#!/usr/bin/env bash

if [ ${MODE} == "start" ]
then
    set -ue
elif [ ${MODE} == "stop" ]
then
    set -u
else
    echo "$(basename ${0}): mode must be one of either 'start' or 'stop'" 1>&2
    exit 1
fi

case ${PHASE} in
    "pre-up")
{% if vpn_wireguard_routing_table is defined %}
        /usr/sbin/ip -4 rule add sport {{ vpn_wireguard_port }} ipproto udp table {{ vpn_wireguard_routing_table }}
        /usr/sbin/ip -6 rule add sport {{ vpn_wireguard_port }} ipproto udp table {{ vpn_wireguard_routing_table }}
{% endif %}
        ;;
    "post-up")
{% for client in vpn_wireguard_clients %}
{% if 'inet_subnet' in client %}
        /usr/sbin/ip -4 route add {{ client.inet_subnet }} dev ${IFACE}
{% endif %}
{% if 'inet6_subnet' in client %}
        /usr/sbin/ip -6 route add {{ client.inet6_subnet }} dev ${IFACE}
{% endif %}
{% endfor %}
        ;;
    "pre-down")
{% for client in vpn_wireguard_clients %}
{% if 'inet6_subnet' in client %}
        /usr/sbin/ip -6 route del {{ client.inet6_subnet }} dev ${IFACE}
{% endif %}
{% if 'inet_subnet' in client %}
        /usr/sbin/ip -4 route del {{ client.inet_subnet }} dev ${IFACE}
{% endif %}
{% endfor %}
        ;;
    "post-down")
{% if vpn_wireguard_routing_table is defined %}
        /usr/sbin/ip -6 rule del sport {{ vpn_wireguard_port }} ipproto udp table {{ vpn_wireguard_routing_table }}
        /usr/sbin/ip -4 rule del sport {{ vpn_wireguard_port }} ipproto udp table {{ vpn_wireguard_routing_table }}
{% endif %}
        ;;
esac