#!/bin/bash -e

# vyatta-wireguard
#
# Usage: `./wireguard.sh [upgrade|uninstall]`.
#
# When called without arguments, the latest version will be fetched and installed.
#
# To automatically install the latest version of WireGuard after Firmware upgrades,
# this script should be placed in `/config/scripts/post-config.d/wireguard.sh`.
#
# Change `BOARD` to match your hardware. See: https://github.com/Lochnair/vyatta-wireguard/releases
BOARD=e300 # ER4
# Don't touch the lines below

CMD_WRAPPER=/opt/vyatta/sbin/vyatta-cfg-cmd-wrapper

echo "Fetching WireGuard releases..."
releases=$(curl -sSL https://api.github.com/repos/WireGuard/wireguard-vyatta-ubnt/releases)

is_installed () {
  dpkg -S wireguard >/dev/null 2>&1
}

get_local_version () {
  ! is_installed && return

  dpkg-query --showformat='${Version}' --show wireguard
}

get_latest_version () {
  echo $releases | jq -r --arg version "$BOARD-v2" \
    '[.[] | select(.assets | .[].browser_download_url | contains($version))][0] | .tag_name'
}

get_latest_download_url () {
  echo $releases | jq -r --arg version "$BOARD-v2" \
    '[.[].assets | .[] | select(.browser_download_url | contains($version))][0] | .browser_download_url'
}

install_latest_version () {
  curl -L -o "/tmp/wireguard-$BOARD.deb" $(get_latest_download_url)
  dpkg -i "/tmp/wireguard-$BOARD.deb"
  rm "/tmp/wireguard-$BOARD.deb"
}

uninstall () {
  $CMD_WRAPPER begin
  $CMD_WRAPPER set interfaces wireguard wg0 route-allowed-ips false
  $CMD_WRAPPER commit
  $CMD_WRAPPER delete interfaces wireguard
  $CMD_WRAPPER commit
  sudo rmmod wireguard
  sudo dpkg --purge wireguard
}

# uninstall
if [ "$1" = "uninstall" ]; then
  ! is_installed && (echo "WireGuard is not installed."; exit 1)

  echo "Uninstalling WireGuard..."
  uninstall
  exit 0
fi

# upgrade
if [ "$1" = "upgrade" ]; then
  latest_version=$(get_latest_version)
  local_version=$(get_local_version)

  if [[ "$latest_version" = "$local_version" || "${latest_version}-1" = "$local_version" ]]; then
    echo "WireGuard is up-to-date. (local: $(get_local_version); remote: $latest_version)"
    exit 0
  fi

  if ! is_installed; then
    echo "WireGuard is not installed yet. Run script without arguments to install."
    exit 1
  fi

  echo "Upgrading WireGuard from $local_version to $latest_version..."
  uninstall
  install_latest_version
  sudo modprobe wireguard
  $CMD_WRAPPER load
  $CMD_WRAPPER commit
  echo "Upgrade done."
  exit 0
fi

# install
if is_installed; then
  echo "WireGuard $(get_local_version) is already installed."
  exit 1
fi

echo "Installing latest WireGuard version..."
install_latest_version
$CMD_WRAPPER begin
$CMD_WRAPPER load
$CMD_WRAPPER commit
$CMD_WRAPPER end
echo "Installation done."

exit 0