#!/usr/bin/env python3
"""Generate WireGuard road-warrior client configs + QR PNGs, and emit RouterOS peer-add commands."""
import subprocess, pathlib, qrcode

WG = r"C:\Program Files\WireGuard\wg"
SERVER_PUB = "CGGFHYR83W8IuTB46cJ49IuL/tL3w4yu3o0hQh0Cxwo="
ENDPOINT   = "78.80.38.51:51821"
LAN        = "192.168.1.0/24"   # split tunnel -> only LAN goes through VPN
DNS        = "192.168.1.2"      # router LAN IP

CLIENTS = [2, 3, 4]
outdir = pathlib.Path(__file__).resolve().parent / "wg-clients"
outdir.mkdir(exist_ok=True)


def wg(*args, inp=None):
    return subprocess.run([WG, *args], input=inp, capture_output=True,
                          text=True, check=True).stdout.strip()


peer_cmds = []
for i in CLIENTS:
    name = f"client{i}"
    priv = wg("genkey")
    pub  = wg("pubkey", inp=priv)
    psk  = wg("genpsk")

    conf = f"""[Interface]
PrivateKey = {priv}
Address = 10.10.10.{i}/32
DNS = {DNS}

[Peer]
PublicKey = {SERVER_PUB}
PresharedKey = {psk}
AllowedIPs = {LAN}
Endpoint = {ENDPOINT}
PersistentKeepalive = 25
"""
    (outdir / f"{name}.conf").write_text(conf, encoding="utf-8")

    img = qrcode.make(conf)
    img.save(outdir / f"{name}.png")

    peer_cmds.append(
        f'/interface wireguard peers add interface=wg-vpn '
        f'public-key="{pub}" preshared-key="{psk}" '
        f'allowed-address=10.10.10.{i}/32 comment="{name}"'
    )
    print(f"[ok] {name}: pub={pub} -> {name}.conf, {name}.png")

(outdir / "_peers_add.rsc").write_text("\n".join(peer_cmds) + "\n", encoding="utf-8")
print("\n--- RouterOS peer-add commands written to wg-clients/_peers_add.rsc ---")
for c in peer_cmds:
    print(c)