#!/usr/bin/env bash
set -euo pipefail
SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
source "$SCRIPT_DIR/_common.sh"

: "${WG_PORT:=51820}"
: "${WG_CIDR:=10.200.0.1/24}"

main() {
  require_root
  echo "[PLAN] $(date -Iseconds) WireGuard scaffold"
  echo "[PLAN] Will generate keys in /etc/wireguard/{privatekey,publickey} (private is 0600 root:root)"
  echo "[PLAN] Will write /etc/wireguard/wg0.conf with:"
  echo "       Address=$WG_CIDR"
  echo "       ListenPort=$WG_PORT"
  echo "       PrivateKey=(read from /etc/wireguard/privatekey)"
  echo "[PLAN] Will enable + start wg-quick@wg0"
  echo
  echo "[PLAN] Next: export DRY_RUN=0 && ./scripts/21_wireguard_apply.sh"
}
main "$@"