From a86f83a2195f5c5926acd23ccb53ee8e1a326de5 Mon Sep 17 00:00:00 2001
From: Christoph Haas <christoph.h@sprinternet.at>
Date: Sun, 10 Aug 2025 14:18:43 +0200
Subject: [PATCH] ensure that deleted peers are restored once the interface is
 re-enabled

---
 .../app/wireguard/wireguard_interfaces.go     | 21 +++++++++++++++++++
 1 file changed, 21 insertions(+)

diff --git a/internal/app/wireguard/wireguard_interfaces.go b/internal/app/wireguard/wireguard_interfaces.go
index 02f1da1..17a28bc 100644
--- a/internal/app/wireguard/wireguard_interfaces.go
+++ b/internal/app/wireguard/wireguard_interfaces.go
@@ -555,6 +555,27 @@ func (m Manager) saveInterface(ctx context.Context, iface *domain.Interface) (
 		return nil, fmt.Errorf("post-save hooks failed: %w", err)
 	}
 
+	// If the interface has just been enabled, restore its peers on the physical controller
+	if !oldEnabled && newEnabled {
+		peers, err := m.db.GetInterfacePeers(ctx, iface.Identifier)
+		if err != nil {
+			return nil, fmt.Errorf("failed to load peers for interface %s: %w", iface.Identifier, err)
+		}
+		for _, peer := range peers {
+			saveErr := m.wg.SavePeer(ctx, iface.Identifier, peer.Identifier,
+				func(pp *domain.PhysicalPeer) (*domain.PhysicalPeer, error) {
+					domain.MergeToPhysicalPeer(pp, &peer)
+					return pp, nil
+				})
+			if saveErr != nil {
+				return nil, fmt.Errorf("failed to restore peer %s for interface %s: %w", peer.Identifier,
+					iface.Identifier, saveErr)
+			}
+		}
+		// notify that peers for this interface have changed so config/routes can be updated
+		m.bus.Publish(app.TopicPeerInterfaceUpdated, iface.Identifier)
+	}
+
 	m.bus.Publish(app.TopicAuditInterfaceChanged, domain.AuditEventWrapper[audit.InterfaceEvent]{
 		Ctx: ctx,
 		Event: audit.InterfaceEvent{