#!/bin/sh
if [ $(id -u) -ne 0 ]; then
    echo "error: must be ran as root" && exit 1
fi

apt-get update
apt-get install wireguard-tools -y

sysctl -w net.ipv4.ip_forward=1 && sudo sysctl -p # add to conf

gen_server() {
    umask 077
    wg genkey | tee /etc/wireguard/privatekey | wg pubkey > /etc/wireguard/publickey

    {
        printf "[Interface]\n"
        printf "Address = 10.0.0.1/24, fd00:db8:0:0::1/64\n"  # IPv4 and IPv6 addresses
        printf "SaveConfig = true\n"
        printf "ListenPort = CHANGEME\n"
        printf "PrivateKey = $(cat /etc/wireguard/privatekey)\n\n"
        printf "[Peer]\n"
        printf "PublicKey = $(cat /etc/wireguard/client1_publickey)\n"  # Client 1 public key
        printf "AllowedIPs = 10.0.0.2/32, fd00:db8:0:0::2/128\n"  # IPv4 and IPv6 for Client 1
        printf "MaxConnections = 5\n"
    } > /etc/wireguard/wg0.conf

    systemctl enable wg-quick@wg0 && systemctl start wg-quick@wg0
}

gen_client() {
    wg genkey | tee privatekey | wg pubkey > publickey
    {
        printf "[Interface]\n"
        printf "Address = 10.0.0.2/32\n"  # NEED V6
        printf "PrivateKey = $(cat /path/to/client/privatekey)\n"  # Client's private key
        printf "DNS = 8.8.8.8\n\n"  # DNS server (can we exclude to allow machine)

        printf "[Peer]\n"
        printf "PublicKey = $(cat /path/to/server/publickey)\n"  # Server's public key
        printf "AllowedIPs = 0.0.0.0/0, ::/0\n"  # Route all traffic through VPN
        printf "Endpoint = [Server's IP Address]:[Server's ListenPort]\n"  # Server endpoint
    } > /path/to/client/wg0.conf
}