#!/bin/bash
# wgserver - Run on as9 (178.128.150.170, amd64)
# Creates wg1 test interface and starts the obfuscation proxy.
# Tears down wg1 on exit (Ctrl-C).
#
# Usage: sudo ./wgserver

set -e

# Pre-generated test keypairs (hardcoded, no exchange needed)
SERVER_PRIVKEY="8JjH2rQzjQ4+cLafeEV9P19CXZehhso/btxU4P+RKlM="
SERVER_PUBKEY="+zFiy1MQTzHOk6wQPGqHitZvcmmX6/xb/o7trPHpvG0="
CLIENT_PUBKEY="Y9L9W00HLumBSFlZBcXSFFcpJ16X6JCX1aXGBfxZLn4="

# Shared proxy key (relay2 Netrinos pubkey)
PROXY_KEY="mFvkKjfxwbE8+6v8v8quwysp9tH4HSlW+29RO6odo2c="

IFACE=wg1
WG_PORT=51820
PROXY_PORT=51821
SERVER_IP=10.99.0.1

cleanup() {
    echo ""
    echo "Tearing down $IFACE..."
    ip link del "$IFACE" 2>/dev/null || true
    rm -f /tmp/wg1-private
    echo "Done."
}
trap cleanup EXIT

# Write private key to temp file (wg set requires a file)
echo "$SERVER_PRIVKEY" > /tmp/wg1-private
chmod 600 /tmp/wg1-private

# Create interface
ip link add "$IFACE" type wireguard
ip addr add "$SERVER_IP/24" dev "$IFACE"
wg set "$IFACE" listen-port "$WG_PORT" private-key /tmp/wg1-private
wg set "$IFACE" peer "$CLIENT_PUBKEY" allowed-ips 10.99.0.2/32
ip link set "$IFACE" up

echo "wg1 up: $SERVER_IP, listen $WG_PORT"
wg show "$IFACE"
echo ""

# Detect binary
PROXY=./wgproxy-amd64
if [ ! -x "$PROXY" ]; then
    PROXY=./wgproxy
fi
if [ ! -x "$PROXY" ]; then
    echo "Error: no proxy binary found"
    exit 1
fi

echo "Starting proxy: listen :$PROXY_PORT -> 127.0.0.1:$WG_PORT"
echo "Press Ctrl-C to stop and tear down."
echo ""

$PROXY -listen ":$PROXY_PORT" -forward "127.0.0.1:$WG_PORT" -key "$PROXY_KEY"