diff options
author | Alex Auvolat <alex@adnab.me> | 2020-05-23 17:16:25 +0200 |
---|---|---|
committer | Alex Auvolat <alex@adnab.me> | 2020-07-15 16:03:51 +0200 |
commit | 3bf830713f95c89caf736fa144f90ba7b6b8147a (patch) | |
tree | 7d6ba4146c3dba9cbc1a144097ac6100fcac2f67 /ansible/roles/network/templates | |
parent | 207d1fa278bc1cb9e8600779287abaffe2ef7746 (diff) | |
download | infrastructure-3bf830713f95c89caf736fa144f90ba7b6b8147a.tar.gz infrastructure-3bf830713f95c89caf736fa144f90ba7b6b8147a.zip |
don't retrieve wireguard privkeys in ansible
Diffstat (limited to 'ansible/roles/network/templates')
-rw-r--r-- | ansible/roles/network/templates/wireguard.conf.j2 | 2 | ||||
-rw-r--r-- | ansible/roles/network/templates/wireguard_external.conf.j2 | 3 |
2 files changed, 3 insertions, 2 deletions
diff --git a/ansible/roles/network/templates/wireguard.conf.j2 b/ansible/roles/network/templates/wireguard.conf.j2 index 9f70eb9..b4a530c 100644 --- a/ansible/roles/network/templates/wireguard.conf.j2 +++ b/ansible/roles/network/templates/wireguard.conf.j2 @@ -1,6 +1,6 @@ [Interface] Address = {{ vpn_ip }} -PrivateKey = {{ wireguard_privkey.stdout }} +PostUp = wg set %i private-key <(cat /etc/wireguard/privkey) ListenPort = 51820 {% for selected_host in groups['cluster_nodes']|difference([inventory_hostname]) %} diff --git a/ansible/roles/network/templates/wireguard_external.conf.j2 b/ansible/roles/network/templates/wireguard_external.conf.j2 index f130ffd..f941446 100644 --- a/ansible/roles/network/templates/wireguard_external.conf.j2 +++ b/ansible/roles/network/templates/wireguard_external.conf.j2 @@ -1,9 +1,10 @@ # Template configuration file for VPN nodes that are non in the cluster +# The private key should be stored as /etc/wireguard/privkey # External nodes should be registered in network/vars/main.yml [Interface] Address = <INSERT YOUR IP HERE, IT SHOULD MATCH THE ONE IN vars/main.yml> -PrivateKey = <INSERT YOUR PRIVKEY HERE, IT SHOULD MATCH THE PUBKEY IN vars/main.yml> +PostUp = wg set %i private-key <(cat /etc/wireguard/privkey) ListenPort = 51820 # Cluster nodes |