https://git.lain.faith/haskal/leylines/src/commit/e2a968073d45028f9a136fbd5783b97777e0b431/leylines/leylines/__init__.py
https://git.lain.faith/haskal/leylines/src/commit/e2a968073d45028f9a136fbd5783b97777e0b431/leylines/leylines/database.py

yeah
it's not complete but it's not actually that hard to make your own wireguard manager

too bad there's no RacketRoute2 so i had to use the next most reasonable language with a binding to netlink and wireguard

and then it wouldn't be a haskal package if it wasn't weird for no reason so basically i also have a custom packaging of monocypher and it's just for computing public keys out of secret keys

because i am like, making a cli subprocess for that is weird. i'm not implementing it by hand in python, and there's no easy way to bind to the wireguard source as a library ... well monocypher x25519 is also x25519..so....

one thing this does which you may not like is the server stores all the secret keys. i have determined it's not an issue for my intended use cases because compromising the server database also gets you the server's private key, which allows you to impersonate the server which is a strict superset of capabilities compared to impersonating a client