#!/bin/bash -e
set -euo pipefail
instances="${instances:-20}"
bridge="${bridge:-"br1"}"
ethernet="${ethernet:-"br0"}"
zone="${zone:-"trusted"}"

ensure_ip_forwarding() {
    grep -q 1 /proc/sys/net/ipv4/ip_forward || echo -e 'net.ipv4.ip_forward = 1\nnet.ipv6.conf.all.forwarding = 1' > /etc/sysctl.d/ip_forward.conf
}

install_packages() {
    zypper -n in openvswitch os-autoinst-openvswitch firewalld libcap-progs
}

configure_firewall() {
    systemctl enable --now firewalld
    firewall-cmd --permanent --get-services | grep -q isotovideo && firewall-cmd --permanent --delete-service=isotovideo
    firewall-cmd --permanent --new-service isotovideo
    for i in $(seq 1 $instances); do firewall-cmd --permanent --service=isotovideo --add-port=$((i * 10 + 20003))/tcp ; done
    firewall-cmd --permanent --zone="$zone" --add-service=isotovideo
    firewall-cmd --get-default-zone | grep -q "$zone" || firewall-cmd --set-default-zone="$zone"
    systemctl reload firewalld
}

setup_multi_machine() {
    systemctl enable --now openvswitch
    ovs-vsctl list-br | grep -q $bridge && ovs-vsctl del-br $bridge
    ovs-vsctl add-br $bridge
    echo "OS_AUTOINST_USE_BRIDGE=$bridge" > /etc/sysconfig/os-autoinst-openvswitch
    cat > /etc/sysconfig/network/ifcfg-$bridge <<EOF
BOOTPROTO='static'
IPADDR='10.0.2.2/15'
STARTMODE='auto'
ZONE="$zone"
OVS_BRIDGE='yes'
PRE_UP_SCRIPT="wicked:gre_tunnel_preup.sh"
OVS_BRIDGE_PORT_DEVICE_0='tap0'
EOF
    cat > /etc/sysconfig/network/ifcfg-tap0 <<EOF
BOOTPROTO='none'
IPADDR=''
NETMASK=''
PREFIXLEN=''
STARTMODE='auto'
TUNNEL='tap'
TUNNEL_SET_GROUP='nogroup'
TUNNEL_SET_OWNER='_openqa-worker'
EOF
    for i in $(seq 1 $instances; seq 64 $((64+$instances)); seq 128 $((128+$instances))); do ln -sf ifcfg-tap0 /etc/sysconfig/network/ifcfg-tap$i && echo "OVS_BRIDGE_PORT_DEVICE_$i='tap$i'" >> /etc/sysconfig/network/ifcfg-$bridge; done
    cat > /etc/firewalld/zones/"$zone".xml <<EOF
<?xml version="1.0" encoding="utf-8"?>
<zone target="ACCEPT">
  <short>"${zone^}"</short>
  <description>All network connections are accepted.</description>
  <service name="isotovideo"/>
  <interface name="$bridge"/>
  <interface name="ovs-system"/>
  <interface name="$ethernet"/>
  <masquerade/>
</zone>
EOF
    cat > /etc/wicked/scripts/gre_tunnel_preup.sh <<EOF
#!/bin/sh
action="\$1"
bridge="\$2"
ovs-vsctl set bridge \$bridge stp_enable=true
# TODO add entries according to your network topology
#ovs-vsctl --may-exist add-port \$bridge gre1 -- set interface gre1 type=gre options:remote_ip=<IP address of other host>
EOF
    chmod +x /etc/wicked/scripts/gre_tunnel_preup.sh
    systemctl enable os-autoinst-openvswitch
    systemctl restart openvswitch os-autoinst-openvswitch
}

main() {
    if ! readlink /etc/systemd/system/network.service | grep -q wicked.service ; then
        echo "This script will only work with wicked network daemon"
        exit 1
    fi
    ensure_ip_forwarding
    install_packages
    configure_firewall
    setup_multi_machine
}

caller 0 >/dev/null || main "$@"
