#!/usr/bin/env bash
## script to generate client wireguard configs as qr codes
# requires package `qrencode` from the repos

# does not handle cases such as multiple wireguard interfaces; modify as needed

# exit if a command fails
set -o errexit

# exit if required variables are not set
set -o nounset

# return the exit status of the final command before a failure
set -o pipefail

# make sure the correct number of arguments are passed; if not, output syntax and exit
if [ "$#" -ne 1 ]; then
  echo -e "\nUsage: $0 <client name>\n"
  exit 1
fi

# set the private subnets to be used (please change these to fit your needs)
subnet_v4="10.26.0"
mask_v4="24"

# set wireguard tunnel interface name
interface="wg1"

# determine the routes to add
route_v4="${subnet_v4}.0/${mask_v4}"

# assign arguments to variables
client="$1"

# determine ip address to use
last_ip="$(tail -n1 $"{HOME}"/gamers/userlist.txt | awk '{print $1}' | cut -d"." -f4)"
ip_addr="$((${last_ip:-1}+1))"

# set server ip and port
server="$(drill -4 +short myip.opendns.com @resolver1.opendns.com | awk '{if(NF > 0 && substr($1,1,1) != ";") print $NF }')"
port="51820"

# set directories
base_dir="${HOME}/gamers"
cert_dir="${base_dir}/${client}"

# set logfile location
log_file="${cert_dir}/certgen.log"

# delete any old keys if they exist
if [ -d "${cert_dir}" ]; then
  echo -e "\nRemoving old wireguard keys..." >> "${log_file}" 2>&1
  rm -rf "${cert_dir}"
fi

# create base directory for account
mkdir -p "${cert_dir}"

# display log location
echo -e "\nLogging all output to ${log_file}\n"

# prepend timestamp to logfile
echo -e "\nCertificate generation began at $(date +%Y/%m/%d-%H:%M)." >> "${log_file}" 2>&1

# wrap the script into a function for logging purposes
{

# generate public and private keys for the client
umask 077
wg genkey | tee "${cert_dir}"/privatekey | wg pubkey > "${cert_dir}"/publickey

# generate preshared key for the client
preshared_key="$(wg genpsk)"

# set variables for keys
client_public_key="$(cat "${cert_dir}"/publickey)"
client_private_key="$(cat "${cert_dir}"/privatekey)"
server_public_key="$(sudo cat /etc/wireguard/publickey_games)"

# add peer to wireguard server configuration
echo -e "\n### Begin server config ###"
cat <<EOL | sudo tee -a /etc/wireguard/"${interface}".conf

[Peer]
PublicKey = ${client_public_key}
PresharedKey = ${preshared_key}
AllowedIPs = ${subnet_v4}.${ip_addr}/32
EOL
echo -e "### End server config ###\n"

# reload wireguard config
sudo wg-quick down "${interface}"
sudo wg-quick up "${interface}" >/dev/null 2>&1

# generate client configuration
echo -e "\n### Begin client config ###"
cat <<EOL | tee "${cert_dir}"/client.conf
[Interface]
PrivateKey = ${client_private_key}
Address = ${subnet_v4}.${ip_addr}/${mask_v4}

[Peer]
PublicKey = ${server_public_key}
PresharedKey = ${preshared_key}
Endpoint = ${server}:${port}
AllowedIPs = ${route_v4}
PersistentKeepalive = 25
EOL
echo -e "### End client config ###\n"

# generate qr encoding of client configuration
qrencode -t ansiutf8 < "${cert_dir}"/client.conf | tee "${cert_dir}"/qrcode.conf

# end function
} 2>&1 | tee -a "${log_file}" >/dev/null

# append timestamp to logfile
echo -e "\nFinished generating Wireguard certs.\n\nCertificate generation finished at $(date +%Y/%m/%d-%H:%M).\n" >> "${log_file}"

# store info about the gamer
echo "${subnet_v4}.${ip_addr} ${client}" >> "${HOME}/gamers/userlist.txt" 2>&1

# display client config as qr code
echo -e "\n$(cat "${cert_dir}"/qrcode.conf)\n"