#!/bin/bash

set -eE -o pipefail
trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR

h=root@192.168.1.1
scp /a/bin/fai/wrt-setup /a/bin/cedit/cedit $h:/usr/bin
ssh $h <<'EOF'
if ! opkg list-installed|grep bash; then
    opkg update
    opkg install bash
fi
wrt-setup
EOF

if ! ssh wrt test -e /etc/openvpn/client.key; then
    /a/bin/vpn-setup/vpn-mk-client-cert do wrt
    sleep 10 # wait for connection before we try to ssh
fi


ssh do bash <<'EOFOUTER'
set -eE -o pipefail
old_rules="$(iptables -t nat -S PREROUTING)"
iptables -t nat -F PREROUTING

rm -rf /root/port-forwards
for port in 63324 63326; do
for proto in udp tcp; do
echo iptables -t nat -A PREROUTING -i eth0 -p $proto -m $proto --dport $port -j DNAT --to-destination 10.8.0.6:$port >> /root/port-forwards
done
done
chmod +x /root/port-forwards

sudo dd of=/etc/systemd/system/myport-forward.service <<EOF
[Unit]
Description=Turns on port forwarding rules

[Service]
Type=oneshot
ExecStart=/root/port-forwards

[Install]
WantedBy=multi-user.target
EOF
systemctl daemon-reload # needed if the file was already there
systemctl enable myport-forward.service

/root/port-forwards
diff <(echo "$old_rules") <(iptables -t nat -S PREROUTING) ||:
EOFOUTER