#!/bin/bash
# Rego-tunnel custom startup script
# Runs when container starts

set -e

echo "[rego] Initializing rego-tunnel customizations..."

# Copy VPN scripts to shared folder if it exists
if [ -d "/shared" ]; then
    echo "[rego] Copying VPN scripts to shared folder..."
    mkdir -p /shared/vpn_scripts
    cp -rn /opt/rego-scripts/* /shared/vpn_scripts/ 2>/dev/null || true
    chmod -R 755 /shared/vpn_scripts/
    echo "[rego] Scripts available at \\\\TSCLIENT\\shared\\vpn_scripts\\"
fi

# Background task: Wait for Windows and setup networking
(
    WINDOWS_IP=""
    MAX_WAIT=300  # 5 minutes max wait

    echo "[rego] Waiting for Windows VM to get IP..."

    for i in $(seq 1 $MAX_WAIT); do
        WINDOWS_IP=$(cat /run/shm/qemu.ip 2>/dev/null || ip neigh show dev docker 2>/dev/null | grep -oE '172\.[0-9]+\.[0-9]+\.[0-9]+' | head -1)
        if [ -n "$WINDOWS_IP" ]; then
            echo "[rego] Windows VM IP: $WINDOWS_IP"
            break
        fi
        sleep 1
    done

    if [ -z "$WINDOWS_IP" ]; then
        echo "[rego] Warning: Could not detect Windows IP after ${MAX_WAIT}s"
        exit 0
    fi

    # Wait for SSH to be available
    echo "[rego] Waiting for SSH on Windows..."
    for i in $(seq 1 120); do
        if nc -z "$WINDOWS_IP" 22 2>/dev/null; then
            echo "[rego] SSH is available on Windows"
            break
        fi
        sleep 2
    done

    # Setup iptables rules
    echo "[rego] Setting up iptables rules..."

    # MASQUERADE for outbound traffic
    iptables -t nat -C POSTROUTING -o docker -j MASQUERADE 2>/dev/null || \
    iptables -t nat -A POSTROUTING -o docker -j MASQUERADE

    # Route to IBM i network via Windows VPN
    ip route add 10.35.33.0/24 via $WINDOWS_IP dev docker 2>/dev/null || true

    # Allow forwarding
    iptables -C FORWARD -d $WINDOWS_IP -j ACCEPT 2>/dev/null || \
    iptables -A FORWARD -d $WINDOWS_IP -j ACCEPT

    echo "[rego] Network setup complete"
) &

echo "[rego] Startup script initialized"