On 01/11, John Accoun wrote:
> I red the 'Web App provisioning Server' which I believe describes a
> possible solution for this use case. But I am confused with the whole data
> storage thing. Where do configuarations live? Are the configuration files
> at /etc/whireguard/ the source of truth? If I edit these when is the list
> of peers refreshed?

I assume you're referring to [0]?

/etc/wireguard is only relevant for wg-quick, if you edit files there
your changes will only take effect once you down/up your interface with
wg-quick.

So you obviously don't want to do it that way.

> The above mentioned document suggests shelling out to command line tools.
> Is this the recommended way. Does a general purpose library for managing
> wireguard config exist?

I'm not sure where you read that? In any case, you can control wireguard
via netlink[1], and there is also a embeddable library[2] in C
available.

There also probably exists a netlink library for $YOUR_FAVORITE_LANG.

Regards,
Tharre

[0] https://docs.google.com/document/d/1_3Id-0vVXlXHFB7eT6fnfXoe9ppJoS8pY7R_uCtEZG4
[1] See man 7 rtnetlink
[2] https://git.zx2c4.com/WireGuard/tree/contrib/examples/embeddable-wg-library/wireguard.c

-- 
PGP fingerprint: 42CE 7698 D6A0 6129 AA16  EF5C 5431 BDE2 C8F0 B2F4