#!/bin/bash

SERVER_PRIVATE_KEY_PATH="/etc/wireguard/privatekey"
SERVER_PUBLIC_KEY_PATH="/etc/wireguard/publickey"
CLIENT_PRIVATE_KEY_PATH="/etc/wireguard/client_privatekey"
CLIENT_PUBLIC_KEY_PATH="/etc/wireguard/client_publickey"
WG_CONFIG="/etc/wireguard/wg0.conf"
CLIENT_CONFIG="/etc/wireguard/wg-client.conf"
SERVER_ADDRESS="10.0.0.1/24"
CLIENT_ADDRESS="10.0.0.2/32"
SERVER_PORT="51820"
DNS="1.1.1.1"

mkdir -p /etc/wireguard

if [ ! -f "$SERVER_PRIVATE_KEY_PATH" ]; then
    wg genkey | tee $SERVER_PRIVATE_KEY_PATH | wg pubkey > $SERVER_PUBLIC_KEY_PATH
fi

SERVER_PRIVATE_KEY=$(cat $SERVER_PRIVATE_KEY_PATH)
SERVER_PUBLIC_KEY=$(cat $SERVER_PUBLIC_KEY_PATH)

if [ ! -f "$CLIENT_PRIVATE_KEY_PATH" ]; then
    wg genkey | tee $CLIENT_PRIVATE_KEY_PATH | wg pubkey > $CLIENT_PUBLIC_KEY_PATH
fi

CLIENT_PRIVATE_KEY=$(cat $CLIENT_PRIVATE_KEY_PATH)
CLIENT_PUBLIC_KEY=$(cat $CLIENT_PUBLIC_KEY_PATH)

if [ ! -f "$WG_CONFIG" ]; then
cat > $WG_CONFIG << EOF
[Interface]
PrivateKey = $SERVER_PRIVATE_KEY
Address = $SERVER_ADDRESS
ListenPort = $SERVER_PORT
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE

[Peer]
PublicKey = $CLIENT_PUBLIC_KEY
AllowedIPs = $CLIENT_ADDRESS
EOF
fi
chmod 600 /etc/wireguard/wg0.conf

# Obtain the external IP address of the server
EXTERNAL_IP=$(curl -s ifconfig.me)

# Check if we successfully got the IP
if [ -z "$EXTERNAL_IP" ]; then
    echo "Failed to obtain external IP address."
    exit 1
fi
EXTERNAL_IP=$(curl -s ifconfig.me)
CLIENTS=${CLIENTS:-1}  # Default to 1 client if not specified

for ((i = 1; i <= CLIENTS; i++)); do
    CLIENT_PRIVATE_KEY=$(wg genkey)
    CLIENT_PUBLIC_KEY=$(echo "$CLIENT_PRIVATE_KEY" | wg pubkey)
    CLIENT_CONFIG="/etc/wireguard/client$i.conf"

    # Generate client config
    cat > "$CLIENT_CONFIG" << EOF
[Interface]
PrivateKey = $CLIENT_PRIVATE_KEY
Address = 10.0.0.$((i+1))/32
DNS = $DNS

[Peer]
PublicKey = $SERVER_PUBLIC_KEY
Endpoint = $EXTERNAL_IP:$SERVER_PORT
AllowedIPs = 0.0.0.0/0
EOF
done