120 lines
2.7 KiB
Bash
120 lines
2.7 KiB
Bash
#!/usr/bin/env bash
|
|
|
|
# ============================================
|
|
# Lifecycle
|
|
# ============================================
|
|
|
|
function cmd::remove::on_load() {
|
|
flag::register --name
|
|
flag::register --type
|
|
flag::register --force
|
|
}
|
|
|
|
# ============================================
|
|
# Help
|
|
# ============================================
|
|
|
|
function cmd::remove::help() {
|
|
cat <<EOF
|
|
Usage: wgctl remove --name <name> [options]
|
|
|
|
Permanently remove a WireGuard client.
|
|
This will delete the client config, keys, and remove it from the server.
|
|
|
|
Options:
|
|
--name <name> Full client name (e.g. phone-nuno)
|
|
--force Skip confirmation prompt
|
|
|
|
Examples:
|
|
wgctl remove --name phone-nuno
|
|
wgctl rm --name phone-nuno --force
|
|
EOF
|
|
}
|
|
|
|
# ============================================
|
|
# Run
|
|
# ============================================
|
|
|
|
function cmd::remove::run() {
|
|
local name=""
|
|
local type=""
|
|
local force=false
|
|
|
|
while [[ $# -gt 0 ]]; do
|
|
case "$1" in
|
|
--name) name="$2"; shift 2 ;;
|
|
--type) type="$2"; shift 2 ;;
|
|
--force) force=true; shift ;;
|
|
--help) cmd::remove::help; return ;;
|
|
*)
|
|
log::error "Unknown flag: $1"
|
|
cmd::remove::help
|
|
return 1
|
|
;;
|
|
esac
|
|
done
|
|
|
|
if [[ -z "$name" ]]; then
|
|
log::error "Missing required flag: --name"
|
|
cmd::remove::help
|
|
return 1
|
|
fi
|
|
|
|
name=$(peers::resolve_and_require "$name" "$type") || return 1
|
|
|
|
# Confirmation prompt unless --force
|
|
if ! $force; then
|
|
read -r -p "Are you sure you want to permanently remove '${name}'? [y/N] " confirm
|
|
case "$confirm" in
|
|
[yY][eE][sS]|[yY]) ;;
|
|
*)
|
|
log::info "Aborted"
|
|
return 0
|
|
;;
|
|
esac
|
|
fi
|
|
|
|
log::section "Removing client: ${name}"
|
|
|
|
local client_ip
|
|
client_ip=$(peers::get_ip "$name")
|
|
|
|
local was_blocked=false
|
|
peers::is_blocked "$name" && was_blocked=true
|
|
|
|
# Unapply rule if assigned
|
|
local assigned_rule
|
|
assigned_rule=$(peers::get_meta "$name" "rule")
|
|
|
|
if [[ -z "$assigned_rule" ]]; then
|
|
assigned_rule=$(peers::default_rule "$name")
|
|
fi
|
|
|
|
# Flush all iptables rules for this peer IP
|
|
if [[ -n "$client_ip" ]]; then
|
|
fw::flush_peer "$client_ip"
|
|
fi
|
|
|
|
# Remove peer from server config
|
|
peers::remove_from_server "$name" || return 1
|
|
|
|
# Remove client config
|
|
peers::remove_client_config "$name" || return 1
|
|
|
|
# Remove keys
|
|
keys::remove "$name" || return 1
|
|
|
|
# Remove block rules only if client was fully blocked
|
|
if [[ -n "$client_ip" ]] && $was_blocked; then
|
|
fw::unblock_all "$client_ip"
|
|
fi
|
|
|
|
fw::remove_block_file "$name" 2>/dev/null || true
|
|
|
|
peers::remove_meta "$name" 2>/dev/null || true
|
|
|
|
# Reload WireGuard
|
|
peers::reload || return 1
|
|
|
|
log::wg_success "Client removed: ${name}"
|
|
}
|