#!/usr/bin/env bash # ============================================ # Help # ============================================ function cmd::service::help() { cat < Manage the WireGuard service. Subcommands: start, up Start WireGuard stop, down Stop WireGuard restart, reload Restart WireGuard status, stat Show WireGuard status logs, log Show WireGuard logs enable Enable WireGuard on boot disable Disable WireGuard on boot Examples: wgctl start wgctl logs wgctl status EOF } # ============================================ # Run # ============================================ function cmd::service::run() { local subcmd="${1:-help}" shift || true case "$subcmd" in start) cmd::service::start ;; stop) cmd::service::stop ;; restart) cmd::service::restart ;; reload) cmd::service::reload ;; status) cmd::service::status ;; logs) cmd::service::logs ;; enable) cmd::service::enable ;; disable) cmd::service::disable ;; help) cmd::service::help ;; *) log::error "Unknown subcommand: '${subcmd}'" cmd::service::help return 1 ;; esac } # ============================================ # Subcommands # ============================================ function cmd::service::start() { log::wg_start "Starting WireGuard..." systemctl start "wg-quick@$(config::interface)" log::wg_success "WireGuard started" } function cmd::service::stop() { log::wg_stop "Stopping WireGuard..." systemctl stop "wg-quick@$(config::interface)" log::wg_success "WireGuard stopped" } function cmd::service::restart() { log::wg_start "Restarting WireGuard..." # Flush firewall rules before restart so restore starts clean iptables -F FORWARD iptables -t nat -F PREROUTING systemctl restart "wg-quick@$(config::interface)" fw::restore_blocks log::wg_success "WireGuard restarted" } function cmd::service::reload() { log::wg_start "Reloading WireGuard config..." peers::reload fw::restore_blocks } function cmd::service::status() { log::section "WireGuard Status" echo "" systemctl status "wg-quick@$(config::interface)" --no-pager echo "" log::section "Active Peers" wg show "$(config::interface)" } function cmd::service::logs() { log::section "WireGuard Logs" journalctl -u "wg-quick@$(config::interface)" -f --no-pager } function cmd::service::enable() { systemctl enable "wg-quick@$(config::interface)" log::wg_success "WireGuard enabled on boot" } function cmd::service::disable() { systemctl disable "wg-quick@$(config::interface)" log::wg_success "WireGuard disabled on boot" }