#!/bin/sh
yourip=68.48.18.140
h=$yourip
n=andy

key_basename=ssh_host_rsa_key
input_key=/etc/ssh/$key_basename

ssh2der()
{
	ssh-keygen -e -f "$1" -m PEM | openssl rsa -RSAPublicKey_in -outform DER
}

match_and_drop_first_word()
{
	expect=$1
       	while read word rest
       	do
		if [ "$word" = "$expect" ]
		then
			printf '%s\n' "$rest"
			return
		fi
       	done
	false
}

keyscan()
{
	if [ -e keyscan.cache ]
	then
		cat keyscan.cache
	else
		ssh-keyscan -t rsa "$1"
	fi
}

keycopy()
{
	openssl rsa -in "$input_key"         -outform DER > /etc/swanctl/private/"$key_basename"
	openssl rsa -in "$input_key" -pubout -outform DER > /etc/swanctl/pubkey/"$key_basename".pub

	t=$(mktemp)

	keyscan "$yourip" | match_and_drop_first_word "$yourip" > "$t"
	ssh2der "$t" > /etc/swanctl/pubkey/"$n".pub
	rm -f "$t"
}

nocomments()
{
	sed 's/#.*//; /^ *$/d'
}


write_config()
{
	conn=$1
	remote_addrs=$2
	id=$3
	cat > /etc/swanctl/conf.d/"$conn".conf <<END
connections {
    ${conn} {
        remote_addrs = ${remote_addrs}
        vips = ::
        local {
            pubkeys = ssh_host_rsa_key.pub
            id = ${id}
        }
        remote {
            id = "${remote_addrs}"
            pubkeys = ${conn}.pub
        }
        children {
            child {
                remote_ts = 0::0/0
                dpd_action = restart
            }
        }
    }
}
secrets {
    private1 {
        file = ssh_host_rsa_key
    }
}
END
}

generate_config()
{
	iface=$(ip -oneline route get "$yourip"  | sed -ne 's/.* dev \([^ ]*\) .*/\1/p')
	[ "$iface" ] || return
	mymac=$(ip -oneline -6 addr  show dev "$iface" | sed -ne 's/.* inet6 fe80::\([^/]*\)\/.*/\1/p')
	[ "$mymac" ] || return
	write_config andy "$yourip" "$mymac"
}

test_new_config()
{
	ipsec stop

	generate_config

	ipsec start
	sleep 2
	swanctl -c
	ipsec listpubkeys
	ipsec up andy
}

set -e
keycopy
test_new_config