#!/bin/sh

if [ "$(id -u)" -ne 0 ]; then
echo "You are not root."
exit 1
fi

pidfile=/srv/gitbot/wjail.pid

if ! [ -f "$pidfile" ]; then
echo "wjail not running."
exit 1
fi

PID="$(cat "$pidfile")"

# Attach iproute2 netns
ip netns attach gitbot $PID

# Add veth devices
ip link add veth-wjail type veth peer veth0 netns gitbot

# Assign ip addresses
ip addr add 10.1.1.1/24 dev veth-wjail
ip netns exec gitbot ip addr add 10.1.1.2/24 dev veth0

# Bring interfaces up
ip link set veth-wjail up
ip netns exec gitbot ip link set veth0 up

# Assign default gateway
ip netns exec gitbot route add default gw 10.1.1.1

# Enable IP forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward

# Add NAT forwarding rule
iptables -t nat -A POSTROUTING -s 10.1.1.2/16 -j MASQUERADE

#####################################################################
# If there are "no route to host" errors in the container, check:
# # firewall-cmd --list-all
# If there is a masquerade: no line, run:
# # firewall-cmd --add-masquerade --permanent
# # firewall-cmd --reload
#####################################################################