#!/bin/bash
# WireGuard configuration script for football system
# This script sets up WireGuard with provided keys

set -e

# Variables - these will be passed from build script
WG_ENDPOINT_IP="${WG_ENDPOINT_IP:-192.0.2.1}"
WG_ENDPOINT_PORT="${WG_ENDPOINT_PORT:-51820}"
WG_PRIVATE_KEY="${WG_PRIVATE_KEY}"
WG_PUBLIC_KEY="${WG_PUBLIC_KEY}"

if [ -z "$WG_PRIVATE_KEY" ] || [ -z "$WG_PUBLIC_KEY" ]; then
    echo "ERROR: WireGuard keys not provided"
    echo "Set WG_PRIVATE_KEY and WG_PUBLIC_KEY environment variables"
    exit 1
fi

echo "Configuring WireGuard..."

# Replace placeholders in template
sed -e "s|<PRIVATE_KEY_PLACEHOLDER>|$WG_PRIVATE_KEY|g" \
    -e "s|<PUBLIC_KEY_PLACEHOLDER>|$WG_PUBLIC_KEY|g" \
    -e "s|<ENDPOINT_IP>|$WG_ENDPOINT_IP|g" \
    -e "s|<ENDPOINT_PORT>|$WG_ENDPOINT_PORT|g" \
    /etc/wireguard/wg0.conf.template > /etc/wireguard/wg0.conf

# Secure the configuration
chmod 600 /etc/wireguard/wg0.conf

# Enable and start WireGuard
systemctl enable wg-quick@wg0
systemctl start wg-quick@wg0

# Verify connection
sleep 2
if ip link show wg0 >/dev/null 2>&1; then
    echo "WireGuard interface wg0 is UP"
    echo "All network traffic now routed through VPN"
else
    echo "WARNING: WireGuard interface not detected"
    exit 1
fi

echo "WireGuard configuration complete"