firmware/src/packages/fff/fff-wireguard/files/etc/layer3.d/50-wireguard

. /lib/functions.sh
. /lib/functions/fff/network
. /lib/functions/fff/babel

#load board specific properties
BOARD="$(uci get board.model.name)"
. /etc/network.$BOARD
[ -n "$ROUTERMAC" ] || ROUTERMAC=$(get_mac_label)

configure() {
	# remove peers missing in gateway config
	remove_wgpeer() {
		local name="$1"

		# check prefix
		if [ "$name" = "${name#wg_}" ]; then
			return
		fi

		if ! uci -q get gateway.${name#wg_} > /dev/null; then
			# remove interface
			uci -q del network.$name
			# remove wireguard config
			uci -q del network.@wireguard_$name[0]

			# remove iif-rules
			babel_delete_iifrules "$name"
			# remove babel interface
			babel_delete_interface "$name"
		fi
	}

	config_load babeld
	config_foreach remove_wgpeer interface


	# add new peers
	add_wgpeer() {
		local name="$1"
		local prefixname="wg_$name"

		# ensure name length
		if [ ${#name} -gt 12 ]; then
			echo "ERROR: name $name is too long!"
			exit 1
		fi

		# get rxcost
		if rxcost=$(uci -q get gateway.$name.rxcost); then
			rxcost="$rxcost"
		else
			rxcost=16384
		fi

		# get wireguard properties
		local privkey
		local pubkey
		local endpoint_host
		local endpoint_port
		local persistent_keepalive
		local mtu

		if ! privkey=$(uci -q get gateway.$name.local_private_key); then
			privkey=$(wg genkey)
			uci set gateway.$name.local_private_key="$privkey"
		fi

		if ! pubkey=$(uci get gateway.$name.remote_public_key); then
			echo "ERROR: publickey for ${name} missing!"
			exit 1
		fi

		if ! endpoint_host=$(uci get gateway.$name.endpoint_host); then
			echo "ERROR: endpoint_host for ${name} missing!"
			exit 1
		fi

		if ! endpoint_port=$(uci get gateway.$name.endpoint_port); then
			echo "ERROR: endpoint_port for ${name} missing!"
			exit 1
		fi

		persistent_keepalive=$(uci -q get gateway.$name.persistent_keepalive)
		mtu=$(uci -q get gateway.$name.mtu)


		# add interface
		uci set network.$prefixname=interface
		uci set network.$prefixname.proto=wireguard
		uci set network.$prefixname.nohostroute='1'
		uci set network.$prefixname.fwmark='0xc8'
		uci set network.$prefixname.mtu="${mtu:-1420}"

		uci set network.$prefixname.private_key="$privkey"
		echo "INFO: publickey for wireguardpeer ${name}: $(uci get gateway.$name.local_private_key | wg pubkey)"


		# add wireguard properties
		if uci -q get network.@wireguard_$prefixname[0] > /dev/null; then
			#config already exists
			cfg="@wireguard_$prefixname[0]"
		else
			#create new config
			cfg=$(uci add network wireguard_$prefixname)
		fi

		uci set network.$cfg.public_key="$pubkey"
		uci set network.$cfg.endpoint_host="$endpoint_host"
		uci set network.$cfg.endpoint_port="$endpoint_port"
		uci set network.$cfg.persistent_keepalive="$persistent_keepalive"
		uci -q delete network.$cfg.allowed_ips
		uci add_list network.$cfg.allowed_ips='::/0'
		uci add_list network.$cfg.allowed_ips='0.0.0.0/0'


		# remove old addresses
		uci -q del network.$prefixname.addresses

		# add link local address
		uci add_list network.$prefixname.addresses="$(owipcalc "fe80::/64" add "::$(ipEUISuffix "$ROUTERMAC")")"

		# add peer_ip
		babel_add_peeraddr "network.$prefixname.addresses"
		babel_add_peer6addr "network.$prefixname.addresses"

		# add iif-rules
		babel_add_iifrules "$prefixname" || { echo "ERROR: Could not add iif-rules for wgpeer $name"; exit 1; }

		# add babel interface
		babel_add_interface "$prefixname" "$prefixname" 'wired' "$rxcost" || { echo "ERROR: Could not add babeld interface for wgpeer $name"; exit 1; }
	}

	config_load gateway
	config_foreach add_wgpeer wireguardpeer
}

apply() {
	uci commit network
	uci commit babeld
	uci commit gateway
}

revert() {
	uci revert network
	uci revert babeld
	uci revert gateway
}