#!/usr/bin/env bash
set -eu
set -o pipefail

script_path="$(realpath "$(dirname "$0")")"
secrets_bin="${script_path}/secrets"
config_path="$(echo /mnt/algo/configs/*/wireguard)"

"$secrets_bin" open
trap '"$secrets_bin" close' EXIT

if [ -z "${VIRTUAL_ENV:-}" ]; then
    # shellcheck disable=SC1090
    . "${script_path}/helpers/algo-virtualenv"
    python -m pip install segno
fi

# hush
sudo cp "$config_path"/hush.conf /etc/wireguard/algo-captive.conf
sed 's|^AllowedIPs.*|AllowedIPs = 10.19.49.0/24, fd9d:bc11:4021::/48, 172.16.0.1/32|' "$config_path/hush.conf" > "$config_path/hush-not-captive.conf"
sudo cp "$config_path/hush-not-captive.conf" /etc/wireguard/algo.conf

# tozt
sed 's|^AllowedIPs.*|AllowedIPs = 10.19.49.0/24, fd9d:bc11:4021::/48, 172.16.0.1/32|' "$config_path/tozt.conf" > "$config_path/tozt-not-captive.conf"
scp "$config_path/tozt-not-captive.conf" root@tozt.net:/etc/wireguard/algo.conf
cp "$config_path/tozt-not-captive.conf" /mnt/puppet/tozt/wireguard
$secrets_bin sync tozt

# partofme
sed 's|^AllowedIPs.*|AllowedIPs = 10.19.49.0/24, fd9d:bc11:4021::/48, 172.16.0.1/32|' "$config_path/partofme.conf" > "$config_path/partofme-not-captive.conf"
scp "$config_path/partofme-not-captive.conf" root@partofme:/etc/wireguard/algo.conf
cp "$config_path/partofme-not-captive.conf" /mnt/puppet/partofme/wireguard
$secrets_bin sync partofme

# mail
# XXX
# sed 's|^AllowedIPs.*|AllowedIPs = 10.19.49.0/24, fd9d:bc11:4021::/48, 172.16.0.1/32|' "$config_path/mail.conf" > "$config_path/mail-not-captive.conf"
# scp "$config_path/mail-not-captive.conf" root@newsmtp.tozt.net:/etc/wireguard/algo.conf
# cp "$config_path/mail-not-captive.conf" /mnt/puppet/mail/wireguard
# $secrets_bin sync mail

# phone
echo "algo-captive"
sxiv "$config_path/phone.png"
echo "algo"
segno --scale=5 --output="$config_path/phone-not-captive.png" "$(sed 's|^AllowedIPs.*|AllowedIPs = 10.19.49.0/24, fd9d:bc11:4021::/48, 172.16.0.1/32|' "$config_path/phone.conf")"
sxiv "$config_path/phone-not-captive.png"