#!/bin/sh

kiki_hostkey=/var/cache/kiki/config/ssh_host_rsa_key
debian_hostkey=/etc/ssh/ssh_host_rsa_key

determine_lan_ip()
{
  ip -4 -oneline addr show |
    while read n dev _ ip rest; do
      case "$rest" in
        *'scope global'*) ;;
        *) continue ;;
      esac
      # Exclude our IP address on br0 -- hosts connected via this device should
      # be receiving DNS servers from us via DHCP, so dyndns is unnecessary.
      # However, perhaps we could install a third entry in the dyndns. (Perhaps
      # something like *.br0.ssh.cryptonomic.net would give us automatic names
      # for all devices.)
      case "$dev" in
        br0) continue ;;
      esac
      echo ${ip%/*}
      break
    done
}

ssh_cryptonomic_net__known_hosts()
{
cat <<'END'
|1|ORqVRkqd0LO25vHCB0LezHAgwRE=|ih7EYLpvg9jpU86/0Od0N8Ur36c= ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBHkIETz7wmKd7TZgb3NPeUElZDjZqw2VPd8yDOBTj5UzUBmcgCyE1oCS3Oe1iO9zJWpPtG0QyYa29lKi+vN6pN4=
END
}

tmpfile=$(mktemp) || exit 1
trap 'rm -f "$tmpfile"' EXIT
ssh_cryptonomic_net__known_hosts > "$tmpfile"

lan_ip=$(determine_lan_ip)

if [ "$lan_ip" ]; then
  set -- lan "$lan_ip"
else
  set --
fi

hostkey=
for f in "$kiki_hostkey" "$debian_hostkey"; do
    [ -r "$f" ] || continue
    hostkey=$f
    break
done

ssh -o GlobalKnownHostsFile="$tmpfile" ${hostkey:+ -i "$hostkey"} dyndns@ssh.cryptonomic.net "$@"