#!/bin/bash

# Standardwerte setzen
FQDN=""
ADDR=""
GW=""
NS=""
USE_DHCP=0

# Optionen mit getopts parsen
while getopts "f:a:g:n:d" opt; do
  case $opt in
    f) FQDN="$OPTARG" ;;
    a) ADDR="$OPTARG" ;;
    g) GW="$OPTARG" ;;
    n) NS="$OPTARG" ;;
    *) echo "Ungültige Option" >&2; exit 1 ;;
  esac
done

# Gültigkeit prüfen
if [[ -z "$FQDN" ]]; then
  echo "Fehlender FQDN! Nutzung:"
  echo "$0 -f <FQDN> [-d | -a <IP/CIDR> -g <Gateway> -n <Nameserver>]"
  exit 1
fi

if (( USE_DHCP == 1 )); then
  if [[ -n "$ADDR" || -n "$GW" || -n "$NS" ]]; then
    echo "Fehler: -d darf nicht mit -a, -g oder -n kombiniert werden." >&2
    exit 1
  fi
else
  if [[ -z "$ADDR" || -z "$GW" || -z "$NS" ]]; then
    echo "Fehlende Argumente für statische Konfiguration! Nutzung:"
    echo "$0 -f <FQDN> [-d | -a <IP/CIDR> -g <Gateway> -n <Nameserver>]"
    exit 1
  fi
fi

ifdown -a 
SAAL=$(echo $ADDR | cut -f 1 -d /  | cut -f3 -d .)
OKT=$(echo $ADDR | cut -f 1 -d /  | cut -f4 -d .)
DMZIP=10.88.$OKT.1/24
LANIP=172.26.$OKT.1/24
DMZ=10.88.$OKT.0/24
LAN=172.26.$OKT.0/24


# SHORT und DOM aus FQDN berechnen
SHORT=$(echo "$FQDN" | cut -d'.' -f1)
DOM=$(echo "$FQDN" | cut -d'.' -f2-)

# /etc/hosts schreiben
cat <<HERE > /etc/hosts
127.0.0.1       localhost
127.0.1.1       $FQDN $SHORT

::1     localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
HERE

# /etc/network/interfaces schreiben
cat <<HERE > /etc/network/interfaces
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

source /etc/network/interfaces.d/*

auto lo
iface lo inet loopback

auto enp0s3
HERE

if (( USE_DHCP == 1 )); then
  echo "iface enp0s3 inet dhcp" >> /etc/network/interfaces
else
  cat <<HERE >> /etc/network/interfaces

#WAN
iface enp0s3 inet static
 address $ADDR
 gateway $GW
 post-up ip route add 10.88.0.0/16 via 192.168.$SAAL.88

#DMZ
auto enp0s8
iface enp0s8 inet static
 address $DMZIP

#LAN 
auto enp0s9
iface enp0s9 inet static
 address $LANIP

 
HERE
fi

# /etc/resolv.conf schreiben (nur bei statischer Konfiguration)
if (( USE_DHCP == 0 )); then
  cat <<HERE > /etc/resolv.conf
search $DOM
nameserver $NS
HERE
else
  echo > /etc/resolv.conf
fi

# Hostname setzen
hostnamectl set-hostname "$FQDN"

#Forwarding anschalten
echo "net.ipv4.ip_forward = 1" > /etc/sysctl.d/99-forward.conf
sysctl --system

#NFTABLES
cat <<HERE > /etc/nftables.conf
#!/usr/sbin/nft -f

# Variablen
define LAN = $LAN
define DMZ = $DMZ

# Alte Regeln löschen
flush ruleset

# NAT-Tabelle mit Regeln
table ip nat {
    chain postrouting {
        type nat hook postrouting priority 100; policy accept;
        
        # DMZ nach 192.168.Y.0/24 - kein NAT (RETURN)
        ip saddr  \$DMZ ip daddr 192.168.$SAAL.0/24 return
        
        # DMZ nach 10.88.0.0/16 - kein NAT (RETURN)
        ip saddr  \$DMZ ip daddr 10.88.0.0/16 return
        
        # DMZ nach außen (enp0s3) - Masquerade
        ip saddr \$DMZ oif enp0s3 masquerade
        
        # LAN nach außen - Masquerade
        ip saddr \$LAN oif enp0s3 masquerade
        
    }
}
HERE
systemctl enable nftables --now
systemctl restart nftables
ifup -a