#!/bin/sh
echo "Setting up Wireguard ..."
apk add wireguard-tools

# Generate server private and public keys
mkdir -p /etc/wireguard
wg genkey | tee /etc/wireguard/server_priv.key | wg pubkey > /etc/wireguard/server_pub.key

# Generate configuration
cat <<EOF > /etc/wireguard/wg0.conf
[Interface]
PrivateKey = $(cat /etc/wireguard/server_priv.key)
Address = 10.0.0.1/24 # Server has IP in the wg network
ListenPort = 51820
#PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
#PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
EOF

# Enable IP forwarding, persistent
echo "net.ipv4.ip_forward=1" >> /etc/sysctl.d/ip_forward.conf
echo "net.ipv6.conf.all.forwarding=1" >> /etc/sysctl.d/ip_forward.conf
sysctl -p /etc/sysctl.d/ip_forward.conf

# Auto-start Wireguard on boot
apk add wireguard-tools-openrc
ln -s /etc/init.d/wg-quick /etc/init.d/wg-quick.wg0
rc-update add wg-quick.wg0
rc-service wg-quick.wg0 start