#!/bin/bash

. shared.sh
. hosts.sh
. ssh.sh

for host in ${hosts_all[@]}; do
    remote=root@$host

    echo
    echo $host
    echo

    cp etc/nftables/nftables-${hosts_firewall[$host]:-web}.conf tmp
    sed -i "s/{{synproxy_threshold}}/$(( ${hosts_conntrack_size[$host]} / 64 ))/g" tmp
    sed -i "s/{{ssh_ipv4}}/$ssh_ipv4/g" tmp
    sed -i "s/{{ssh_ipv6}}/$ssh_ipv6/g" tmp
    rsync tmp $remote:/etc/nftables.conf
    rm tmp
    ssh $remote systemctl enable --now nftables.service
done