wiki/wireguard/wg-conf.py

#!/usr/bin/env python3

import subprocess, textwrap


def bash(command, input=None):
    return subprocess.run(
        command, shell=True, input=input, capture_output=True, text=True
    )


def keygen():
    privatekey = bash("wg genkey").stdout.strip()
    publickey = bash("wg pubkey", privatekey).stdout.strip()
    return {"private": privatekey, "public": publickey}


def server_conf(server, clients, server_port=51820):
    return textwrap.dedent(
        f"""
            # server.conf

            [Interface]
            PrivateKey = {server['private']}
            Address = 10.0.0.1/24
            ListenPort = {server_port}
        """
        + "".join(
            f"""
            [Peer]
            PublicKey = {client['public']}
            AllowedIPs = 10.0.0.{idx+2}/32
            """
            for idx, client in enumerate(clients)
        )
    )


# def client_conf(server_key, client_key, server_ip, server_port=51820):


if __name__ == "__main__":
    assert bash("wg -v").returncode == 0
    server = keygen()
    clients = [keygen() for _ in range(2)]

    print(server_conf(server, clients))