mvpg/scripts/uninstall.sh

#!/bin/bash

# VPN Gateway Uninstall Script
# Completely removes VPN Gateway
# Version: 1.0.0

set -e

# Colors
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
BLUE='\033[0;34m'
NC='\033[0m'

INSTALL_DIR="/opt/vpn-gateway"

log() {
    echo -e "${GREEN}[+]${NC} $1"
}

error() {
    echo -e "${RED}[!]${NC} $1"
}

warning() {
    echo -e "${YELLOW}[!]${NC} $1"
}

# Check root
if [[ $EUID -ne 0 ]]; then
    error "This script must be run as root"
    exit 1
fi

echo -e "${RED}=== VPN Gateway Uninstaller ===${NC}"
echo ""
warning "This will completely remove VPN Gateway and its components."
warning "The killswitch will be DISABLED, potentially exposing your traffic!"
echo ""
echo "The following will be removed:"
echo "  - VPN Gateway application ($INSTALL_DIR)"
echo "  - WireGuard configurations"
echo "  - Systemd services"
echo "  - Firewall rules (killswitch)"
echo "  - Nginx configuration"
echo ""
read -p "Are you SURE you want to uninstall? Type 'YES' to confirm: " CONFIRM

if [ "$CONFIRM" != "YES" ]; then
    log "Uninstall cancelled"
    exit 0
fi

# Create backup just in case
BACKUP_DIR="/root/vpn-gateway-final-backup-$(date +%Y%m%d-%H%M%S)"
log "Creating final backup at $BACKUP_DIR..."
mkdir -p "$BACKUP_DIR"

# Backup configs
cp -r /etc/wireguard "$BACKUP_DIR/wireguard" 2>/dev/null || true
cp -r "$INSTALL_DIR" "$BACKUP_DIR/app" 2>/dev/null || true
iptables-save > "$BACKUP_DIR/iptables.rules" 2>/dev/null || true

# Stop and disable services
log "Stopping services..."
systemctl stop vpn-webui vpn-killswitch vpn-security-monitor 2>/dev/null || true
systemctl disable vpn-webui vpn-killswitch vpn-security-monitor 2>/dev/null || true

# Stop WireGuard
wg-quick down wg0 2>/dev/null || true
systemctl stop wg-quick@wg0 2>/dev/null || true
systemctl disable wg-quick@wg0 2>/dev/null || true

# Remove systemd services
log "Removing systemd services..."
rm -f /etc/systemd/system/vpn-*.service
systemctl daemon-reload

# Remove application files
log "Removing application files..."
rm -rf "$INSTALL_DIR"

# Remove scripts
log "Removing scripts..."
rm -f /usr/local/bin/vpn-*.sh

# Remove Nginx configuration
log "Removing Nginx configuration..."
rm -f /etc/nginx/sites-enabled/vpn-gateway
rm -f /etc/nginx/sites-available/vpn-gateway
systemctl reload nginx 2>/dev/null || true

# Remove WireGuard configs (optional)
read -p "Remove WireGuard configurations? (y/N): " -n 1 -r
echo ""
if [[ $REPLY =~ ^[Yy]$ ]]; then
    rm -rf /etc/wireguard
    log "WireGuard configurations removed"
fi

# CRITICAL: Remove killswitch
warning "Removing killswitch - your traffic will no longer be protected!"
read -p "Remove killswitch firewall rules? (y/N): " -n 1 -r
echo ""
if [[ $REPLY =~ ^[Yy]$ ]]; then
    # Reset firewall to default ACCEPT policies
    iptables -P INPUT ACCEPT
    iptables -P FORWARD ACCEPT
    iptables -P OUTPUT ACCEPT
    iptables -F
    iptables -X
    iptables -t nat -F
    iptables -t nat -X
    iptables -t mangle -F
    iptables -t mangle -X
    
    # IPv6
    ip6tables -P INPUT ACCEPT
    ip6tables -P FORWARD ACCEPT
    ip6tables -P OUTPUT ACCEPT
    ip6tables -F
    ip6tables -X
    
    # Save clean rules
    iptables-save > /etc/iptables/rules.v4 2>/dev/null || true
    ip6tables-save > /etc/iptables/rules.v6 2>/dev/null || true
    
    warning "Firewall reset to ACCEPT all - System is no longer protected!"
else
    warning "Killswitch still active - you may have no internet access!"
fi

# Remove log files
read -p "Remove log files? (y/N): " -n 1 -r
echo ""
if [[ $REPLY =~ ^[Yy]$ ]]; then
    rm -f /var/log/vpn-*.log
    log "Log files removed"
fi

# Final cleanup
log "Cleaning up..."
rm -f /tmp/vpn-gateway* 2>/dev/null || true

echo ""
echo -e "${GREEN}=== Uninstall Complete ===${NC}"
echo ""
echo "VPN Gateway has been removed."
echo "Backup saved at: $BACKUP_DIR"
echo ""
warning "IMPORTANT: Your system is no longer protected by the killswitch!"
warning "All traffic will now use your regular internet connection."
echo ""
echo "To reinstall, run:"
echo "  curl -sSL https://your-domain/install.sh | bash"