From a0ea33d9b6923e5e06e08456cb2749ed06227256 Mon Sep 17 00:00:00 2001
From: James Valleroy <jvalleroy@mailbox.org>
Date: Tue, 17 Sep 2019 20:00:54 -0400
Subject: [PATCH] wireguard: Make setup idempotent

Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
---
 actions/wireguard | 19 ++++++++++++-------
 1 file changed, 12 insertions(+), 7 deletions(-)

diff --git a/actions/wireguard b/actions/wireguard
index 1231bf1c8..9770b207a 100755
--- a/actions/wireguard
+++ b/actions/wireguard
@@ -106,15 +106,20 @@ def _generate_key_pair():
 
 def subcommand_setup(_):
     """Setup WireGuard."""
-    # TODO: make idempotent
+    # Create interface.
+    try:
+        subprocess.run(['ip', 'link', 'show', SERVER_INTERFACE],
+                       stdout=subprocess.DEVNULL, stderr=subprocess.DEVNULL,
+                       check=True)
+    except subprocess.CalledProcessError:
+        subprocess.run(
+            ['ip', 'link', 'add', 'dev', SERVER_INTERFACE, 'type',
+             'wireguard'], check=True)
 
-    # create interface
-    subprocess.run(
-        ['ip', 'link', 'add', 'dev', SERVER_INTERFACE, 'type', 'wireguard'],
-        check=True)
-
-    _generate_key_pair()
+    if not (PUBLIC_KEY_PATH.exists() and PRIVATE_KEY_PATH.exists()):
+        _generate_key_pair()
 
+    # Configure interface.
     subprocess.run(
         ['wg', 'set', SERVER_INTERFACE, 'listen-port', '51820', 'private-key',
          str(PRIVATE_KEY_PATH)], check=True)