sonny/debian-setup
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Use seperate preshared keys for each peer

Browse source
This commit is contained in:
sonny 2021-12-28 12:28:55 +01:00
parent 29a6d82b1d
commit 603718458d
5 changed files with 22 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

7
files/wireguard/preshared-desktop.key Normal file
View file

@ -0,0 +1,7 @@
$ANSIBLE_VAULT;1.1;AES256
31633763303266383136656238396431613933313235333363323665643630373330623038646561
6634626539313834393432383836306664393431336636640a303231643335396233333766333336
65623531306232643661346465373334316364373138633239393432346636646332613166396364
3262656238336265660a383138646333643034366262623139363466626439356233353063343461
65393564663935633932326365393232303336626435643365353832616333646365316330326362
3938346634383630323439323530386561343562363334313333

0
files/wireguard/preshared.key → files/wireguard/preshared-laptop.key
View file

14
tasks/network.yml
View file

@ -55,10 +55,16 @@
src: 'files/wireguard/server.key', src: 'files/wireguard/server.key',
dest: '{{ vpn_server_key_path }}', dest: '{{ vpn_server_key_path }}',
} }
- {
src: 'files/wireguard/preshared.key', - name: copy wireguard preshared keys
dest: '{{ vpn_preshared_path }}', become: true
} copy:
src: '{{ item.preshared_key_source_path }}'
dest: '{{ item.preshared_key_path }}'
owner: root
group: systemd-network
mode: '0640'
loop: '{{ vpn_peers }}'
- name: restart systemd-networkd - name: restart systemd-networkd
become: true become: true

2
templates/network/wg0.netdev.j2
View file

@ -12,7 +12,7 @@ PrivateKeyFile={{ vpn_server_key_path }}
{% for peer in vpn_peers %} {% for peer in vpn_peers %}
[WireGuardPeer] [WireGuardPeer]
PublicKey={{ peer.public_key }} PublicKey={{ peer.public_key }}
PresharedKeyFile={{ vpn_preshared_path }} PresharedKeyFile={{ peer.preshared_key_path }}
AllowedIPs={{ peer.ip }}/32 AllowedIPs={{ peer.ip }}/32
{% if not loop.last %} {% if not loop.last %}

5
vars/vpn.yml
View file

@ -8,16 +8,19 @@ vpn_destination_range: '10.0.0.1/32'
vpn_server_public_key_path: '/etc/wireguard/keys/public/server.pub' vpn_server_public_key_path: '/etc/wireguard/keys/public/server.pub'
vpn_server_key_path: '/etc/wireguard/keys/private/server.key' vpn_server_key_path: '/etc/wireguard/keys/private/server.key'
vpn_preshared_path: '/etc/wireguard/keys/private/preshared.key'
vpn_peers: vpn_peers:
- { - {
name: 'desktop', name: 'desktop',
ip: '10.0.0.3', ip: '10.0.0.3',
public_key: 'izHzmRwh2yzICps6pFI2Bg3TnmTD66/8uH4loJpkuD4=', public_key: 'izHzmRwh2yzICps6pFI2Bg3TnmTD66/8uH4loJpkuD4=',
preshared_key_path: '/etc/wireguard/keys/private/preshared-desktop.key',
preshared_key_source_path: 'files/wireguard/preshared-desktop.key',
} }
- { - {
name: 'laptop', name: 'laptop',
ip: '10.0.0.2', ip: '10.0.0.2',
public_key: 'EbWLf2+7x/RymeeiVuX72nZOBqPvdhu2V9pYhszpQEw=', public_key: 'EbWLf2+7x/RymeeiVuX72nZOBqPvdhu2V9pYhszpQEw=',
preshared_key_path: '/etc/wireguard/keys/private/preshared-laptop.key',
preshared_key_source_path: 'files/wireguard/preshared-laptop.key',
} }