wireguard: Make setup idempotent

Signed-off-by: James Valleroy <jvalleroy@mailbox.org> Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
2026-01-21 07:55:00 +00:00 · 2019-09-17 20:00:54 -04:00 · 2019-09-17 20:00:54 -04:00 · a0ea33d9b6
commit a0ea33d9b6
parent aa66a9135c
1 changed files with 12 additions and 7 deletions
--- a/actions/wireguard
+++ b/actions/wireguard
@ -106,15 +106,20 @@ def _generate_key_pair():

 def subcommand_setup(_):
    """Setup WireGuard."""
-    # TODO: make idempotent
+    # Create interface.
+    try:
+        subprocess.run(['ip', 'link', 'show', SERVER_INTERFACE],
+                       stdout=subprocess.DEVNULL, stderr=subprocess.DEVNULL,
+                       check=True)
+    except subprocess.CalledProcessError:
+        subprocess.run(
+            ['ip', 'link', 'add', 'dev', SERVER_INTERFACE, 'type',
+             'wireguard'], check=True)

-    # create interface
-    subprocess.run(
-        ['ip', 'link', 'add', 'dev', SERVER_INTERFACE, 'type', 'wireguard'],
-        check=True)
-
-    _generate_key_pair()
+    if not (PUBLIC_KEY_PATH.exists() and PRIVATE_KEY_PATH.exists()):
+        _generate_key_pair()

+    # Configure interface.
    subprocess.run(
        ['wg', 'set', SERVER_INTERFACE, 'listen-port', '51820', 'private-key',
         str(PRIVATE_KEY_PATH)], check=True)