#!/bin/sh

# EnsureTUN device exists
if [ ! -c /dev/net/tun ]; then
    mkdir -p /dev/net
    mknod /dev/net/tun c 10 200
    chmod 600 /dev/net/tun
fi

# Enable IP forwarding
sysctl -w net.ipv4.ip_forward=1 || true


# NAT MASQUERADE
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

# MSS Clamping (Path MTU Tuning)
# Works for both directions in one rule on the FORWARD chain
iptables -I FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu


# Start OpenRC (needed for rc-service if we use it, but better to start openvpn directly or via rc)
# Since we are in Alpine, we can try to start the service if configured, 
# but Container 4 main.py might expect rc-service to work.
openrc default

# Start the APP_PROFILER API
# We use 0.0.0.0 to be reachable from other containers
python main.py