diff --git a/repos/dde_linux/src/app/wireguard/config_model.cc b/repos/dde_linux/src/app/wireguard/config_model.cc
index 40621b26b7..30a0d380fe 100644
--- a/repos/dde_linux/src/app/wireguard/config_model.cc
+++ b/repos/dde_linux/src/app/wireguard/config_model.cc
@@ -16,38 +16,18 @@
 #include <config_model.h>
 
 using namespace Genode;
-using namespace Net;
 using namespace Wireguard;
 
 
-/******************
- ** Config_model **
- ******************/
-
-Config_model::Config_model(Genode::Allocator &alloc)
-:
-	_alloc { alloc }
-{ }
-
-
 void Config_model::update(genode_wg_config_callbacks &callbacks,
-                          Xml_node                    node)
+                          Xml_node const &node)
 {
-	Key_base64 const private_key_b64 {
-		node.attribute_value("private_key", Key_base64 { }) };
-
-	uint16_t const listen_port {
-		node.attribute_value("listen_port", (uint16_t)0U) };
-
-	Ipv4_address_prefix const interface {
-		node.attribute_value("interface", Ipv4_address_prefix { }) };
+	Config const config = Config::from_xml(node);
 
 	if (_config.constructed()) {
 
-		if (_config->private_key_b64() != private_key_b64 ||
-		    _config->listen_port()     != listen_port ||
-		    _config->interface()       != interface)
-		{
+		if (config != *_config) {
+
 			class Invalid_reconfiguration_attempt { };
 			throw Invalid_reconfiguration_attempt { };
 		}
@@ -55,14 +35,15 @@ void Config_model::update(genode_wg_config_callbacks &callbacks,
 	} else {
 
 		uint8_t private_key[WG_KEY_LEN];
-		if (!private_key_b64.valid() ||
-		    !key_from_base64(private_key, private_key_b64.string())) {
+		if (!config.private_key_b64.valid() ||
+		    !key_from_base64(private_key, config.private_key_b64.string())) {
 
 			class Invalid_private_key { };
 			throw Invalid_private_key { };
 		}
-		_config.construct(private_key_b64, listen_port, interface);
-		callbacks.add_device(_config->listen_port(), private_key);
+
+		_config.construct(config);
+		callbacks.add_device(_config->listen_port, private_key);
 	}
 
 	update_list_model_from_xml(_peers, node,
@@ -88,19 +69,18 @@ void Config_model::update(genode_wg_config_callbacks &callbacks,
 				throw Invalid_allowed_ip { };
 			}
 			callbacks.add_peer(
-				listen_port, endpoint_ip.addr, endpoint_port, public_key,
+				config.listen_port, endpoint_ip.addr, endpoint_port, public_key,
 				allowed_ip.address.addr, allowed_ip.prefix);
 
-			return *(
-				new (_alloc)
-					Peer(public_key_b64, endpoint_ip, endpoint_port, allowed_ip));
+			return *new (_alloc)
+				Peer(public_key_b64, endpoint_ip, endpoint_port, allowed_ip);
 		},
 
 		/* destroy */
 		[&] (Peer &peer)
 		{
 			uint8_t public_key[WG_KEY_LEN];
-			if (!key_from_base64(public_key, peer.public_key_b64().string())) {
+			if (!key_from_base64(public_key, peer.public_key_b64.string())) {
 
 				class Invalid_public_key { };
 				throw Invalid_public_key { };
@@ -114,46 +94,3 @@ void Config_model::update(genode_wg_config_callbacks &callbacks,
 		[&] (Peer &, Xml_node const &) { }
 	);
 }
-
-
-/**************************
- ** Config_model::Config **
- **************************/
-
-Config_model::Config::Config(Key_base64          private_key_b64,
-                             uint16_t            listen_port,
-                             Ipv4_address_prefix interface)
-:
-	_private_key_b64 { private_key_b64 },
-	_listen_port     { listen_port },
-	_interface       { interface }
-{ }
-
-
-/************************
- ** Config_model::Peer **
- ************************/
-
-bool Config_model::Peer::matches(Xml_node const &node) const
-{
-	Ipv4_address  endpoint_ip    { node.attribute_value("endpoint_ip", Ipv4_address { }) };
-	uint16_t      endpoint_port  { node.attribute_value("endpoint_port", (uint16_t)0U ) };
-	Key_base64    public_key_b64 { node.attribute_value("public_key", Key_base64 { }) };
-
-	return
-		(endpoint_ip    == _endpoint_ip) &&
-		(endpoint_port  == _endpoint_port) &&
-		(public_key_b64 == _public_key_b64);
-}
-
-
-Config_model::Peer::Peer(Key_base64          public_key_b64,
-                         Ipv4_address        endpoint_ip,
-                         uint16_t            endpoint_port,
-                         Ipv4_address_prefix allowed_ip)
-:
-	_public_key_b64 { public_key_b64 },
-	_endpoint_ip    { endpoint_ip },
-	_endpoint_port  { endpoint_port },
-	_allowed_ip     { allowed_ip }
-{ }
diff --git a/repos/dde_linux/src/app/wireguard/config_model.h b/repos/dde_linux/src/app/wireguard/config_model.h
index e727bae173..6daf76bbad 100644
--- a/repos/dde_linux/src/app/wireguard/config_model.h
+++ b/repos/dde_linux/src/app/wireguard/config_model.h
@@ -35,28 +35,34 @@ class Wireguard::Config_model
 {
 	private:
 
