# MikroTik Container Bridge Setup Script
# Created: 2026-01-25
# Repository: https://git.xtrm-lab.org/jazzymc/infrastructure
#
# Run this FIRST before setting up containers
# Creates shared bridge for all containers

#------------------------------------------------------------
# Variables
#------------------------------------------------------------
:local bridgeName "containers-br"
:local bridgeIP "172.17.0.1"
:local bridgeNet "172.17.0.0/24"
:local wanInterface "eth1_WAN"

#------------------------------------------------------------
# 1. Create bridge for containers
#------------------------------------------------------------
/interface bridge add name=$bridgeName

#------------------------------------------------------------
# 2. Add IP address to bridge
#------------------------------------------------------------
/ip address add address=$bridgeIP/24 interface=$bridgeName

#------------------------------------------------------------
# 3. Firewall - Allow container network traffic
#------------------------------------------------------------
# Input chain
/ip firewall filter add chain=input action=accept dst-address=$bridgeNet comment="Allow container network"
/ip firewall filter add chain=input action=accept src-address=$bridgeNet comment="Allow from container network"

# Forward chain
/ip firewall filter add chain=forward action=accept dst-address=$bridgeNet comment="Allow to container network"
/ip firewall filter add chain=forward action=accept src-address=$bridgeNet comment="Allow from container network"

#------------------------------------------------------------
# 4. NAT - Masquerade for container outbound traffic
#------------------------------------------------------------
/ip firewall nat add chain=srcnat action=masquerade src-address=$bridgeNet out-interface=$wanInterface comment="Container outbound NAT"

:log info "Container bridge setup complete"
:log info "Bridge: $bridgeName with IP $bridgeIP/24"