#!/bin/bash

_fatal () { echo ":: wireguard [FATAL]: ${@}. Cannot initialise Wireguard!"; break=y; }

if [ -s /etc/wireguard/initcpio/unlock ]; then
    . /etc/wireguard/initcpio/unlock
fi

run_hook()
{
    if [ -z $INTERFACE ]; then
        _fatal 'Interface name is not defined!'
        return 1
    fi

    if [ -z $INTERFACE_ADDR ]; then
        _fatal 'Interface address is not defined!'
        return 1
    fi

    if [ -z $PEER_PUBLIC_KEY ]; then
        _fatal 'Peer Public Key is not defined!'
        return 1
    fi

    if [ ! -s $PRIVATE_KEYFILE ]; then
        _fatal 'Private keyfile is not defined!'
        return 1
    fi

    if [ -z $PEER_ENDPOINT ]; then
        _fatal 'Peer endpoint is not defined!'
        return 1
    fi

    if [ -z $PERSISTENT_KEEPALIVES ]; then
        _fatal 'Persistent Keep Alives is not defined!'
        return 1
    fi

    if [ -z $ALLOWED_IPS ]; then
        _fatal 'Allowed IPs is not defined!'
        return 1
    fi

    echo "Starting Wireguard."

    ip link add dev $INTERFACE type wireguard
    wg set $INTERFACE \
        private-key $PRIVATE_KEYFILE \
        peer $PEER_PUBLIC_KEY \
        endpoint $PEER_ENDPOINT \
        persistent-keepalive $PERSISTENT_KEEPALIVES \
        allowed-ips $ALLOWED_IPS
    ip addr add $INTERFACE_ADDR dev $INTERFACE
    ip link set $INTERFACE up
    ip route add $ALLOWED_IPS dev $INTERFACE
}

run_cleanuphook() {

    ip link delete dev $INTERFACE

}
# vim:set syntax=sh tw=78: