#!/usr/bin/env python3

from bundlewrap.repo import Repository
from os.path import realpath, dirname
from sys import argv
from ipaddress import ip_network, ip_interface

repo = Repository(dirname(dirname(realpath(__file__))))

server_node = repo.get_node(argv[1])
data = server_node.metadata.get(f'wireguard/clients/{argv[2]}')

vpn_network = ip_interface(server_node.metadata.get('wireguard/my_ip')).network
allowed_ips = [
    vpn_network,
    ip_interface(server_node.metadata.get('network/internal/ipv4')).network,
]
for peer in server_node.metadata.get('wireguard/s2s').values():
    for network in peer['allowed_ips']:
        if not ip_network(network).subnet_of(vpn_network):
            allowed_ips.append(ip_network(network))

conf = \
f'''>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

[Interface]
PrivateKey = {repo.libs.wireguard.privkey(data['peer_id'])}
ListenPort = 51820
Address = {data['peer_ip']}
DNS = 172.30.0.1

[Peer]
PublicKey = {repo.libs.wireguard.pubkey(server_node.metadata.get('id'))}
PresharedKey = {repo.libs.wireguard.psk(data['peer_id'], server_node.metadata.get('id'))}
AllowedIPs = {', '.join(str(client_route) for client_route in sorted(allowed_ips))}
Endpoint = {ip_interface(server_node.metadata.get('network/external/ipv4')).ip}:51820
PersistentKeepalive = 10

<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<'''

print(conf)

if input("print qrcode? [yN]: ").upper() == 'Y':
    import pyqrcode
    print(pyqrcode.create(conf).terminal(quiet_zone=1))