Is there a way to programatically change Wireguard settings?

[randomwalk]

Mullvad has a Bash script that appears to query their API to (1) get a list of their Wireguard server's public keys and locations, (2) generate your private key, (3) query their API to register your public key with Mullvad under your account, (4) save the API's response with the local interface address, and (5) write a Wireguard configuration file based on all of this info.  The script is here:  https://mullvad.net/media/files/mullvad-wg.sh

I am wondering if in OPNsense, one can change the Wireguard settings programmatically, and if so, how?  Is there an API to change the settings you see in the GUI?

I am interested in creating a cron job that can periodically (1) rotate the Mullvad endpoint, and (2) change the private key and other related settings.  Mullvad's own script seems like a helpful starting point.  If there is an API in OPNsense to change these settings, then this seems very doable.  Any insights would be greatly appreciated.

Also, does OPNsense have bash installed by default?

[MrB]

There is an API for the Wireguard plugin : https://docs.opnsense.org/development/api/plugins/wireguard.html

Haven't played around with it much though, so not much help as far as usage goes. Got so far playing around with Postman that I could get a list of endpoints with http://192.168.1.1/api/wireguard/client/get
But adding a new one or trying to set something always resulted in "failed"

[tusc]

@randomwalk,

as MrB stated there's an API available. In fact, a user wrote a solution to automatically create and manage wireguard keys for PIA. This could be the basis for a similar solution for MullVad: https://github.com/FingerlessGlov3s/OPNsensePIAWireguard