#!/bin/bash
# I, Ian Kelling, follow the GNU license recommendations at
# https://www.gnu.org/licenses/license-recommendations.en.html. They
# recommend that small programs, < 300 lines, be licensed under the
# Apache License 2.0. This file contains or is part of one or more small
# programs. If a small program grows beyond 300 lines, I plan to switch
# its license to GPL.

# Copyright 2024 Ian Kelling

# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at

#     http://www.apache.org/licenses/LICENSE-2.0

# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

if ! test "$BASH_VERSION"; then echo "error: shell is not bash" >&2; exit 1; fi
shopt -s inherit_errexit 2>/dev/null ||: # ignore fail in bash < 4.4
set -eE -o pipefail
trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?. PIPESTATUS: ${PIPESTATUS[*]}" >&2' ERR

[[ $EUID == 0 ]] || exec sudo -E "${BASH_SOURCE[0]}" "$@"

conf=$1

# We block dns lookups from going outside the vpn network namespace,
# there might be some other workaround, but just resolving to static ips
# is a simple fix.

main() {
  while read -r host port; do
    while read -r ip; do
      echo $ip | grep -E '[0-9]*\.[0-9]*\.[0-9]*\.[0-9]*' &>/dev/null || continue
      printf "remote %s %s\n" "$ip" "$port" >>$conf
      ret=0
    done < <(timeout -s 9 1 dig +short $host ||:)
  done < <(sed -rn 's/^ *# *remote //p' $conf)

}


sed --follow-symlinks -i '/^ *remote /d' $conf
ret=1
main
# give it one retry if it failed initially
if (( ret )); then
  sleep 2
  main
fi

if ((ret)); then
  echo "vpn-static-ip: error: failed to set any ips" >&2
  exit 1
fi