#!/bin/bash

declare -A usage
declare -A varia
version="beta 1.0"
sumary="$0 [options]"

usage[l]="Locale iface"
varia[l]=local_iface

usage[w]="wan iface (must be already configured. If you want the local net to have internet access, you need to put your gw here)"
varia[w]=wan_iface
wan_iface=

usage[d]="dhcp on local iface"
varia[d]=enable_dhcp
enable_dhcp=false

usage[H]="hostapd on local iface"
varia[H]=enable_hostapd
enable_hostapd=false

usage[n]="Network part of ip (without last dot). ONLY classes A,B,C or D allowed"
varia[n]=net
net="192.168.99"

usage[i]="Host part of local_iface IP (without first dot)"
varia[i]=host_ip
host_ip=254

usage[s]="SSID of wifi network"
varia[s]=ssid
ssid="The candy cave charliiiiiiiie!"

usage[p]="PSK of wifi network"
varia[p]=psk
psk="Ho! They stole my kidney :("


. driglibash-args

dots=${net//[^.]}
netmask=$((${#dots}*8+8))

if [ -z "$local_iface" ] ; then
	die "You muste provide a local iface (-l)"
fi

root_or_die

run    nmcli device set $local_iface managed no
clean "nmcli device set $local_iface managed yes"

run    ip a add $net.$host_ip/$netmask dev $local_iface
clean "ip a del $net.$host_ip/$netmask dev $local_iface"

if [ -n "$wan_iface" ] ; then
	old_value="$(sysctl net.ipv4.ip_forward)"
	run sysctl net.ipv4.ip_forward=1
	clean "sysctl net.ipv4.ip_forward=$old_value"

	# Allow paquets to local network
	run    iptables -A OUTPUT -d $net.0/$netmask -o $local_iface -j ACCEPT
	clean "iptables -D OUTPUT -d $net.0/$netmask -o $local_iface -j ACCEPT"

	# Allow input from local network
	run    iptables -A INPUT -s $net.0/$netmask -i $local_iface -j ACCEPT
	clean "iptables -D INPUT -s $net.0/$netmask -i $local_iface -j ACCEPT"
	
	# Nat paquets from local network
	run    iptables -t nat -A POSTROUTING -s $net.0/$netmask -j MASQUERADE
	clean "iptables -t nat -D POSTROUTING -s $net.0/$netmask -j MASQUERADE"

	# Allow related paquets to come back in local network
	run    iptables -A FORWARD -o $local_iface -m state --state RELATED,ESTABLISHED -j ACCEPT
	clean "iptables -D FORWARD -o $local_iface -m state --state RELATED,ESTABLISHED -j ACCEPT"

	# Forward paquets from local net
	run    iptables -A FORWARD -i $local_iface -j ACCEPT
	clean "iptables -D FORWARD -i $local_iface -j ACCEPT"
fi

if $enable_dhcp ; then
	# For dhcp offers
	run    iptables -A OUTPUT -d 255.255.255.255/32 -j ACCEPT
	clean "iptables -D OUTPUT -d 255.255.255.255/32 -j ACCEPT"
	run    iptables -A INPUT  -s 255.255.255.255 -j ACCEPT
	clean "iptables -D INPUT  -s 255.255.255.255 -j ACCEPT"
	
	start dnsmasq "--dhcp-range=$net.100,$net.199,1m" --server=9.9.9.9 -q --listen-address "$net.$host_ip" --interface "$local_iface" -p0 -d
fi


if $enable_hostapd ; then
	# Write config
	hostapd_config="$(mktemp)"
	echo >"$hostapd_config" <<-EOF
		interface=$local_iface
		ctrl_interface=/var/run/hostapd
		hw_mode=g
		channel=1
		wpa=2
		ssid=$ssid
		wpa_passphrase=$psk
		wpa_key_mgmt=WPA-PSK WPA-EAP
	EOF
	start hostapd -d "$hostapd_config"
fi

echo "PRESS CTRL+C TO QUIT"
while : ; do
	sleep infinity
done

clean