#!/usr/bin/env bash # ============================================ # Lifecycle # ============================================ function cmd::remove::on_load() { flag::register --name flag::register --type flag::register --force } # ============================================ # Help # ============================================ function cmd::remove::help() { cat < [options] Permanently remove a WireGuard client. This will delete the client config, keys, and remove it from the server. Options: --name Full client name (e.g. phone-nuno) --force Skip confirmation prompt Examples: wgctl remove --name phone-nuno wgctl rm --name phone-nuno --force EOF } # ============================================ # Run # ============================================ function cmd::remove::run() { local name="" local type="" local force=false while [[ $# -gt 0 ]]; do case "$1" in --name) name="$2"; shift 2 ;; --type) type="$2"; shift 2 ;; --force) force=true; shift ;; --help) cmd::remove::help; return ;; *) log::error "Unknown flag: $1" cmd::remove::help return 1 ;; esac done if [[ -z "$name" ]]; then log::error "Missing required flag: --name" cmd::remove::help return 1 fi name=$(peers::resolve_and_require "$name" "$type") || return 1 # Confirmation prompt unless --force if ! $force; then read -r -p "Are you sure you want to permanently remove '${name}'? [y/N] " confirm case "$confirm" in [yY][eE][sS]|[yY]) ;; *) log::info "Aborted" return 0 ;; esac fi log::section "Removing client: ${name}" local client_ip client_ip=$(peers::get_ip "$name") local was_blocked=false peers::is_blocked "$name" && was_blocked=true cmd::remove::_cleanup "$name" "$client_ip" "$was_blocked" || return 1 log::wg_success "Client removed: ${name}" } function cmd::remove::_cleanup() { local name="${1:-}" client_ip="${2:-}" was_blocked="${3:-false}" [[ -n "$client_ip" ]] && fw::flush_peer "$client_ip" peers::remove_from_server "$name" || return 1 peers::remove_client_config "$name" || return 1 keys::remove "$name" || return 1 group::remove_peer_from_all "$name" || return 1 [[ -n "$client_ip" ]] && $was_blocked && fw::unblock_all "$client_ip" fw::remove_block_file "$name" 2>/dev/null || true peers::remove_meta "$name" 2>/dev/null || true peers::reload || return 1 }