#!/bin/sh

SOCKS_HOST=${SOCKS_IP:-192.168.31.240}

# Wait for SOCKS proxy to be ready
echo "Waiting for SOCKS proxy..."
until nc -z "$SOCKS_HOST" 1080; do
  echo "SOCKS proxy not ready yet, waiting..."
  sleep 5
done
echo "SOCKS proxy is ready!"

# Start redsocks
redsocks -c /etc/redsocks.conf &
sleep 2

# создать/очистить цепочку
iptables -t nat -N REDSOCKS 2>/dev/null || true
iptables -t nat -F REDSOCKS

# гарантированно первой в OUTPUT
iptables -t nat -D OUTPUT -p tcp -j REDSOCKS 2>/dev/null || true
iptables -t nat -I OUTPUT 1 -p tcp -j REDSOCKS

# исключения
iptables -t nat -A REDSOCKS -d 127.0.0.0/8 -j RETURN
iptables -t nat -A REDSOCKS -d 192.168.0.0/16 -j RETURN
iptables -t nat -A REDSOCKS -d 10.0.0.0/8 -j RETURN
iptables -t nat -A REDSOCKS -d 172.16.0.0/12 -j RETURN
# (по желанию) исключить сам socks-хост точечно:
iptables -t nat -A REDSOCKS -d "$SOCKS_HOST" -p tcp --dport 1080 -j RETURN

# редирект всего остального tcp
iptables -t nat -A REDSOCKS -p tcp -j REDIRECT --to-ports 12345

N8N_BIN="/usr/local/bin/n8n"

if [ ! -x "$N8N_BIN" ]; then
  echo "n8n binary not found at $N8N_BIN"
  exit 1
fi

# Start n8n
exec su-exec node "$N8N_BIN" start