#!/bin/bash
dpkg-reconfigure openssh-server

# the "northbound" interface connecting the gateway to the "real" server/clab hypervisor (NOT management-interface!)
ip addr replace dev eth1 10.192.40.2/29

# the "southbound" interface towards all the clients that we are DHCP server for
ip addr replace dev eth2 192.168.0.254/24 

# "eastbound" gw<->jumphost1 eth3 and 172.16.200/23 behind jumphost1
ip addr replace dev eth3 172.16.202.32/31
# ip route replace 172.16.200/23 via 172.16.202.33

echo "nameserver 192.168.0.254" > /etc/resolv.conf

useradd -m keycollector
mkdir -p /home/keycollector/.ssh/
echo "restrict ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKpofQk36/HtJcTSHVqFY9f0iyliVnDRWKpPvlnS3v5F keycollect-identity" > /home/keycollector/.ssh/authorized_keys
chown keycollector:keycollector /home/keycollector/.ssh/ -Rv

# ----------------------------------------------------------------------
# Run the long pipeline in the background, but start it only after 60 s.
# The rest of the script continues immediately.
# ----------------------------------------------------------------------

(
    # wait 180 seconds first
    sleep 180
    /usr/local/bin/online-users.sh
) > /online-users.txt &   # ← background the whole subshell


# launch dnsmasq (automatically backgrounds)
(dnsmasq --no-daemon --log-facility=/dns.log --log-queries) &
# dnsmasq --no-daemon 

/usr/sbin/sshd -D