#!/bin/bash
set -euo pipefail

# hardcoded constants
wg_domain="wg.alemor.org"
wg_dev="wg0"

# functions
usage() {
    echo "Usage: $(basename $0) [COMMAND] [DESTINATION]"
    case $1 in
	main)
	    echo "Automatically configure WireGuard peer connection to a given destination that you are able to SSH to and are a sudoer on."
	    echo "Commands:"
	    echo "    add"
	    echo "    del"
	    ;;
	add)
	    echo "Add a peer connection."
	    ;;
	del)
	    echo "Delete a peer connection."
	    ;;
    esac
    exit 1
}

cmd_add() {
    # add peer on dest
    sshp sudo wg set $wg_dev peer "'${host_key}'" endpoint $host_fqdn:$host_port allowed-ips $host_wgip/32
    line="$host_wgip\t$host_name.$wg_domain"
    regex="^[0-9.]+\s+$host_name.$wg_domain\$"
    sshp "sed -E -e '/$regex/{s/.*/$line/;:a;n;ba;q}' -e '\$a $line' /etc/hosts | sudo tee /etc/hosts > /dev/null"
    
    # add peer on host
    sudo wg set $wg_dev peer "${dest_key}" endpoint $dest_fqdn:$dest_port allowed-ips $dest_wgip/32
    line="$dest_wgip\t$dest_name.$wg_domain"
    regex="^[0-9.]+\s+$dest_name.$wg_domain\$"
    sed -E -e "/$regex/{s/.*/$line/;:a;n;ba;q}" -e "\$a $line" /etc/hosts | sudo tee /etc/hosts > /dev/null

    echo "Peer $dest_name.$wg_domain added with internal IP $dest_wgip"
}

cmd_del() {
    # delete peer on dest
    regex="^[0-9.]+\s+$host_name.$wg_domain\$"
    sshp "sed -E -e '/$regex/D' /etc/hosts | sudo tee /etc/hosts > /dev/null"
    sshp wg set $wg_dev peer "${host_key}" remove
    
    # delete peer on host
    regex="^[0-9.]+\s+$dest_name.$wg_domain\$"
    sed -E -e "/$regex/D" /etc/hosts | sudo tee /etc/hosts > /dev/null
    sudo wg set $wg_dev peer "${dest_key}" remove

    echo "Peer $dest_name.$wg_domain deleted."
}

# Main

# Check args   
if [[ $# -lt 1 ]]; then
    usage main
fi
case $1 in
    add)
	cmd=add
	;;
    del|delete)
	cmd=del
	;;
    *)
	usage main
	;;
esac
if [[ $# -lt 2 ]]; then
    usage $cmd
else
    dest=$2
fi

# ask for local sudo password
sudo -p '[sudo] password for %u@%h: ' true
# connect to remote
# script expects ssh-persist to be either in the same directory as script itself, or in the path
. ssh-persist.sh "$dest" || . $(dirname $0)/ssh-persist.sh "$dest"

# gather host info
host_name=$(hostname)
host_fqdn=$(hostname --fqdn)
host_wgip=$(ip -4 addr show $wg_dev | grep -oP '(?<=inet\s)\d+(\.\d+){3}')
host_port=$(sudo wg show $wg_dev listen-port)
host_key=$(sudo wg show $wg_dev public-key)

# gather dest info
dest_name=$(sshp hostname)
dest_fqdn=$(sshp hostname --fqdn)
dest_wgip=$(sshp "ip -4 addr show $wg_dev | grep -oP '(?<=inet\s)\d+(\.\d+){3}'")
dest_port=$(sshp sudo wg show $wg_dev listen-port)
dest_key=$(sshp sudo wg show $wg_dev public-key)

cmd_${cmd}