package nebula_entrypoint

import (
	"cryptic-net/yamlutil"
	"log"
	"net"
	"os"
	"path/filepath"
	"strconv"
	"syscall"

	crypticnet "cryptic-net"
)

func Main() {

	env, err := crypticnet.ReadEnv()

	if err != nil {
		log.Fatalf("reading envvars: %v", err)
	}

	var (
		lighthouseHostIPs []string
		staticHostMap     = map[string][]string{}
	)

	for _, host := range env.Bootstrap.Hosts {

		if host.Nebula.PublicAddr == "" {
			continue
		}

		lighthouseHostIPs = append(lighthouseHostIPs, host.Nebula.IP)
		staticHostMap[host.Nebula.IP] = []string{host.Nebula.PublicAddr}
	}

	config := map[string]interface{}{
		"pki": map[string]string{
			"ca":   env.Bootstrap.NebulaHostCert.CACert,
			"cert": env.Bootstrap.NebulaHostCert.HostCert,
			"key":  env.Bootstrap.NebulaHostCert.HostKey,
		},
		"static_host_map": staticHostMap,
		"punchy": map[string]bool{
			"punch":   true,
			"respond": true,
		},
		"tun": map[string]interface{}{
			"dev": "cryptic-nebula1",
		},
	}

	if err != nil {
		log.Fatal(err)
	}

	if publicAddr := env.ThisDaemon().VPN.PublicAddr; publicAddr == "" {

		config["listen"] = map[string]string{
			"host": "0.0.0.0",
			"port": "0",
		}

		config["lighthouse"] = map[string]interface{}{
			"hosts": lighthouseHostIPs,
		}

	} else {

		_, port, err := net.SplitHostPort(publicAddr)

		if err != nil {
			log.Fatalf("parsing public address %q: %v", publicAddr, err)
		}

		config["listen"] = map[string]string{
			"host": "0.0.0.0",
			"port": port,
		}

		config["lighthouse"] = map[string]interface{}{
			"hosts":         []string{},
			"am_lighthouse": true,
		}
	}

	thisDaemon := env.ThisDaemon()

	var firewallInbound []crypticnet.ConfigFirewallRule

	for _, alloc := range thisDaemon.Storage.Allocations {
		firewallInbound = append(
			firewallInbound,
			crypticnet.ConfigFirewallRule{
				Port:  strconv.Itoa(alloc.S3APIPort),
				Proto: "tcp",
				Host:  "any",
			},
			crypticnet.ConfigFirewallRule{
				Port:  strconv.Itoa(alloc.RPCPort),
				Proto: "tcp",
				Host:  "any",
			},
		)
	}

	firewall := thisDaemon.VPN.Firewall

	firewall.Inbound = append(firewallInbound, firewall.Inbound...)

	config["firewall"] = firewall

	nebulaYmlPath := filepath.Join(env.RuntimeDirPath, "nebula.yml")

	if err := yamlutil.WriteYamlFile(config, nebulaYmlPath); err != nil {
		log.Fatalf("writing nebula.yml to %q: %v", nebulaYmlPath, err)
	}

	var (
		binPath = env.BinPath("nebula")
		args    = []string{"nebula", "-config", nebulaYmlPath}
		cliEnv  = os.Environ()
	)

	if err := syscall.Exec(binPath, args, cliEnv); err != nil {
		log.Fatalf("calling exec(%q, %#v, %#v)", binPath, args, cliEnv)
	}
}