public_key = $(shell cat /etc/wireguard/dmz_public_key)
name := $(shell git config list | grep user.nam | cut -d= -f2)


# Local keys

wireguard/dmz_private_key: | /bin/wg wireguard/
	wg genkey > $@
	chmod 700 $@

wireguard/dmz_public_key: wireguard/dmz_private_key | /bin/wg
	$| pubkey < $< > $@

##############################

wgkeys.rec: wireguard/dmz_public_key
	$(info Adding wireguard key as '$(name)')
	recins --verbose $@ -t $(basename $@) -f name -v '$(name)' -f pubkey -v '$(shell cat $<)'
	git add $@
	git commit -m"add wireguard key for $(name)"
	$(info Remember to git push)

wireguard/dmz.conf: xecut/nimbus/dmz.conf | wireguard/dmz_private_key
	sed 's/PRIVATE_KEY/$(shell cat $|)/' $< > $@

###### Wireguard configuration #####

wireguard/wg_peers.txt: wgkeys.rec | xecut/nimbus/wg_peer.fmt
	recsel $< -t $(basename $<) | recfmt -f $| > $@

ignored += ansible/playbooks/files/wireguard/wg0.conf

ansible/playbooks/files/wireguard/wg0.conf: wireguard/wg_peers.txt | ansible/playbooks/files/wireguard/server_head
	cd ansible && ansible-vault view playbooks/files/wireguard/server_head > playbooks/files/wireguard/wg0.conf
	cat $< >> $@
	cd ansible && ansible-vault encrypt playbooks/files/wireguard/wg0.conf


##### Installing Wireguard Client #####

.PHONY: wg-create
wg-create: wireguard/dmz.conf ## Set up wireguard keys (do this before installing)

.PHONY: wg-install
wg-install: /etc/wireguard/dmz.conf ## Install wireguard keys (use sudo)
/etc/wireguard/dmz.conf: wireguard/dmz.conf | /bin/wg
	cp $< $@

.PHONY: wg-setup
wg-setup: ansible/playbooks/files/wireguard/wg0.conf ## Renew the wireguard config
	make -C ansible wireguard