#!/usr/bin/env bash

apk add --no-cache wireguard-tools-wg

local_gateway=$(ip route | grep default | awk '{print $3}')
# This used as the gateway address for NAT-PMP to work properly
wg_gateway="{{ wg_dns }}"
wg_peer_address=$(echo "{{ wg_peer_endpoint }}" | cut -d: -f1)

ip route add "$wg_peer_address" via "$local_gateway"
ip link add wg0 type wireguard
wg setconf wg0 /etc/wireguard/wg0.conf
ip address add dev wg0 "{{ wg_address }}"
ip link set wg0 up
ip route add "$wg_gateway" dev wg0
ip route del default
ip route add default via "$wg_gateway"

# Note that the DNS isn't changed, so there's actually a leak there
# That's on purpose, just in case I want to access local jackett from qbit

# Finally, optionally allow access to the home network
# ip route add "\{\{ home_network }}" via "$local_gateway"