#!/bin/bash
source ./00_env.sh
set -euo pipefail

apt install -y ipset || true
mkdir -p /etc/ipset

rm -f "$CHN_FILE"
for url in "${CHNROUTE_URLS[@]}"; do
  curl -fsSL "$url" -o /tmp/chn.tmp && grep -E '^[0-9]' /tmp/chn.tmp | sed 's/\r//g' > "$CHN_FILE" && break
done

ipset list chnroute -n &>/dev/null && ipset flush chnroute && ipset destroy chnroute || true
ipset create chnroute hash:net family inet maxelem 65536 || true

for net in 0.0.0.0/8 10.0.0.0/8 100.64.0.0/10 127.0.0.0/8 169.254.0.0/16 172.16.0.0/12 192.168.0.0/16; do
  ipset add chnroute $net || true
done

while IFS= read -r line; do
  [[ -z "$line" || "$line" =~ ^# ]] && continue
  ipset add chnroute "$line" || true
done < "$CHN_FILE"

ipset save > "$IPSET_FILE"

cat >/etc/systemd/system/ipset-load.service <<EOL
[Unit]
Description=Load ipset rules
After=network.target
[Service]
Type=oneshot
ExecStart=/sbin/ipset restore -f $IPSET_FILE
RemainAfterExit=yes
[Install]
WantedBy=multi-user.target
EOL

systemctl daemon-reload
systemctl enable ipset-load.service
systemctl start ipset-load.service || true

echo "CHNROUTE ipset 已安装"