#!/usr/bin/bash
# Lokinetfy by Kropotkin 
#
# Session ONS: Kropotkin (050138dde520d3155c5da92a5dc35e51a153684d9a73d79d69711102130cb7bc1f)
#
# Makes an application run through lokinet                             
#
# * This is highly based on the Schnouki's blog post[1] and script[2], please check the references *
#                        
# References:
# [1] https://schnouki.net/post/2014/openvpn-for-a-single-application-on-linux/
# [2] https://gist.github.com/Schnouki/fd171bcb2d8c556e8fdf


if [[ $UID != 0 ]]; then
    echo "This must be run as root."
    exit 1
fi

function iface_up() {
    if ip netns ls | grep lokins >/dev/null ; then
        iface_down
    fi
    ip netns add lokins

    ip netns exec lokins ip addr add 127.0.0.1/8 dev lo
    ip netns exec lokins ip link set lo up

    ip link add lokins type veth peer name vpn1
    ip link set lokins up
    ip link set vpn1 netns lokins up

    ip addr add 10.200.200.1/24 dev lokins
    ip netns exec lokins ip addr add 10.200.200.2/24 dev vpn1
    ip netns exec lokins ip route add default via 10.200.200.1 dev vpn1

    iptables -A INPUT \! -i lokins -s 10.200.200.0/24 -j DROP
    iptables -t nat -A POSTROUTING -s 10.200.200.0/24 -o wl+ -j MASQUERADE

    sysctl -q net.ipv4.ip_forward=1

    mkdir -p /etc/netns/lokins 
    echo 'nameserver 127.3.2.1' > /etc/netns/lokins/resolv.conf
    echo 'nameserver 9.9.9.9' >> /etc/netns/lokins/resolv.conf
}

function iface_down() {
    sysctl -q net.ipv4.ip_forward=0

    iptables -D INPUT \! -i lokins -s 10.200.200.0/24 -j DROP
    iptables -t nat -D POSTROUTING -s 10.200.200.0/24 -o wl+ -j MASQUERADE

    ip netns exec lokins lokinet-vpn --down
    ip netns delete lokins
    ip link delete lokins
}

function run() {
    shift
    exec sudo ip netns exec lokins sudo -u $(who am i | awk '{print $1}') "$@"
}

function start_vpn() {
    ip netns exec lokins lokinet 2>&1 >/dev/null &

    while ! ip netns exec lokins ip a show dev lokitun0 up 2>/dev/null >/dev/null; do
        sleep .5
    done
    exitdotloki=$(host exit.loki | grep handled | cut -d' ' -f7 | sed -e 's/\.$//')
    while [[ $(ip netns exec lokins lokinet-vpn --status) != "::/0 via $exitdotloki" ]] ; do
        ip netns exec lokins lokinet-vpn --up --exit $exitdotloki
    done
}

case "$1" in
    stop)
        iface_down ;;
    run)
        run "$@" ;;
    start)
	iface_up && start_vpn ;;
    *)
        echo "Syntax: $0 run|start|stop"
        exit 1
        ;;
esac