#!/bin/bash

set -e

# 1. Variables
IFACE=$(ip -o route get 8.8.8.8 | awk '{print $5}')
TAILSCALE_CONF="/etc/sysctl.d/90-tailscale.conf"

echo "[INFO] Detected external interface: $IFACE"

# 2. Enable forwarding in UFW
echo "[INFO] Setting DEFAULT_FORWARD_POLICY to ACCEPT"
sudo sed -i 's/^DEFAULT_FORWARD_POLICY=.*/DEFAULT_FORWARD_POLICY="ACCEPT"/' /etc/default/ufw

# 3. Insert NAT rules in before.rules
echo "[INFO] Adding NAT rules to /etc/ufw/before.rules (if not already present)"
NAT_RULE="-A POSTROUTING -s 100.64.0.0/10 -o $IFACE -j MASQUERADE"
if ! sudo grep -qF -- "$NAT_RULE" /etc/ufw/before.rules; then
  sudo sed -i "1i*nat\n:POSTROUTING ACCEPT [0:0]\n$NAT_RULE\nCOMMIT\n" /etc/ufw/before.rules
fi

# 4. Allow routed traffic from Tailscale to external interface
echo "[INFO] Allowing routed traffic from tailscale0 to $IFACE"
sudo ufw route allow in on tailscale0 out on $IFACE

# 5. Enable IP forwarding via sysctl
echo "[INFO] Writing sysctl settings to $TAILSCALE_CONF"
echo "net.ipv4.ip_forward = 1" | sudo tee $TAILSCALE_CONF
echo "net.ipv6.conf.all.forwarding = 1" | sudo tee -a $TAILSCALE_CONF
sudo sysctl -p $TAILSCALE_CONF

# 6. Enable GRO settings for performance (via ethtool)
echo "[INFO] Creating network-dispatcher script for ethtool optimization"
sudo mkdir -p /etc/networkd-dispatcher/routable.d
cat <<EOF | sudo tee /etc/networkd-dispatcher/routable.d/50-tailscale
#!/bin/sh
ethtool -K $IFACE rx-udp-gro-forwarding on rx-gro-list off
EOF
sudo chmod 755 /etc/networkd-dispatcher/routable.d/50-tailscale
sudo /etc/networkd-dispatcher/routable.d/50-tailscale

# 7. Reload UFW
echo "[INFO] Reloading UFW rules"
sudo ufw reload

# 8. Final message
echo
echo "[INFO] Exit node setup complete."
echo "You can now enable this server as a Tailscale exit node with:"
echo "  sudo tailscale down"
echo "  sudo tailscale up --advertise-exit-node"

nano tailscale-exit-node-setup.sh

sudo chmod +x ./tailscale-exit-node-setup.sh

./tailscale-exit-node-setup.sh