From e6f6229b87399ad13248a40d294afc65728a6bf9 Mon Sep 17 00:00:00 2001
From: Franziska Kunsmann <hi@kunsmann.eu>
Date: Sat, 23 Mar 2024 10:19:15 +0100
Subject: [PATCH] bundles/wireguard: do not generate PSKs for unmanaged nodes

---
 bundles/wireguard/metadata.py | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

diff --git a/bundles/wireguard/metadata.py b/bundles/wireguard/metadata.py
index 1aa6e4a..c08d5ca 100644
--- a/bundles/wireguard/metadata.py
+++ b/bundles/wireguard/metadata.py
@@ -83,10 +83,15 @@ def peer_psks(metadata):
             'iface': sub('[^a-z0-9-_]+', '_', peer_name)[:12],
         }
 
-        if node.name < peer_name:
-            peers[peer_name]['psk'] = repo.vault.random_bytes_as_base64_for(f'{node.name} wireguard {peer_name}')
-        else:
-            peers[peer_name]['psk'] = repo.vault.random_bytes_as_base64_for(f'{peer_name} wireguard {node.name}')
+        try:
+            repo.get_node(peer_name)
+
+            if node.name < peer_name:
+                peers[peer_name]['psk'] = repo.vault.random_bytes_as_base64_for(f'{node.name} wireguard {peer_name}')
+            else:
+                peers[peer_name]['psk'] = repo.vault.random_bytes_as_base64_for(f'{peer_name} wireguard {node.name}')
+        except NoSuchNode:
+            pass
 
     return {
         'wireguard': {