-		using Key_base64 = Genode::String<WG_KEY_LEN_BASE64>;
+		using Key_base64          = Genode::String<WG_KEY_LEN_BASE64>;
+		using Ipv4_address        = Net::Ipv4_address;
+		using Ipv4_address_prefix = Net::Ipv4_address_prefix;
+		using uint16_t            = Genode::uint16_t;
 
 		class Peer;
 
-		class Config
+		struct Config
 		{
-			private:
+			Key_base64          private_key_b64;
+			uint16_t            listen_port;
+			Ipv4_address_prefix interface;
 
-				Key_base64 const               _private_key_b64;
-				Genode::uint16_t const         _listen_port;
-				Net::Ipv4_address_prefix const _interface;
+			static Config from_xml(Genode::Xml_node const &node)
+			{
+				return {
+					.private_key_b64 = node.attribute_value("private_key", Key_base64 { }),
+					.listen_port     = node.attribute_value("listen_port", (uint16_t)0U),
+					.interface       = node.attribute_value("interface",   Ipv4_address_prefix { })
+				};
+			}
 
-			public:
-
-				Config(Key_base64               private_key_b64,
-				       Genode::uint16_t         listen_port,
-				       Net::Ipv4_address_prefix interface);
-
-
-				Key_base64               const &private_key_b64() const { return _private_key_b64; }
-				Genode::uint16_t                listen_port()     const { return _listen_port; }
-				Net::Ipv4_address_prefix const &interface()       const { return _interface; }
+			bool operator != (Config const &other) const
+			{
+				return (private_key_b64 != other.private_key_b64)
+				    || (listen_port     != other.listen_port)
+				    || (interface       != other.interface);
+			}
 		};
 
 		Genode::Allocator             &_alloc;
@@ -65,32 +71,35 @@ class Wireguard::Config_model
 
 	public:
 
-		Config_model(Genode::Allocator &alloc);
+		Config_model(Genode::Allocator &alloc) : _alloc(alloc) { }
 
 		void update(genode_wg_config_callbacks &callbacks,
-		            Genode::Xml_node            config_node);
+		            Genode::Xml_node     const &config_node);
 };
 
 
-class Wireguard::Config_model::Peer : public Genode::List_model<Peer>::Element
+struct Wireguard::Config_model::Peer : Genode::List_model<Peer>::Element
 {
-	private:
+		Key_base64          const public_key_b64;
+		Ipv4_address        const endpoint_ip;
+		uint16_t            const endpoint_port;
+		Ipv4_address_prefix const allowed_ip;
 
-		Key_base64               _public_key_b64;
-		Net::Ipv4_address        _endpoint_ip;
-		Genode::uint16_t         _endpoint_port;
-		Net::Ipv4_address_prefix _allowed_ip;
+		Peer(Key_base64          public_key_b64,
+		     Ipv4_address        endpoint_ip,
+		     uint16_t            endpoint_port,
+		     Ipv4_address_prefix allowed_ip)
+		:
+			public_key_b64(public_key_b64), endpoint_ip(endpoint_ip),
+			endpoint_port(endpoint_port), allowed_ip(allowed_ip)
+		{ }
 
-	public:
-
-		Peer(Key_base64               public_key_b64,
-		     Net::Ipv4_address        endpoint_ip,
-		     Genode::uint16_t         endpoint_port,
-		     Net::Ipv4_address_prefix allowed_ip);
-
-		Key_base64 public_key_b64() const { return _public_key_b64; }
-
-		bool matches(Genode::Xml_node const &) const;
+		bool matches(Genode::Xml_node const &node) const
+		{
+			return (endpoint_ip    == node.attribute_value("endpoint_ip",   Ipv4_address { }))
+			    && (endpoint_port  == node.attribute_value("endpoint_port", (uint16_t)0U ))
+			    && (public_key_b64 == node.attribute_value("public_key",    Key_base64 { }));
+		}
 
 		static bool type_matches(Genode::Xml_node const &node)
 		{