nm-wg-import

#!/bin/bash

# SPDX-FileCopyrightText: 2022 - 2024 sudorook <daemon@nullcodon.com>
#
# SPDX-License-Identifier: GPL-3.0-or-later
#
# This program is free software: you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by the Free
# Software Foundation, either version 3 of the License, or (at your option)
# any later version.
#
# This program is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
# for more details.
#
# You should have received a copy of the GNU General Public License along
# with this program. If not, see <https://www.gnu.org/licenses/>.

set -euo pipefail

ROOT="$(dirname "${0}")"

source "${ROOT}"/globals

! check_command nmcli sed systemctl && exit 3

# Script requires nm-cli, so check that the Network Manager service is running.
if ! systemctl is-active --quiet NetworkManager; then
  show_info "Enabling Network Manager systemd service."
  sudo systemctl start --now NetworkManager
fi

function check_wg_config {
  local in="${1}"
  local name="${1%.*}"
  name="$(basename "${1}")"
  local conn
  local conn_data

  local ipv4addr
  local ipv6addr

  local found=false

  ipv4addr="$(sed -n "s/^Address = \(.*\)/\1/p" "${in}" | cut -d"," -f1)"
  ipv6addr="$(sed -n "s/^Address = \(.*\)/\1/p" "${in}" | cut -d"," -f2)"

  # Check whether the config IP addresses, etc. are already found in an
  # existing connection.
  while read -r conn; do
    [ -z "${conn}" ] && continue
    conn_data="$(nmcli conn show "${conn}")"
    if [[ "${conn_data}" =~ ipv6.addresses:\ *${ipv6addr} ]] &&
       [[ "${conn_data}" =~ ipv4.addresses:\ *${ipv4addr} ]] &&
       [[ "${conn_data}" =~ connection.interface-name:\ *${name} ]]; then
      found=true
      break
    fi
  done <<< \
    "$(nmcli conn show |
       sed -n "s/^\([A-Za-z0-9()\ -]\+\)\s\+[a-f0-9-]\+\s\+wireguard\s\+.*/\1/p" |
       sed -e "s/ \+$//g")"

  if "${found}"; then
    show_warning "WARNING: matching configuration for ${in@Q} already exists." >&2
    return 1
  else
    return 0
  fi
}

function import_wg_config {
  local in="${1}"
  local name="${in%.*}"
  name="$(basename "${name}")"
  nmcli conn import type wireguard file "${in}"
  nmcli conn down "${name}"
  nmcli conn modify "${name}" connection.autoconnect no
}

function rename_wg_iface {
  local in="${1}"
  local oldname="${in%.*}"
  oldname="$(basename "${oldname}")"
  local newname="${2}"
  local id="${1##*[-_]}"
  id="${id%.*}"
  if [[ "${newname}" =~ ${id} ]]; then
    nmcli conn modify "${oldname}" connection.id "${newname}"
  else
    nmcli conn modify "${oldname}" connection.id "${newname} (${id})"
  fi
}

function print_usage {
  show_info "Usage: nm-wg-import -i <config file> -n <wg connection name>"
}

#
# Main
#

OPTIONS=hi:n:
LONGOPTIONS=help,input:,name:
PARSED=$(getopt -o "${OPTIONS}" --long "${LONGOPTIONS}" -n "${0}" -- "${@}")
eval set -- "${PARSED}"

while [ ${#} -ge 1 ]; do
  case "${1}" in
    -i | --input)
      INPUT="${2}"
      shift 2
      ;;
    -n | --name)
      NAME="${2}"
      shift 2
      ;;
    -h | --help)
      print_usage
      exit
      ;;
    --)
      shift
      break
      ;;
    *)
      show_error "ERROR: unknown flag ${1@Q}. Exiting."
      exit 3
      ;;
  esac
done

if ! [[ -v INPUT ]]; then
  show_error "ERROR: no input given. Exiting."
  exit 3
fi

if ! [ -f "${INPUT}" ]; then
  show_error "ERROR: input ${INPUT@Q} does not exist. Exiting."
  exit 3
fi

if check_wg_config "${INPUT}"; then
  import_wg_config "${INPUT}"
  if [[ -v NAME ]]; then
    if [[ -n "${NAME}" ]]; then
      rename_wg_iface "${INPUT}" "${NAME}"
    fi
  fi
fi