#
# Cookbook:: esh_wireguard
# Recipe:: peer
#
# Copyright:: 2022, https://easyself.host
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apt_package %w(wireguard resolvconf)

file '/etc/wireguard/private.key' do
  content node['esh']['wireguard']['peer']['privkey']
  owner 'root'
  group 'root'
  mode '0400'
  action :create
end

file '/etc/wireguard/public.key' do
  content node['esh']['wireguard']['peer']['pubkey']
  owner 'root'
  group 'root'
  mode '0444'
  action :create
end

template '/etc/wireguard/wg0.conf' do
  source 'peer.wg0.conf.erb'
  owner 'root'
  group 'root'
  mode '0400'
  variables privkey: node['esh']['wireguard']['peer']['privkey'],
    address: node['esh']['wireguard']['peer']['address'],
    pubkey: node['esh']['wireguard']['server']['pubkey'],
    allowedips: node['esh']['wireguard']['peer']['allowedips'],
    endpoint: node['esh']['wireguard']['peer']['endpoint']
  if node['esh']['wireguard']['peer'].key?('dns')
    variables dns: node['esh']['wireguard']['peer']['dns']
  end
  action :create
end

service 'wg-quick@wg0.service' do
  action [:enable, :start]
  subscribes :restart, 'template[/etc/wireguard/wg0.conf]', :immediately
end