#!/bin/bash
# postinst script for #PACKAGE#
#
# see: dh_installdeb(1)

set -xe

# summary of how this script can be called:
#        * <postinst> `configure' <most-recently-configured-version>
#        * <old-postinst> `abort-upgrade' <new version>
#        * <conflictor's-postinst> `abort-remove' `in-favour' <package>
#          <new-version>
#        * <postinst> `abort-remove'
#        * <deconfigured's-postinst> `abort-deconfigure' `in-favour'
#          <failed-install-package> <version> `removing'
#          <conflicting-package> <version>
# for details, see https://www.debian.org/doc/debian-policy/ or
# the debian-policy package

HOSTNAME=edge2.usw2.admin.wit.com

case "$1" in
    configure)


        IFCONFIG="/etc/network/interfaces"
        UDEVCONFIG="/etc/udev/rules.d/70-persistent-net.rules"
	FRRCONFIG="/etc/frr/frr.conf.wit"

        IFCONFIG="/tmp/interfaces"
        UDEVCONFIG="/tmp/70-persistent-net.rules"
        FRRCONFIG="/tmp/frr.conf.wit"
        cp files/frr.conf.wit /tmp


     ## START gather all the info from the box and generate the variabels

        dig_txt() {
            TMPDIG=$(dig txt +short $1.${HOSTNAME})
            [ -z $TMPDIG ] && exit 2
            echo ${TMPDIG//\"/}
        }


        LOOPBACKv4=$(dig a +short ${HOSTNAME})
        LOOPBACKv6=$(dig aaaa +short ${HOSTNAME})
        NODEASN=$(dig_txt asn)

        if [ -z $LOOPBACKv4 ] || [ -z $LOOPBACKv6 ] || [ -z $NODEASN ]; then
            echo "unable to find my LOOPBACK IP and/or ASN: $LOOPBACKv4/$LOOPBACKv6/$NODEASN"
            exit 2
        fi


     ## END variables


     ## START nic config compile


      # wiping existing config in prep for de-deploying it
	mv -f ${IFCONFIG} ${IFCONFIG}.dpkg-old || true
        mv -f ${UDEVCONFIG} ${UDEVCONFIG}.dpkg-old || true





       # write loopback config
	cat <<-EOF >>$IFCONFIG
		auto lo
		iface lo inet loopback

		iface lo inet static
		    address ${LOOPBACKv4}/32

		iface lo inet6 static
		    address ${LOOPBACKv6}/128


	EOF



      # gathering defined interfaces
	FRR_IFS="!"
	FRR_NEIGH="!"
        for if in mgmt feth up ibgp gre;   do
          for i in {1..2};    do		#### for now we support/cound only to 2 interfaces of each type, we can just raise this to whatever number we want (exeption mgmt)
            ifname=${if}${i}
            ifalias=$(dig_txt name.${ifname}) || true  ## still thinking how to do this cleaner

            if [[ $ifname = gre? ]] && [[ ! -z $ifalias ]]; then
		ifmtu=$(dig_txt mtu.${ifname})
		local=$(dig_txt local.${ifname})
		remote=$(dig_txt remote.${ifname})

		## build FRR interface config to enable ND adv for ipv6 unmanaged
		FRR_IFS="$FRR_IFS\ninterface $ifname"
		FRR_IFS="$FRR_IFS\n description $ifalias"
		FRR_IFS="$FRR_IFS\n ipv6 nd ra-interval 10"
		FRR_IFS="$FRR_IFS\n no ipv6 nd suppress-ra\n!"


		## build FRR neightbor interfaces
		FRR_NEIGH="$FRR_NEIGH\n neighbor $ifname interface peer-group GRE"


		## build regular linux network interface config
		cat <<-EOF >>$IFCONFIG
			auto $ifname
			iface $ifname inet manual
			    ## $ifalias
			    pre-up ip tunnel add $ifname mode gre local $local remote $remote
			    down ip tunnel del $ifname
			    mtu $ifmtu


		EOF

            fi


            ## physical interfaces
            ifmac=$(dig_txt mac.${ifname/mgmt1/mgmt}) || continue      ## skip undefined interfaces


            echo 'SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=='${ifmac}', ATTR{type}=="1", NAME="'${ifname}'"' >>$UDEVCONFIG


            if [[ $ifname = up? ]]; then

		ipv4=$(dig_txt ipv4.$ifname)
		ipv6=$(dig_txt ipv6.$ifname)
		peerv4=$(dig_txt peerv4.$ifname) || true  ## we don't know if we will always have both available
		peerv6=$(dig_txt peerv6.$ifname) || true  ## we don't know if we will always have both available

