1 files changed, 62 insertions, 50 deletions

diff --git a/wg-genconf.py b/wg-genconf.py
index 1a1fd99..adc81e9 100755
--- a/wg-genconf.py
+++ b/wg-genconf.py
@@ -150,83 +150,94 @@ def expand_peerspecs(peer, peerspecs):
         for x in (
             auto_peerspecs(peer) if peerspec.get('auto') else [peerspec])]
 
-def gc_if_wgquick_add_peer(buf, network, peerspec):
-    peer = network.peers[peerspec['name']]
+def gc_if_data(if_, privkeys):
+    if_data = {
+        'name': if_.qualified_name,
+        'privkey': privkeys.get(if_.network.name, 'FIXME'),
+        'addrs': ipspecs_to_ips(
+            if_.peer, if_.get('ips', ['{peer/-}']), interface=True),
+        'port': if_.get('port'),
+        'fwmark': if_.get('fwmark'),
+        'peers': [],
+    }
 
-    buf.write(
-        '\n'
-        f'# {peer.name}\n'
-        '[Peer]\n'
-        f'PublicKey = {peer['pubkey']}\n')
-    for ip in ipspecs_to_ips(peer, peerspec.get('ips', ['{peer}'])):
-        buf.write(f'AllowedIPs = {ip}\n')
-    if (host := peer.get('host')):
-        port = peer.get('port', 51820)
-        buf.write(f'Endpoint = {host}:{port}\n')
-
-def gc_if_wgquick(if_, privkeys):
+    for peerspec in expand_peerspecs(if_.peer, if_['peers']):
+        peer = if_.network.peers[peerspec['name']]
+        peer_data = {
+            'name': peer.name,
+            'pubkey': peer['pubkey'],
+            'ips': ipspecs_to_ips(peer, peerspec.get('ips', ['{peer}'])),
+            'endpoint': None,
+        }
+        if (host := peer.get('host')):
+            peer_data['endpoint'] = f'{host}:{peer.get('port', 51820)}'
+        if_data['peers'].append(peer_data)
+
+    return if_data
+
+def gc_if_wgquick(if_data):
     buf = io.StringIO()
     buf.write(
         '[Interface]\n'
-        f'PrivateKey = {privkeys.get(if_.network.name, 'FIXME')}\n')
-    for addr in ipspecs_to_ips(
-            if_.peer, if_.get('ips', ['{peer/-}']), interface=True):
+        f'PrivateKey = {if_data['privkey']}\n')
+    for addr in if_data['addrs']:
         buf.write(f'Address = {addr}\n')
-    if (port := if_.get('port')):
+    if (port := if_data['port']):
         buf.write(f'ListenPort = {port}\n')
-    if (fwmark := if_.get('fwmark')):
+    if (fwmark := if_data['fwmark']):
         buf.write(f'FwMark = {fwmark}\n')
 
-    for peerspec in expand_peerspecs(if_.peer, if_['peers']):
-        gc_if_wgquick_add_peer(buf, if_.network, peerspec)
+    for peer_data in if_data['peers']:
+        buf.write(
+            '\n'
+            f'# {peer_data['name']}\n'
+            '[Peer]\n'
+            f'PublicKey = {peer_data['pubkey']}\n')
+        for ip in peer_data['ips']:
+            buf.write(f'AllowedIPs = {ip}\n')
+        if (endpoint := peer_data.get('endpoint')):
+            buf.write(f'Endpoint = {endpoint}\n')
 
     return buf
 
-def gc_if_systemd_network(if_):
+def gc_if_systemd_network(if_data):
     buf = io.StringIO()
     buf.write(
         '[Match]\n'
-        f'Name={if_.qualified_name}\n'
+        f'Name={if_data['name']}\n'
         '\n'
         '[Network]\n'
         'IPMasquerade=both\n')
-    for addr in ipspecs_to_ips(
-            if_.peer, if_.get('ips', ['{peer/-}']), interface=True):
+    for addr in if_data['addrs']:
         buf.write(f'Address={addr}\n')
 
     return buf
 
-def gc_if_systemd_netdev_add_peer(buf, network, peerspec):
-    peer = network.peers[peerspec['name']]
-
-    buf.write(
-        '\n'
-        f'# {peer.name}\n'
-        '[WireGuardPeer]\n'
-        f'PublicKey={peer['pubkey']}\n')
-    for ip in ipspecs_to_ips(peer, peerspec.get('ips', ['{peer}'])):
-        buf.write(f'AllowedIPs={ip}\n')
-    if (host := peer.get('host')):
-        port = peer.get('port', 51820)
-        buf.write(f'Endpoint={host}:{port}\n')
-
-def gc_if_systemd_netdev(if_, privkeys):
+def gc_if_systemd_netdev(if_data):
     buf = io.StringIO()
     buf.write(
         '[NetDev]\n'
-        f'Name={if_.qualified_name}\n'
+        f'Name={if_data['name']}\n'
         'Kind=wireguard\n'
-        f'Description=WireGuard tunnel {if_.qualified_name}\n'
+        f'Description=WireGuard tunnel {if_data['name']}\n'
         '\n'
         '[WireGuard]\n'
-        f'PrivateKey={privkeys.get(if_.network.name, 'FIXME')}\n')
-    if (port := if_.get('port')):
+        f'PrivateKey={if_data['privkey']}\n')
+    if (port := if_data['port']):
         buf.write(f'ListenPort={port}\n')
-    if (fwmark := if_.get('fwmark')):
+    if (fwmark := if_data['fwmark']):
         buf.write(f'FirewallMark={fwmark}\n')
 
-    for peerspec in expand_peerspecs(if_.peer, if_['peers']):
-        gc_if_systemd_netdev_add_peer(buf, if_.network, peerspec)
+    for peer_data in if_data['peers']:
+        buf.write(
+            '\n'
+            f'# {peer_data['name']}\n'
+            '[WireGuardPeer]\n'
+            f'PublicKey={peer_data['pubkey']}\n')
+        for ip in peer_data['ips']:
+            buf.write(f'AllowedIPs={ip}\n')
+        if (endpoint := peer_data.get('endpoint')):
+            buf.write(f'Endpoint={endpoint}\n')
 
     return buf
 
@@ -240,19 +251,20 @@ def buf_to_file(buf, path, mode=None):
         shutil.copyfileobj(buf, f)
 
 def create_if_files(if_, privkeys):
+    if_data = gc_if_data(if_, privkeys)
     file_prefix = f'out/{if_.get('file-prefix', '')}'
 
     if if_.get('type') == 'systemd':
         buf_to_file(
-            gc_if_systemd_netdev(if_, privkeys),
+            gc_if_systemd_netdev(if_data),
             f'{file_prefix}{if_.qualified_name}.netdev',
             mode=0o640)
         buf_to_file(
-            gc_if_systemd_network(if_),
+            gc_if_systemd_network(if_data),
             f'{file_prefix}{if_.qualified_name}.network')
     else:
         buf_to_file(
-            gc_if_wgquick(if_, privkeys),
+            gc_if_wgquick(if_data),
             f'{file_prefix}{if_.qualified_name}.conf')
 
 def load_network_peer_interfaces(config, peer):