don't retrieve wireguard privkeys in ansible

3 files changed, 3 insertions, 6 deletions

diff --git a/ansible/roles/network/tasks/main.yml b/ansible/roles/network/tasks/main.yml
index 59f1d71..28104d0 100644
--- a/ansible/roles/network/tasks/main.yml
+++ b/ansible/roles/network/tasks/main.yml
@@ -43,10 +43,6 @@
 - name: "Secure wireguard private key"
   file: path=/etc/wireguard/privkey mode=0600
 
-- name: "Retrieve wireguard private key"
-  shell: cat /etc/wireguard/privkey
-  register: wireguard_privkey
-
 - name: "Retrieve wireguard public key"
   shell: wg pubkey < /etc/wireguard/privkey
   register: wireguard_pubkey
diff --git a/ansible/roles/network/templates/wireguard.conf.j2 b/ansible/roles/network/templates/wireguard.conf.j2
index 9f70eb9..b4a530c 100644
--- a/ansible/roles/network/templates/wireguard.conf.j2
+++ b/ansible/roles/network/templates/wireguard.conf.j2
@@ -1,6 +1,6 @@
 [Interface]
 Address = {{ vpn_ip }}
-PrivateKey = {{ wireguard_privkey.stdout }}
+PostUp = wg set %i private-key <(cat /etc/wireguard/privkey)
 ListenPort = 51820
 
 {% for selected_host in groups['cluster_nodes']|difference([inventory_hostname]) %}
diff --git a/ansible/roles/network/templates/wireguard_external.conf.j2 b/ansible/roles/network/templates/wireguard_external.conf.j2
index f130ffd..f941446 100644
--- a/ansible/roles/network/templates/wireguard_external.conf.j2
+++ b/ansible/roles/network/templates/wireguard_external.conf.j2
@@ -1,9 +1,10 @@
 # Template configuration file for VPN nodes that are non in the cluster
+# The private key should be stored as /etc/wireguard/privkey
 # External nodes should be registered in network/vars/main.yml
 
 [Interface]
 Address = <INSERT YOUR IP HERE, IT SHOULD MATCH THE ONE IN vars/main.yml>
-PrivateKey = <INSERT YOUR PRIVKEY HERE, IT SHOULD MATCH THE PUBKEY IN vars/main.yml>
+PostUp = wg set %i private-key <(cat /etc/wireguard/privkey)
 ListenPort = 51820
 
 # Cluster nodes