#!/usr/bin/env bash # ============================================ # Help # ============================================ function cmd::service::help() { cat < Manage the WireGuard service. Subcommands: start, up Start WireGuard stop, down Stop WireGuard restart, reload Restart WireGuard status, stat Show WireGuard status logs, log Show WireGuard logs enable Enable WireGuard on boot disable Disable WireGuard on boot Examples: wgctl start wgctl logs wgctl status EOF } # ============================================ # Run # ============================================ function cmd::service::run() { local subcmd="${1:-help}" shift || true case "$subcmd" in start) cmd::service::start ;; stop) cmd::service::stop ;; restart) cmd::service::restart ;; reload) cmd::service::reload ;; status) cmd::service::status ;; logs) cmd::service::logs ;; enable) cmd::service::enable ;; disable) cmd::service::disable ;; help) cmd::service::help ;; *) log::error "Unknown subcommand: '${subcmd}'" cmd::service::help return 1 ;; esac } # ============================================ # Subcommands # ============================================ function cmd::service::start() { log::wg_start "Starting WireGuard..." systemctl start "wg-quick@$(config::interface)" block::restore_all rule::restore_all cmd::service::_auto_rotate_logs log::wg_success "WireGuard started" } function cmd::service::stop() { log::wg_stop "Stopping WireGuard..." systemctl stop "wg-quick@$(config::interface)" log::wg_success "WireGuard stopped" } function cmd::service::restart() { log::wg_start "Restarting WireGuard..." # Flush firewall rules before restart so restore starts clean fw::flush_all systemctl restart "wg-quick@$(config::interface)" block::restore_all rule::restore_all cmd::service::_auto_rotate_logs log::wg_success "WireGuard restarted" } function cmd::service::reload() { log::wg_start "Reloading WireGuard config..." peers::reload block::restore_all rule::restore_all log::wg_success "WireGuard config reloaded" } function cmd::service::status() { log::section "WireGuard Status" echo "" systemctl status "wg-quick@$(config::interface)" --no-pager echo "" log::section "Active Peers" wg show "$(config::interface)" } function cmd::service::logs() { log::section "WireGuard Logs" journalctl -u "wg-quick@$(config::interface)" -f --no-pager } function cmd::service::_auto_rotate_logs() { local max_size=10485760 # 10MB local fw_size wg_size fw_size=$(stat -c%s "$(ctx::fw_events_log)" 2>/dev/null || echo 0) wg_size=$(stat -c%s "$(ctx::events_log)" 2>/dev/null || echo 0) if (( fw_size > max_size || wg_size > max_size )); then log::wg_warning "Log files exceed 10MB, auto-rotating (keeping 7 days)..." cmd::logs::rotate --days 7 --force fi } function cmd::service::enable() { systemctl enable "wg-quick@$(config::interface)" log::wg_success "WireGuard enabled on boot" } function cmd::service::disable() { systemctl disable "wg-quick@$(config::interface)" log::wg_success "WireGuard disabled on boot" }