#!/bin/sh

umask 077
set -e

WG_IF=${WG_INTERFACE:-wg0}
PHY_IF=${WG_HOST_INTERFACE:-$(ip route | awk '/default/ { print $5 }')}
ADDRESS=${WG_ADDRESS:-10.200.200.1/24}

function shutdown() {
 CONF=$(wg showconf $WG_IF)
 if [ ! -z "$CONF" ]; then
  echo "$CONF" > /etc/wireguard/$WG_IF.conf
 fi
 ip link del dev $WG_IF
 setup_iptables "D"
 killall sleep
}

function setup_iptables() {
 if [ ! -z "$WG_REDIRECT_DNS" ]; then
  iptables -t nat -$1 OUTPUT -p udp --dport 53 -j DNAT --to $WG_REDIRECT_DNS
  iptables -t nat -$1 OUTPUT -p tcp --dport 53 -j DNAT --to $WG_REDIRECT_DNS
 fi 
 iptables -$1 FORWARD -i $WG_IF -j ACCEPT
 iptables -$1 FORWARD -i $WG_IF -o $PHY_IF -m state --state RELATED,ESTABLISHED -j ACCEPT
 iptables -$1 FORWARD -i $PHY_IF -o $WG_IF -m state --state RELATED,ESTABLISHED -j ACCEPT
 iptables -t nat -$1 POSTROUTING -s $ADDRESS -o $PHY_IF -j MASQUERADE;
}

/usr/bin/wireguard-go $WG_IF

if [ ! -f "/etc/wireguard/$WG_IF.conf" ]; then
 mkdir -p /etc/wireguard/keys
 wg genkey | tee /etc/wireguard/keys/$WG_IF | wg pubkey > /etc/wireguard/keys/$WG_IF.pub 
 wg set $WG_IF private-key /etc/wireguard/keys/$WG_IF
 wg set $WG_IF listen-port 51820
else
 wg setconf $WG_IF /etc/wireguard/$WG_IF.conf
fi

trap shutdown EXIT SIGTERM SIGTERM

ip link set up dev $WG_IF
ip address add $ADDRESS dev $WG_IF
setup_iptables "A"

if [ -e "/usr/bin/wg-event-gen" ]; then
 /usr/bin/wg-event-gen /var/run/wireguard/$WG_IF.sock 3000
else
 while [ -e "/sys/class/net/$WG_IF/operstate" ]; do
  sleep 10
 done
fi 

shutdown