#!/usr/bin/env bash # ============================================ # Lifecycle # ============================================ function config::on_load() { config::validate } # ============================================ # Server # ============================================ WG_INTERFACE="wg0" WG_CONFIG="$(ctx::wg)/${WG_INTERFACE}.conf" WG_SERVER_PUBLIC_KEY_FILE="$(ctx::wg)/server_public.key" WG_SERVER_PRIVATE_KEY_FILE="$(ctx::wg)/server_private.key" WG_ENDPOINT="wg.krilio.net:51820" WG_DNS="10.0.0.103" WG_LISTEN_PORT="51820" WG_SUBNET="10.1.0.0/16" # ============================================ # Device Type → Subnet Mapping # ============================================ declare -gA DEVICE_SUBNETS=( [desktop]="10.1.1" [laptop]="10.1.2" [phone]="10.1.3" [tablet]="10.1.4" [guest]="10.1.100" ) # ============================================ # Device Type → Default AllowedIPs # ============================================ declare -gA DEVICE_ALLOWED_IPS=( [desktop]="0.0.0.0/0" [laptop]="0.0.0.0/0" [phone]="0.0.0.0/0" [tablet]="0.0.0.0/0" [guest]="0.0.0.0/0" ) # ============================================ # Accessors # ============================================ function config::interface() { echo "$WG_INTERFACE"; } function config::config_file() { echo "$WG_CONFIG"; } function config::endpoint() { echo "$WG_ENDPOINT"; } function config::dns() { echo "$WG_DNS"; } function config::listen_port() { echo "$WG_LISTEN_PORT"; } function config::subnet() { echo "$WG_SUBNET"; } function config::server_public_key() { cat "$WG_SERVER_PUBLIC_KEY_FILE" } function config::device_types() { local types { set +u; types="${!DEVICE_SUBNETS[@]}"; set -u; } echo "$types" } function config::is_valid_type() { local type="$1" local subnet subnet=$(config::subnet_for "$type") [[ -n "$subnet" ]] } function config::subnet_for() { local type="$1" local result { set +u; result="${DEVICE_SUBNETS[$type]:-}"; set -u; } echo "$result" } function config::allowed_ips_for() { local type="$1" local result { set +u; result="${DEVICE_ALLOWED_IPS[$type]:-0.0.0.0/0}"; set -u; } echo "$result" } # ============================================ # Validation # ============================================ function config::validate() { if [[ ! -f "$WG_SERVER_PUBLIC_KEY_FILE" ]]; then log::error "Server public key not found: ${WG_SERVER_PUBLIC_KEY_FILE}" exit 1 fi if [[ ! -f "$WG_SERVER_PRIVATE_KEY_FILE" ]]; then log::error "Server private key not found: ${WG_SERVER_PRIVATE_KEY_FILE}" exit 1 fi if [[ ! -f "$WG_CONFIG" ]]; then log::error "WireGuard config not found: ${WG_CONFIG}" exit 1 fi }