#!/usr/bin/env bash

# exit if a command fails
set -o errexit

# exit if required variables are not set
set -o nounset

# return the exit status of the final command before a failure
set -o pipefail

# subshells and functions inherit ERR traps
set -E

# this script should be run as root
if [[ ${EUID} -ne 0 ]]; then
  echo "This script must be run as root"
  exit 1
fi

# make sure the correct number of arguments is provided
if [ "$#" -ne 5 ]; then
  echo "Usage: $0 <wireguard_interface> <wireguard_subnet> <wireguard_ip> <wireguard_mask> <wireguard_port>"
  echo "  e.g. $0 wg0 10.25.0 1 24 51820"
  exit 1
fi

# set variables
wireguard_interface="$1"
wireguard_subnet="$2"
wireguard_ip="$3"
wireguard_mask="$4"
wireguard_port="$5"

# set public ip address
public_ip="$(drill -4 +short myip.opendns.com @resolver1.opendns.com | awk '{if(NF > 0 && substr($1,1,1) != ";") print $NF }')"

# create config directory
wireguard_directory="$(mktemp -d)"

# delete config directory on exit
function cleanup {
  rm -rf "${wireguard_directory}"
}
trap cleanup EXIT

# set key filenames
private_key="${wireguard_directory}/private_key"
public_key="${wireguard_directory}/public_key"

# generate server keys
umask 077
wg genkey | tee "${private_key}" | wg pubkey | tee "${public_key}" >/dev/null 2>&1

# create wireguard interface
ip link add dev "${wireguard_interface}" type wireguard >/dev/null 2>&1 || true

# add ip address
ip address add dev "${wireguard_interface}" "${wireguard_subnet}.${wireguard_ip}/${wireguard_mask}" >/dev/null 2>&1 || true

# set interface mtu
ip link set mtu 1420 up dev "${wireguard_interface}" >/dev/null 2>&1 || true

# add routes
ip -4 route add "${wireguard_subnet}.0/${wireguard_mask}" dev "${wireguard_interface}" >/dev/null 2>&1 || true

# set interface config
wg set "${wireguard_interface}" listen-port "${wireguard_port}"
wg set "${wireguard_interface}" private-key "${private_key}"

# display command to add peer on another machine
echo "To add this device as a peer on another machine, run the following command:"
echo "wg set ${wireguard_interface} peer $(cat "${public_key}") allowed-ips ${wireguard_subnet}.0/${wireguard_mask} endpoint ${public_ip}:${wireguard_port}"