#!/bin/bash

WG_NUM=$1
WG_CONF="/etc/wireguard"
PRIV_KEY_FILE="wg${WG_NUM}_privatekey"
PUB_KEY_FILE="wg${WG_NUM}_publickey"
CONF_FILE="wg${WG_NUM}.conf"

if [ -z "$1" ]; then
    echo "Wireguard interface number not provided."
    exit 1
fi

if ! [[ "$1" =~ ^-?[0-9]+([.][0-9]+)?$ ]]; then
    echo "Wireguard interface number has to be a number."
    exit 2
fi

wg genkey | tee wg"$WG_NUM"_privatekey | wg pubkey > wg"$WG_NUM"_publickey

PRIVATE_KEY=$(cat $PRIV_KEY_FILE)

sudo mkdir -p $WG_CONF
sudo mv ./$PRIV_KEY_FILE $WG_CONF
sudo mv ./$PUB_KEY_FILE $WG_CONF

read -p "Enter IP (as server) (e.g. 192.168.${WG_NUM}.1/24): " ADDRESS
read -p "Enter wireguard subnet, should be the subnet of server IP: " WG_SUBNET
read -p "Enter physical interface for nat out: " PHY
read -p "Enter port to listern (e.g. 51820): " LISTEN_PORT


CONF_CONTENT="[Interface]
PrivateKey = $PRIVATE_KEY
SaveConfig = false
Address = $ADDRESS
ListenPort = $LISTEN_PORT
PostUp = iptables -A FORWARD -i wg$WG_NUM -j ACCEPT; iptables -t nat -A POSTROUTING -s $WG_SUBNET -o $PHY -j MASQUERADE
PostDown = iptables -D FORWARD -i wg$WG_NUM -j ACCEPT; iptables -t nat -D POSTROUTING -s $WG_SUBNET -o $PHY -j MASQUERADE
"

echo "$CONF_CONTENT" > "$CONF_FILE"
sudo mv "$CONF_FILE" "$WG_CONF"

echo "Config saved to: $WG_CONF/$CONF_FILE"