#!/bin/sh

umask 077
set -e

WG_IF=${WG_INTERFACE:-wg0}
PHY_IF=${WG_HOST_INTERFACE:-$(ip route | awk '/default/ { print $5 }')}
ADDRESS=${WG_ADDRESS:-192.168.2.1}

function shutdown() {
 wg-quick down $WG_IF
 iptables -D FORWARD -i $WG_IF -j ACCEPT; iptables -t nat -D POSTROUTING -o $PHY_IF -j MASQUERADE
 wg showconf $WG_IF > /etc/wireguard/$WG_IF.conf
 killall sleep
}

/usr/bin/wireguard-go $WG_IF

if [ ! -f "/etc/wireguard/$WG_IF.conf" ]; then
 mkdir -p /etc/wireguard/keys
 wg genkey | tee /etc/wireguard/keys/$WG_IF | wg pubkey > /etc/wireguard/keys/$WG_IF.pub 
 wg set $WG_IF private-key /etc/wireguard/keys/$WG_IF
 wg set $WG_IF listen-port 51820
else
 wg setconf $WG_IF /etc/wireguard/$WG_IF.conf
fi

trap shutdown EXIT

ifconfig $WG_IF up $ADDRESS
iptables -A FORWARD -i $WG_IF -j ACCEPT; iptables -t nat -A POSTROUTING -o $PHY_IF -j MASQUERADE

sleep 100000000