#!/usr/bin/env python3

from bundlewrap.repo import Repository
from os.path import realpath, dirname
from sys import argv
from ipaddress import ip_network, ip_interface

if len(argv) != 3:
    print(f'usage: {argv[0]} <node> <client>')
    exit(1)

repo = Repository(dirname(dirname(realpath(__file__))))
server_node = repo.get_node(argv[1])

if argv[2] not in server_node.metadata.get('wireguard/clients'):
    print(f'client {argv[2]} not found in: {server_node.metadata.get("wireguard/clients").keys()}')
    exit(1)

data = server_node.metadata.get(f'wireguard/clients/{argv[2]}')

vpn_network = ip_interface(server_node.metadata.get('wireguard/my_ip')).network
allowed_ips = [
    vpn_network,
    ip_interface(server_node.metadata.get('network/internal/ipv4')).network,
]
for peer in server_node.metadata.get('wireguard/s2s').values():
    for network in peer['allowed_ips']:
        if not ip_network(network).subnet_of(vpn_network):
            allowed_ips.append(ip_network(network))

conf = f'''
[Interface]
PrivateKey = {repo.libs.wireguard.privkey(data['peer_id'])}
ListenPort = 51820
Address = {data['peer_ip']}
DNS = 172.30.0.1

[Peer]
PublicKey = {repo.libs.wireguard.pubkey(server_node.metadata.get('id'))}
PresharedKey = {repo.libs.wireguard.psk(data['peer_id'], server_node.metadata.get('id'))}
AllowedIPs = {', '.join(str(client_route) for client_route in sorted(allowed_ips))}
Endpoint = {ip_interface(server_node.metadata.get('network/external/ipv4')).ip}:51820
PersistentKeepalive = 10
'''

print('>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>')
print(conf)
print('<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<')

if input("print qrcode? [Yn]: ").upper() in ['', 'Y']:
    import pyqrcode
    print(pyqrcode.create(conf).terminal(quiet_zone=1))