#!/bin/sh
# =====================================================================
# Downgrade an AmneziaWG server's obfuscation to a "classic" (AmneziaWG 1.0)
# set that older router AmneziaWG implementations accept.
#
# Keeps   : Jc, Jmin, Jmax, S1, S2  (widely supported AWG 1.0 junk params)
# Converts: H1-H4 from "a-b" ranges  ->  single value "a"
# Drops   : S3, S4 and I1-I5         (AWG 1.5/2.0-only padding & magic packets)
#
# After running this you MUST regenerate every client config in the panel
# (create new clients / re-export) and re-import them on phones too — the old
# AWG 2.0 client configs no longer match the server and will stop connecting.
#
# Usage (on the VPS host that runs the container):
#   sh awg_downgrade_obfuscation.sh [container_name]
# Defaults to container "amnezia-awg2".
# =====================================================================
set -e

CONTAINER="${1:-amnezia-awg2}"

if ! docker inspect "$CONTAINER" >/dev/null 2>&1; then
  echo "Container '$CONTAINER' not found. Pass the correct name as the 1st arg." >&2
  exit 1
fi

# Locate the config inside the container (awg0.conf for AWG2, wg0.conf legacy).
CONF=""
for f in /opt/amnezia/awg/awg0.conf /opt/amnezia/awg/wg0.conf /etc/wireguard/wg0.conf; do
  if docker exec "$CONTAINER" test -f "$f" 2>/dev/null; then CONF="$f"; break; fi
done
[ -n "$CONF" ] || { echo "WireGuard config not found inside $CONTAINER" >&2; exit 1; }

echo "Container : $CONTAINER"
echo "Config    : $CONF"
echo "Before:"
docker exec "$CONTAINER" sh -c "grep -E '^(Jc|Jmin|Jmax|S[0-9]|H[0-9]|I[0-9])[[:space:]]*=' '$CONF' || true"

# Rewrite the [Interface] obfuscation params, then reload the interface using
# whichever tool the image provides (awg on amneziawg-go, wg on the Amnezia image).
docker exec "$CONTAINER" sh -c '
  set -e
  CONF="'"$CONF"'"
  IFACE="$(basename "$CONF" .conf)"
  cp "$CONF" "${CONF}.bak" 2>/dev/null || true

  # H1-H4: "a-b" -> "a"
  sed -i -E "s/^([[:space:]]*H[1-4][[:space:]]*=[[:space:]]*[0-9]+)-[0-9]+/\1/" "$CONF"
  # Drop S3, S4 and I1-I5 lines entirely
  sed -i -E "/^[[:space:]]*(S3|S4|I[1-5])[[:space:]]*=/d" "$CONF"

  QUICK="$(command -v awg-quick || command -v wg-quick)"
  "$QUICK" down "$CONF" 2>/dev/null || "$QUICK" down "$IFACE" 2>/dev/null || true
  "$QUICK" up "$CONF"
'

echo "After:"
docker exec "$CONTAINER" sh -c "grep -E '^(Jc|Jmin|Jmax|S[0-9]|H[0-9]|I[0-9])[[:space:]]*=' '$CONF' || true"
echo "Done. Now regenerate all client configs in the panel and re-import them."