#!/bin/bash
######################################################################################################
#
# This is my modified version of the wg-dashboard install script!
# https://raw.githubusercontent.com/wg-dashboard/wg-dashboard/master/install_script.sh
#
# 2021.05.24 - script update (do not start wg0.service yet, wg0.conf will be created from wg-dashboard)
# 2021.04.07 - script update (enable and start wg0.service)
# 2021.02.21 - update coredns to version 1.8.1, nodejs to version 12
#              removed wireguard-linux-compat, raspberrypi-kernel-headers, libmnl-dev, libelf-dev
# 2020.08.02 - first script release, wg-dashboard version 0.21.1
#
######################################################################################################

set -e

if [[ "$EUID" -ne 0 ]]; then
	echo "Sorry, this script must be ran as root, use sudo"
	exit
fi

# i = distributor id, s = short, gives us name of the os (Raspbian)
if [[ "$(lsb_release -is)" == "Raspbian" ]]; then
	# system should be up to date
	apt-get update -y
	apt-get upgrade -y

	# install required packages
	apt-get install -y build-essential pkg-config git ufw

	# change to /opt
	cd /opt

	# WireGuard has been merged into Linux >= 5.6 and therefore this compatibility module is no longer required.
	# git clone https://git.zx2c4.com/wireguard-linux-compat
	# make -C wireguard-linux-compat/src -j$(nproc)
	# make -C wireguard-linux-compat/src install

	# grab WireGuard tools
	git clone https://git.zx2c4.com/wireguard-tools

	# compile and install WireGuard tools
	make -C wireguard-tools/src -j$(nproc)
	make -C wireguard-tools/src install

# enable wg0 on reboot
systemctl enable wg-quick@wg0.service

else
    clear
	echo "Sorry, your operating system is not supported."
	echo "The install script is only for the Raspberry Pi."
	exit
fi

# enable ipv4 packet forwarding
sysctl -w net.ipv4.ip_forward=1
echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf

# install nodejs
curl https://deb.nodesource.com/setup_12.x | bash
apt install -y nodejs

# delete wg-dashboard folder and wg-dashboard.tar.gz to make sure it does not exist
rm -rf wg-dashboard
rm -rf wg-dashboard.tar.gz

# download wg-dashboard latest release
curl -L https://github.com/$(wget https://github.com/wg-dashboard/wg-dashboard/releases/latest -O - | egrep '/.*/.*/.*tar.gz' -o) --output wg-dashboard.tar.gz

# create directory for dashboard
mkdir -p wg-dashboard

# unzip wg-dashboard
tar -xzf wg-dashboard.tar.gz --strip-components=1 -C wg-dashboard

# delete unpacked .tar.gz
rm -f wg-dashboard.tar.gz

# go into wg-dashboard folder
cd wg-dashboard

# install node modules
npm i --production --unsafe-perm

# fix npm vulnerabilities
npm audit fix

# create service unit file
cat << EOF >> /etc/systemd/system/wg-dashboard.service
[Unit]
Description=wg-dashboard service
After=network.target

[Service]
Restart=always
WorkingDirectory=/opt/wg-dashboard
ExecStart=/usr/bin/node /opt/wg-dashboard/src/server.js

[Install]
WantedBy=multi-user.target
EOF

# reload systemd unit files
systemctl daemon-reload

# enable wg-dashboard on reboot and start service
systemctl enable wg-dashboard
systemctl start wg-dashboard

# enable port 22 in firewall for ssh
ufw allow 22

# enable port 3000 in firewall for wg-dashboard
ufw allow 3000

# enable firewall
ufw --force enable

# enable port 58210 in firewall for wireguard
ufw allow 58210

# enable port 53 in firewall for dns
ufw allow in on wg0 to any port 53

# make and enter coredns folder
mkdir -p /etc/coredns
cd /etc/coredns

# download coredns
curl -L https://github.com/coredns/coredns/releases/download/v1.8.1/coredns_1.8.1_linux_arm.tgz --output coredns.tgz

# unzip and delete tar
tar -xzf coredns.tgz
rm -f coredns.tgz

# move coredns to correct directory
mv coredns /usr/bin/coredns

# write default coredns config
cat << EOF >> /etc/coredns/Corefile
{
	forward . tls://1.1.1.1 {
		tls_servername tls.cloudflare-dns.com
		health_check 10s
	}

	cache
	errors
}
EOF

# write autostart config
cat << EOF >> /etc/systemd/system/coredns.service
[Unit]
Description=CoreDNS DNS Server
Documentation=https://coredns.io/manual/toc/
After=network.target

[Service]
LimitNOFILE=8192
ExecStart=/usr/bin/coredns -conf /etc/coredns/Corefile
Restart=on-failure

[Install]
WantedBy=multi-user.target
EOF

# disable systemd-resolved from startup
systemctl disable systemd-resolved

# stop systemd-resolved service
systemctl stop systemd-resolved

# enable coredns on system start
systemctl enable coredns

# start coredns
systemctl start coredns

# clean up
rm -r /opt/wireguard-*

### all done
clear
echo ""
echo "==================================================================="
echo ""
echo " Done! WireGuard and wg-dashboard have been successfully installed"
echo " Reboot and connect to the dashboard by visiting:"
echo ""
echo " http://`hostname -I | sed s'/ //'`:3000"
echo ""
echo "==================================================================="
echo ""