		## if this code gets executed even once we have a upX interface, meaning we're dealing with an edge box
		FRR_IPV4_EDGE_EXTRA="  neighbor fabric default-originate"
		FRR_IPV4_EDGE_EXTRA="$FRR_IPV4_EDGE_EXTRA\n  neighbor fabric route-map FABRICv4-OUT out"
		FRR_IPV4_EDGE_EXTRA="$FRR_IPV4_EDGE_EXTRA\n  aggregate-address 168.245.146.0/24"
		FRR_IPV4_EDGE_EXTRA="$FRR_IPV4_EDGE_EXTRA\n  aggregate-address 170.199.210.0/24"
		FRR_IPV4_EDGE_EXTRA="$FRR_IPV4_EDGE_EXTRA\n  aggregate-address 170.199.211.0/24"
		FRR_IPV4_EDGE_EXTRA="$FRR_IPV4_EDGE_EXTRA\n  aggregate-address 170.199.212.0/24"
		FRR_IPV4_EDGE_EXTRA="$FRR_IPV4_EDGE_EXTRA\n  aggregate-address 170.199.213.0/24"
		FRR_IPV4_EDGE_EXTRA="$FRR_IPV4_EDGE_EXTRA\n  aggregate-address 170.199.214.0/24"
		FRR_IPV4_EDGE_EXTRA="$FRR_IPV4_EDGE_EXTRA\n  aggregate-address 170.199.215.0/24"
		FRR_IPV4_EDGE_EXTRA="$FRR_IPV4_EDGE_EXTRA\n  aggregate-address 170.199.216.0/24"
		FRR_IPV4_EDGE_EXTRA="$FRR_IPV4_EDGE_EXTRA\n  aggregate-address 170.199.217.0/24"



		FRR_IPV6_EDGE_EXTRA="  neighbor fabric default-originate"
		FRR_IPV6_EDGE_EXTRA="$FRR_IPV6_EDGE_EXTRA\n  neighbor fabric route-map FABRICv6-OUT out"
		FRR_IPV6_EDGE_EXTRA="$FRR_IPV6_EDGE_EXTRA\n  aggregate-address 2604:bbc0::/32"


		[ -z $peerv4 ] || FRR_NEIGH="$FRR_NEIGH\n neighbor $peerv4 peer-group eBGPv4"
		[ -z $peerv6 ] || FRR_NEIGH="$FRR_NEIGH\n neighbor $peerv6 peer-group eBGPv6"


		cat <<-EOF >>$IFCONFIG
			auto $ifname
			iface $ifname inet static
			    address $ipv4
			    mtu 9000

			iface $ifname inet6 static
			    address $ipv6


		EOF

            fi


            if [[ $ifname = ibgp? ]]; then
		cat <<-EOF >>$IFCONFIG
			auto $ifname
			iface $ifname inet manual
			    mtu 9000


		EOF
            fi


            if [[ $ifname = feth? ]]; then
		cat <<-EOF >>$IFCONFIG
			auto $ifname
			iface $ifname inet manual
			    mtu 9000


		EOF
            fi


            if [[ $ifname = mgmt? ]]; then
		cat <<-EOF >>$IFCONFIG
			auto $ifname
			iface $ifname inet6 auto
			iface $ifname inet dhcp
			    pre-up /bin/ip link add mgmt type vrf table mgmt
			    pre-up /bin/ip link set up dev mgmt
			    pre-up /bin/ip link set master mgmt dev $ifname
			    post-down /bin/ip link del dev mgmt


		EOF
            fi


          done
        done

     ## STOP nic config compile




     ## START writing config files


      # set frr config
	sed -i \
		-e "s/^!!! FRR_IFS/$FRR_IFS/" \
		-e "s/^!!! FRR_NEIGH/$FRR_NEIGH/"  \
		-e "s/^!!! FRR_IPV4_EDGE_EXTRA/$FRR_IPV4_EDGE_EXTRA/"  \
		-e "s/^!!! FRR_IPV6_EDGE_EXTRA/$FRR_IPV6_EDGE_EXTRA/"  \
		-e "s/FRRROUTERID/${LOOPBACKv4}/" \
		-e "s/NODEASN/${NODEASN}/"  \
		$FRRCONFIG
exit 2
        chown frr.frr $FRRCONFIG /etc/frr/daemons.wit



      # set ipsec config
        sed -i -e "s/FQHOSTNAME/${HOSTNAME}/" /etc/ipsec.conf.wit
        echo ": RSA ${HOSTNAME}.key" >/etc/ipsec.secrets



      # wite grub rules for serial terminal
        sed -i -e '/GRUB_CMDLINE_LINUX_DEFAULT=/d' -e '/GRUB_CMDLINE_LINUX=/d' -e '/GRUB_SERIAL_COMMAND=/d' -e '/GRUB_TERMINAL=/d' /etc/default/grub
	cat <<-EOF >>/etc/default/grub
		GRUB_CMDLINE_LINUX_DEFAULT=""
		GRUB_CMDLINE_LINUX="console=tty0 console=ttyS1,115200n8"
		GRUB_TERMINAL=serial
		GRUB_SERIAL_COMMAND="serial --speed=115200 --unit=1 --word=8 --parity=no --stop=1"
	EOF


      # disable password logins on ssh
        sed -i -e '/#*\s*PasswordAuthentication /d' /etc/ssh/sshd_config
        echo "PasswordAuthentication no" >>/etc/ssh/sshd_config


    ## END config file section


    ## START configuring services as we need it

        systemctl disable strongswan    # disable ipsec till we have the certs and all
        systemctl enable firewall
        systemctl restart systemd-timesyncd
        systemctl restart ssh
        
        update-grub
        
        sysctl -p /etc/sysctl.d/10-frr.conf

    ## END services section


    ;;

    abort-upgrade|abort-remove|abort-deconfigure)
    ;;

    *)
        echo "postinst called with unknown argument \`$1'" >&2
        exit 1
    ;;
esac

# dh_installdeb will replace this with shell code automatically
# generated by other debhelper scripts.

#DEBHELPER#

exit 0