#!/bin/bash
set -e
export FORMAT=YAML

echo GETTING UUIDs
cali_bastion_uuid=$(grep uuid tmp/cali-bastion-install.yaml)
cali_bastion_uuid=${cali_bastion_uuid#uuid: }
vanc_bastion_uuid=$(grep uuid tmp/vanc-bastion-install.yaml)
vanc_bastion_uuid=${vanc_bastion_uuid#uuid: }
cali_protected_uuid=$(grep uuid tmp/cali-protected-install.yaml)
cali_protected_uuid=${cali_protected_uuid#uuid: }
vanc_protected_uuid=$(grep uuid tmp/vanc-protected-install.yaml)
vanc_protected_uuid=${vanc_protected_uuid#uuid: }

echo BUILDING SSH COMMANDS
key_path=$(grep 'key_path:' tmp/cali-bastion-install.yaml | awk '{ print $2 }')
ssh_cali_bastion="ssh -i ${key_path} \
  -p $(grep port tmp/cali-bastion-install.yaml | cut -d "'" -f2) \
  root@$(grep ip tmp/cali-bastion-install.yaml | awk '{ print $2 }')"
ssh_vanc_bastion="ssh -i ${key_path} \
  -p $(grep port tmp/vanc-bastion-install.yaml | cut -d "'" -f2) \
  root@$(grep ip tmp/vanc-bastion-install.yaml | awk '{ print $2 }')"
ssh_cali_protected="ssh -i ${key_path} \
  -p $(grep port tmp/cali-protected-install.yaml | cut -d "'" -f2) \
  root@$(grep ip tmp/cali-protected-install.yaml | awk '{ print $2 }')"
ssh_vanc_protected="ssh -i ${key_path} \
  -p $(grep port tmp/vanc-protected-install.yaml | cut -d "'" -f2) \
  root@$(grep ip tmp/vanc-protected-install.yaml | awk '{ print $2 }')"

echo INSPECTING VMs
detee-cli vm inspect $cali_bastion_uuid > tmp/cali-bastion-inspect.yaml
detee-cli vm inspect $vanc_bastion_uuid > tmp/vanc-bastion-inspect.yaml
detee-cli vm inspect $cali_protected_uuid > tmp/cali-protected-inspect.yaml
detee-cli vm inspect $vanc_protected_uuid > tmp/vanc-protected-inspect.yaml

echo GETTING WIREGUARD IP AND PORTS
cali_wg_ip=$(grep 'ip: ' tmp/cali-bastion-install.yaml)
cali_wg_ip=${cali_wg_ip#ip: }
vanc_wg_ip=$(grep 'ip: ' tmp/vanc-bastion-install.yaml)
vanc_wg_ip=${cali_wg_ip#ip: }
cali_wg_port=$(grep exposed_ports -A 2 tmp/cali-bastion-inspect.yaml | tail -1)
cali_wg_port=${cali_wg_port#- }
vanc_wg_port=$(grep exposed_ports -A 2 tmp/vanc-bastion-inspect.yaml | tail -1)
vanc_wg_port=${cali_wg_port#- }

echo GENERATING WIREGUARD KEYS
wg genkey > tmp/cali_bastion_private.key
cat tmp/cali_bastion_private.key | wg pubkey > tmp/cali_bastion_public.key
wg genkey > tmp/vanc_bastion_private.key
cat tmp/vanc_bastion_private.key | wg pubkey > tmp/vanc_bastion_public.key
wg genkey > tmp/cali_protected_private.key
cat tmp/cali_protected_private.key | wg pubkey > tmp/cali_protected_public.key
wg genkey > tmp/vanc_protected_private.key
cat tmp/vanc_protected_private.key | wg pubkey > tmp/vanc_protected_public.key

