societe "echo 0 > /proc/sys/net/ipv4/ip_forward"

}


run() {

	. $VDN_PATH/bin/functions-scripts.sh

	setErrorHandler
	echoStart

	name="societe"

	startAndWaitSsh $name

    setIpv6WorkAround $name
    setHostname $name
	setFirewall



    cat << EOF | setHosts $name
127.0.0.1       localhost

$($VDN_PATH/bin/vdn-infos lambda PUBLIC_IP)     lambda
$($VDN_PATH/bin/vdn-infos nomade PUBLIC_IP)     nomade
$($VDN_PATH/bin/vdn-infos societe PUBLIC_IP)    societe

192.168.30.2    bigboss
192.168.30.16   tiny

192.168.1.2     web
EOF

    # Fixe la route par défaut

    cat << EOF | setFile $name /etc/network/if-up.d/default-interface
#!/bin/sh

[ "\$IFACE" = "eth0" ] && {
        . /etc/vdn/config
        /sbin/ifconfig eth0 \$PUBLIC_IP
        /sbin/route add default dev eth0 
} || :
EOF

    vdn-ssh root@$name chmod 755 /etc/network/if-up.d/default-interface


    cat << EOF | setInterfaces $name
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

# The loopback network interface
auto lo
iface lo inet loopback

auto eth0
	iface eth0 inet static
	address $($VDN_PATH/bin/vdn-infos $name PUBLIC_IP)
	netmask 255.0.0.0

auto eth1
	iface eth1 inet static
	address 192.168.1.1
	netmask 255.255.255.0

auto eth2
	iface eth2 inet static
	address 192.168.30.1
	netmask 255.255.255.0

EOF

	vdn-ssh root@$name "systemctl restart networking"
	vdn-ssh root@$name "systemctl enable proftpd; systemctl start proftpd"

	unsetErrorHandler
	echoDone
}