#!/usr/bin/env bash
set -e

SECOND_IP="$1"
[ -z "$SECOND_IP" ] && echo "Usage: $0 SECOND_IP" && exit 1
[ "$(id -u)" -ne 0 ] && echo "Run as root" && exit 1

DEFAULT_LINE=$(ip route show default | head -n1)
GATEWAY=$(echo "$DEFAULT_LINE" | awk '{for(i=1;i<=NF;i++){if($i=="via"){print $(i+1); exit}}}')
DEV=$(echo "$DEFAULT_LINE" | awk '{for(i=1;i<=NF;i++){if($i=="dev"){print $(i+1); exit}}}')

systemctl list-unit-files | grep -q '^x-ui.service' || { echo "x-ui.service not found"; exit 1; }

[ ! -f /etc/systemd/system/xray.slice ] && cat <<EOF >/etc/systemd/system/xray.slice
[Unit]
Description=Xray traffic slice
Before=slices.target
EOF

mkdir -p /etc/systemd/system/x-ui.service.d
cat <<EOF >/etc/systemd/system/x-ui.service.d/slice.conf
[Service]
Slice=xray.slice
EOF

systemctl daemon-reload
systemctl restart x-ui.service

iptables -t mangle -C OUTPUT -m cgroup --path xray.slice -j MARK --set-mark 1 2>/dev/null || \
iptables -t mangle -A OUTPUT -m cgroup --path xray.slice -j MARK --set-mark 1

iptables -t nat -C POSTROUTING -m mark --mark 1 -o "$DEV" -j SNAT --to-source "$SECOND_IP" 2>/dev/null || \
iptables -t nat -A POSTROUTING -m mark --mark 1 -o "$DEV" -j SNAT --to-source "$SECOND_IP"

grep -qE '^\s*100\s+xray\b' /etc/iproute2/rt_tables 2>/dev/null || echo "100 xray" >> /etc/iproute2/rt_tables

ip rule del fwmark 1 table 100 2>/dev/null || true
ip rule add fwmark 1 table 100
ip route flush table 100 2>/dev/null || true
ip route add default via "$GATEWAY" dev "$DEV" src "$SECOND_IP" table 100

sysctl -w net.core.default_qdisc=fq >/dev/null
sysctl -w net.ipv4.tcp_congestion_control=bbr >/dev/null
grep -q 'net.core.default_qdisc=fq' /etc/sysctl.conf 2>/dev/null || cat <<EOF >>/etc/sysctl.conf
net.core.default_qdisc=fq
net.ipv4.tcp_congestion_control=bbr
EOF
sysctl -p >/dev/null || true

cat <<EOF >/usr/local/sbin/xray-routing.sh
#!/bin/bash
ip rule add fwmark 1 table 100 2>/dev/null || true
ip route add default via "$GATEWAY" dev "$DEV" src "$SECOND_IP" table 100 2>/dev/null || true
EOF

chmod +x /usr/local/sbin/xray-routing.sh

cat <<EOF >/etc/systemd/system/xray-routing.service
[Unit]
Description=Policy routing for Xray dual-IP
After=network-online.target
Wants=network-online.target

[Service]
Type=oneshot
ExecStart=/usr/local/sbin/xray-routing.sh
RemainAfterExit=yes

[Install]
WantedBy=multi-user.target
EOF

systemctl daemon-reload
systemctl enable xray-routing.service
systemctl start xray-routing.service

echo "OK: $SECOND_IP active"