echo PREPARING WIREGUARD CONFIGS
cp -r wg_configs tmp/
sed -i "s,CALI_BASTION_PRIVATE,$(cat tmp/cali_bastion_private.key)," tmp/wg_configs/*
sed -i "s,CALI_BASTION_PUBLIC,$(cat tmp/cali_bastion_public.key)," tmp/wg_configs/*
sed -i "s,VANC_BASTION_PRIVATE,$(cat tmp/vanc_bastion_private.key)," tmp/wg_configs/*
sed -i "s,VANC_BASTION_PUBLIC,$(cat tmp/vanc_bastion_public.key)," tmp/wg_configs/*
sed -i "s,CALI_PROTECTED_PRIVATE,$(cat tmp/cali_protected_private.key)," tmp/wg_configs/*
sed -i "s,CALI_PROTECTED_PUBLIC,$(cat tmp/cali_protected_public.key)," tmp/wg_configs/*
sed -i "s,VANC_PROTECTED_PRIVATE,$(cat tmp/vanc_protected_private.key)," tmp/wg_configs/*
sed -i "s,VANC_PROTECTED_PUBLIC,$(cat tmp/vanc_protected_public.key)," tmp/wg_configs/*

sed -i "s,VANC_BASTION_IP,${vanc_wg_ip}," tmp/wg_configs/*
sed -i "s,CALI_BASTION_IP,${cali_wg_ip}," tmp/wg_configs/*
sed -i "s,VANC_BASTION_PORT,${vanc_wg_port}," tmp/wg_configs/*
sed -i "s,CALI_BASTION_PORT,${cali_wg_port}," tmp/wg_configs/*

echo INSTALLING SOFTWARE
$ssh_cali_bastion pacman -Syu --noconfirm > tmp/cali_bastion.log 2>&1
$ssh_vanc_bastion pacman -Syu --noconfirm > tmp/vanc_bastion.log 2>&1
$ssh_cali_protected pacman -Syu --noconfirm > tmp/vanc_protected.log 2>&1
$ssh_vanc_protected pacman -Syu --noconfirm > tmp/vanc_protected.log 2>&1
$ssh_cali_bastion pacman -S wireguard-tools --needed --noconfirm > tmp/cali_bastion.log 2>&1
$ssh_vanc_bastion pacman -S wireguard-tools --needed --noconfirm > tmp/vanc_bastion.log 2>&1
$ssh_cali_protected pacman -S wireguard-tools --needed --noconfirm > tmp/vanc_protected.log 2>&1
$ssh_vanc_protected pacman -S wireguard-tools --needed --noconfirm > tmp/vanc_protected.log 2>&1

echo UPLOADING WIREGUARD CONFIG
{
  cat tmp/wg_configs/cali-bastion-server.conf | $ssh_cali_bastion tee /etc/wireguard/server.conf
  cat tmp/wg_configs/cali-bastion-client.conf | $ssh_cali_bastion tee /etc/wireguard/vanc.conf
  cat tmp/wg_configs/vanc-bastion-server.conf | $ssh_vanc_bastion tee /etc/wireguard/server.conf
  cat tmp/wg_configs/vanc-bastion-client.conf | $ssh_vanc_bastion tee /etc/wireguard/cali.conf
  cat tmp/wg_configs/cali-protected-cali.conf | $ssh_cali_protected tee /etc/wireguard/cali.conf
  cat tmp/wg_configs/cali-protected-vanc.conf | $ssh_cali_protected tee /etc/wireguard/vanc.conf
  cat tmp/wg_configs/vanc-protected-cali.conf | $ssh_vanc_protected tee /etc/wireguard/cali.conf
  cat tmp/wg_configs/vanc-protected-vanc.conf | $ssh_vanc_protected tee /etc/wireguard/vanc.conf
} > /dev/null

echo STARTING WIREGUARD
$ssh_cali_bastion wg-quick up server
$ssh_vanc_bastion wg-quick up server
$ssh_vanc_bastion wg-quick up cali
$ssh_cali_protected wg-quick up cali
$ssh_vanc_protected wg-quick up cali
$ssh_cali_bastion wg-quick up vanc
$ssh_cali_protected wg-quick up vanc
$ssh_vanc_protected wg-quick up vanc