#! /bin/bash

# Require descriptive device name arg from user.
device_name=$1
if [ -z "$device_name" ]; then
    echo 'Missing device name arg' >&2
    exit 1 
fi

# Want this script to be executed w/`sudo` so don't need it anywhere in here.
wg genkey | tee /etc/wireguard/clients/${device_name}.key | wg pubkey | tee /etc/wireguard/clients/${device_name}.key.pub

priv_key=$(cat /etc/wireguard/clients/${device_name}.key)
pub_key=$(cat /etc/wireguard/clients/${device_name}.key.pub)

# start client numbering at 150, store next value in ~/bin/wg-qr-client-nxt-ip.conf
nxt_ip=$(cat /home/jody/bin/wg-qr-client-nxt-ip.conf)
echo $((nxt_ip+1)) > /home/jody/bin/wg-qr-client-nxt-ip.conf

# IPv4 & Public key for primary wireguard hub/server (assuming this script is running on that machine...look them up to avoid hard-coding so this script can be shared).
hub_ip_addr=$(ifconfig eth0 | grep 'inet ' | cut -d' ' -f10)
hub_pub_key=$(wg | grep public | cut -d' ' -f5)

cat > /etc/wireguard/clients/${device_name}.conf <<EOL
[Interface]
Address = 10.0.0.${nxt_ip}/32
ListenPort = 61666
PrivateKey = ${priv_key}
DNS = 10.0.0.143

[Peer]
PublicKey = ${hub_pub_key}
AllowedIPs = 10.0.0.0/24
Endpoint = ${hub_ip_addr}:61666
EOL

# Append new peer to ISH-VPS server in /etc/wireguard/wg0.conf
cat >> /etc/wireguard/wg0.conf <<EOL

[Peer]
# ${device_name}
PublicKey = ${pub_key}
AllowedIPs = 10.0.0.${nxt_ip}/32
EOL

# Restart wg0 interface to finalize changes.
systemctl restart wg-quick@wg0

# Output QR-code to the terminal
# (YAGNI, also output to PNG file for later use...maybe could send to ntfy).
cat /etc/wireguard/clients/${device_name}.conf | qrencode -t ansiutf8