#!/bin/bash
if ! test "$BASH_VERSION"; then echo "error: shell is not bash" >&2; exit 1; fi
shopt -s inherit_errexit 2>/dev/null ||: # ignore fail in bash < 4.4
set -eE -o pipefail
trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?. PIPESTATUS: ${PIPESTATUS[*]}" >&2' ERR

[[ $EUID == 0 ]] || exec sudo -E "${BASH_SOURCE[0]}" "$@"

conf=$1

# We block dns lookups from going outside the vpn network namespace,
# there might be some other workaround, but just resolving to static ips
# is a simple fix.

main() {
  while read -r host port; do
    while read -r ip; do
      printf "remote %s %s\n" "$ip" "$port" >>$conf
      ret=0
    done < <(dig +short $host ||:)
  done < <(sed -rn 's/^ *# *remote //p' $conf)

}


sed --follow-symlinks -i '/^ *remote /d' $conf
ret=1
main
# give it one retry if it failed initially
if (( ret )); then
  sleep 2
  main
fi

if ((ret)); then
  echo "vpn-static-ip: error: failed to set any ips" >&2
  exit 1
fi