#!/usr/local/bin/bash

# restore original resolv.conf
# update DNS
# rewrite ipsec config and resart ipsec

# public at wernig.net

abort() {
	echo $1
	exit 0
}

. /etc/rc.conf

# This script is called everytime dhclient has something to do.
# We do not want do rewrite the system configuration every time,
# e.g. when we do not yet have an IP address.

IP=`ifconfig ep0 | grep "inet\ " | awk '{print $2}'`
# logger -t dhclient-script -p notice "IP is: $IP"

if [ $IP = "0.0.0.0" ]; then
	# Interface not yet configured. Just exit
	exit 0
fi

if [ $RESOLVE_LOCALLY = 'yes' -a -f /etc/resolv.conf.local ]; then 
# obviously, RESOLVE_LOCALLY = 'yes' must be set in rc.conf
# and a suitable resolv.conf must be prepared at /etc/resolv.conf.local.
# The variable $reason is set by dhclient (see dhclient-script(8)).
	if ! diff /etc/resolv.conf /etc/resolv.conf.local >/dev/null 2>&1; then
		cp /etc/resolv.conf /etc/resolv.conf.dhcp
		cp /etc/resolv.conf.local /etc/resolv.conf
		logger -t dhclient-script -p notice "$reason: Switched name resolver to use local DNS"
	fi

fi

# Update DNS entry 
# This works because I also have control of the DNS and have configured
# it to accept updates for the zone which have been signed by the key
# that this script uses.
# Restart firewall
# Rewrite IPSec config and restart IPsec

# Continue only if IP has changed

if [ -f /tmp/ip.dhcp.old ]; then
	OLDIP=`cat /tmp/ip.dhcp.old`
	if [ $IP = $OLDIP ]; then
		# logger -t dhclient-script -p notice "IP Address hasn't changed. Exiting."
		exit 0
	fi
fi

echo "$IP" > /tmp/ip.dhcp.old

# restart firewall
# logger -t dhclient-script -p notice "Restarting firewall router"
/etc/rc.d/ipfw restart

# update DNS
HOSTNAME="my.host.name"
FILE="/etc/namedb/tsig:my-key-auth."

# the actual file name is Kmy-key-auth.+157+00000.key
# it was created by dnskeygen
# This version of nsupdate adds the leading K and the rest automatically,
# others don't and take a different syntax 

echo "`date`: Updating DNS with $HOSTNAME = $IP"

cat <<EOF | /usr/sbin/nsupdate -k $FILE
update delete $HOSTNAME
update add $HOSTNAME 3600 A $IP

EOF

RES=$?
SUC=""

if [ $RES != 0 ]; then
	SUC="failed"
	echo "Failure"
else 
	SUC="succeeded"
	echo "SUCCESS"
fi

cat <<EOF | mail -s "IP Address change at home" me@my.dom.ain
	The IP Address of $HOSTNAME has changed according to dhclient ($reason).
	It is now $IP.
	I have tried to update the DNS with $HOSTNAME = $IP,
	which $SUC.
EOF


# rewrite ipsec.conf
# for this, I have prepared /etc/ipsec/ipsec.conf.tmpl, which is the same
# as /etc/ipsec/ipsec.conf, but my IP Address replaced by "# MYIP #" whereever
# it occurs, and a line just reading "# DATE #" 

if [ -f /etc/ipsec/ipsec.conf.tmpl ]; then
	date=`date`
	cp /etc/ipsec/ipsec.conf /etc/ipsec/ipsec.conf.bak
	cat /etc/ipsec/ipsec.conf.tmpl | sed -e s/"\# DATE \#"/"$date"/ -e s/"\# MYIP \#"/"$IP"/g > /etc/ipsec/ipsec.conf.tmp
	if [ $? -eq 0 ]; then
		mv /etc/ipsec/ipsec.conf.tmp /etc/ipsec/ipsec.conf
	fi
	/etc/rc.d/ipsec restart
fi

logger -t dhclient-script -p notice "IP Address: $IP; DNS update $SUC, firewall and ipsec restarted. Reason: $reason"

exit $RES