#!/bin/sh
set -eu

. ./lib.shs

# typically: bring up the networks
ip link set dev lo up

# FIXME: Xe does not belong to this location (it is just conveniently also behind two NATs and IPv4-only…
# TODO: DHCP client!
ip addr add 192.168.0.3/24 dev wifi
# No IPv6 at public spaces lol (but we should try obtaining it anyway!
ip link set dev wifi up
ip route add default via 192.168.0.1 dev wifi

wireguard wg1 ./machines/$mach/wg1.conf 2a01:4f8:c0c:36b8:ff01:8000:10:f03/108

# Netns for running public VMs
vm_netns="./state/$mach/vm_netns"
touch "$vm_netns"
unshare --net="$vm_netns" /bin/true
ip link add name wg-vms type wireguard
wg setconf wg-vms ./machines/$mach/wg-vms.conf
ip link set wg-vms netns "$vm_netns"
nsenter --net="$vm_netns" ip link set wg-vms up
# The netns has *no* means of participating in the traffic, because it has no address to use.
# FIXME: Apart from possibly a link-local one :-/
nsenter --net="$vm_netns" ip route add 2a01:4f8:c0c:36b8:ff01:8000:0:0001/128 dev wg-vms onlink
nsenter --net="$vm_netns" ip route add default via 2a01:4f8:c0c:36b8:ff01:8000:0:0001 dev wg-vms
nsenter --net="$vm_netns" sysctl net.ipv6.conf.all.forwarding=1

tmux -N new-window -d -n vm1 socat stdio unix-listen:state/$mach/vm1.sock
nsenter --net="$vm_netns" ./machines/$mach/vm1/start.sh
nsenter --net="$vm_netns" ip link set dev tap-vm1 up
nsenter --net="$vm_netns" ip route add 2a01:4f8:c0c:36b8:ff01:8000:0:0003/128 dev tap-vm1 onlink