ilusm.dev

wgrd

WireGuard tunnel management - generate private/public keypairs and pre-shared keys, build an interface config record with addresses, DNS servers, and MTU, create peer records with endpoint, allowed-IPs, optional pre-shared key and keepalive, render the complete wg-quick-compatible INI config string, and bring an interface up or down via host syscalls.

Load with: use wgrd

What this module does

wgrd automates WireGuard configuration generation and lifecycle management. It produces the [Interface] + [Peer] INI format consumed by wg-quick and the WireGuard kernel module. Key generation, interface bring-up, and show/list operations delegate to embedder-provided __wg_* host natives.

Quick example

use wgrd

# Generate server keys
server = wgkey()  # {priv, pub}
client = wgkey()
psk    = wgpsk()

# Build the server interface
ifc = wgifc("wg0", server.priv, 51820)
ifc = wgadr(ifc, "10.0.0.1/24")
ifc = wgdns(ifc, "1.1.1.1")

# Add the client as a peer
peer = wgper(client.pub, "client.example.com:51820", ["10.0.0.2/32"], psk, 25)
ifc = wgadd(ifc, peer)

# Render config
prn(wgcfg(ifc))
# [Interface]
# PrivateKey = ...
# ListenPort = 51820
# Address = 10.0.0.1/24
# DNS = 1.1.1.1
#
# [Peer]
# PublicKey = ...
# PresharedKey = ...
# Endpoint = client.example.com:51820
# AllowedIPs = 10.0.0.2/32
# PersistentKeepalive = 25

# Bring up / down
wgup(ifc)
wgdn(ifc)

# Status
prn(wgst("wg0"))
prn(wgls())

Functions

Keys

wgkey() / wgrd.key()

Generates a new private/public keypair via __wg_genkey and __wg_pubkey. Returns {priv, pub}.

wgpsk() / wgrd.psk()

Generates a random pre-shared key string.

Interface config

wgifc(name, priv, port) / wgrd.ifc(name, key, port)

Creates an interface record. Default MTU is 1420.

wgadr(ifc, addr) / wgrd.addr(ifc, addr)

Adds a CIDR address to the interface.

wgdns(ifc, dns) / wgrd.dns(ifc, dns)

Adds a DNS server IP to the interface.

wgmtu(ifc, mtu)

Sets the MTU (default 1420).

Peers

wgper(pub, endpoint, allowed_ips, psk, keepalive) / wgrd.peer(…)

Creates a peer record. endpoint is optional (nil = road warrior). allowed_ips defaults to ["0.0.0.0/0"]. psk and keepalive are optional.

wgadd(ifc, peer) / wgrd.add(ifc, peer)

Appends a peer to the interface.

Config and lifecycle

wgcfg(ifc) / wgrd.cfg(ifc)

Renders the interface and all peers to a wg-quick-compatible INI config string.

wgup(ifc) / wgrd.up(ifc)

Brings the interface up via __wg_up.

wgdn(ifc) / wgrd.dn(ifc)

Brings the interface down via __wg_down.

wgst(name) / wgrd.st(name)

Returns the status of the named WireGuard interface.

wgls() / wgrd.ls()

Lists all active WireGuard interfaces.

Notes

  • Requires the host to inject __wg_genkey, __wg_pubkey, __wg_genpsk, __wg_up, __wg_down, __wg_show, and __wg_list.
  • Requires txt and jsn.