from ipaddress import ip_network

repo.libs.tools.require_bundle(node, 'systemd-networkd')

files = {
    '/usr/local/share/icinga/plugins/check_wireguard_connected': {
        'mode': '0755',
    },
}

deps = set()

if node.has_bundle('apt'):
    deps.add('pkg_apt:wireguard')

for peer, config in sorted(node.metadata.get('wireguard/peers', {}).items()):
    files[f'/etc/systemd/network/wg_{config["iface"]}.netdev'] = {
        'content_type': 'mako',
        'source': 'wg.netdev',
        'owner': 'systemd-network',
        'mode': '0600',
        'context': {
            'endpoint': config.get('endpoint'),
            'iface': config['iface'],
            'peer': peer,
            'port': config['my_port'],
            'privatekey': node.metadata.get('wireguard/privatekey'),
            'psk': config['psk'],
            'pubkey': config['pubkey'],
        },
        'needs': deps,
        'triggers': {
            'svc_systemd:systemd-networkd:restart',
        },
    }

files['/usr/local/bin/wg_health_check'] = {
    'content_type': 'mako',
    'context': {
        'peers': node.metadata.get('wireguard/health_checks'),
    },
    'mode': '0755',
}

if node.has_bundle('pppd'):
    files['/etc/ppp/ip-up.d/reconnect-wireguard'] = {
        'source': 'pppd-ip-up',
        'content_type': 'mako',
        'mode': '0755',
    }