#!/bin/bash -l

set -eE -o pipefail
trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR

[[ $EUID == 0 ]] || exec sudo -E "${BASH_SOURCE[0]}" "$@"

# Usage: run when switching from an untrusted network like public wifi
# to a trusted one.

if [[ -e /etc/NetworkManager/conf.d/dns.conf ]]; then
  rm -fv /etc/NetworkManager/conf.d/dns.conf
  if [[ $(systemctl is-active NetworkManager) == active ]]; then
    m systemctl restart NetworkManager
  fi
fi

rm -f /etc/systemd/resolved.conf.d/untrusted-network.conf

dhclient_restart=false
# man dhclient.conf
if ! grep -qP '\bdomain-name-servers\b' /etc/dhcp/dhclient.conf; then
  sed -i 's/^ *request/request domain-name-servers,/' /etc/dhcp/dhclient.conf
  dhclient_restart=true
  e $0: dhclient_restart=true
fi



read -r _ _ _ _  gateway_if _ < <(ip route get 8.8.8.8)
if [[ $gateway_if ]]; then
  # we could do this, but dhclient is still running and will use its old settings
  # from dependencies of ifupdown,
  # from man dhclient-script
  # from /etc/dhcp/dhclient-enter-hooks.d/resolved
  # rm -f /run/systemd/resolved.conf.d/*$gateway_if*


  if $dhclient_restart && grep -Pq "^ *auto ($gateway_if|.* $gateway_if( |$))" /etc/network/interfaces; then
    m ifdown $gateway_if
    m ifup $gateway_if
  fi

  # at least on systemd 237 ifupdown it sets a global and this is not needed
  systemd-resolve --interface=$gateway_if --revert
else
  e $0: no gateway_if found
fi

reresolv