Use seperate preshared keys for each peer
This commit is contained in:
parent
29a6d82b1d
commit
603718458d
5 changed files with 22 additions and 6 deletions
7
files/wireguard/preshared-desktop.key
Normal file
7
files/wireguard/preshared-desktop.key
Normal file
|
|
@ -0,0 +1,7 @@
|
|||
$ANSIBLE_VAULT;1.1;AES256
|
||||
31633763303266383136656238396431613933313235333363323665643630373330623038646561
|
||||
6634626539313834393432383836306664393431336636640a303231643335396233333766333336
|
||||
65623531306232643661346465373334316364373138633239393432346636646332613166396364
|
||||
3262656238336265660a383138646333643034366262623139363466626439356233353063343461
|
||||
65393564663935633932326365393232303336626435643365353832616333646365316330326362
|
||||
3938346634383630323439323530386561343562363334313333
|
||||
|
|
@ -55,10 +55,16 @@
|
|||
src: 'files/wireguard/server.key',
|
||||
dest: '{{ vpn_server_key_path }}',
|
||||
}
|
||||
- {
|
||||
src: 'files/wireguard/preshared.key',
|
||||
dest: '{{ vpn_preshared_path }}',
|
||||
}
|
||||
|
||||
- name: copy wireguard preshared keys
|
||||
become: true
|
||||
copy:
|
||||
src: '{{ item.preshared_key_source_path }}'
|
||||
dest: '{{ item.preshared_key_path }}'
|
||||
owner: root
|
||||
group: systemd-network
|
||||
mode: '0640'
|
||||
loop: '{{ vpn_peers }}'
|
||||
|
||||
- name: restart systemd-networkd
|
||||
become: true
|
||||
|
|
|
|||
|
|
@ -12,7 +12,7 @@ PrivateKeyFile={{ vpn_server_key_path }}
|
|||
{% for peer in vpn_peers %}
|
||||
[WireGuardPeer]
|
||||
PublicKey={{ peer.public_key }}
|
||||
PresharedKeyFile={{ vpn_preshared_path }}
|
||||
PresharedKeyFile={{ peer.preshared_key_path }}
|
||||
AllowedIPs={{ peer.ip }}/32
|
||||
{% if not loop.last %}
|
||||
|
||||
|
|
|
|||
|
|
@ -8,16 +8,19 @@ vpn_destination_range: '10.0.0.1/32'
|
|||
|
||||
vpn_server_public_key_path: '/etc/wireguard/keys/public/server.pub'
|
||||
vpn_server_key_path: '/etc/wireguard/keys/private/server.key'
|
||||
vpn_preshared_path: '/etc/wireguard/keys/private/preshared.key'
|
||||
|
||||
vpn_peers:
|
||||
- {
|
||||
name: 'desktop',
|
||||
ip: '10.0.0.3',
|
||||
public_key: 'izHzmRwh2yzICps6pFI2Bg3TnmTD66/8uH4loJpkuD4=',
|
||||
preshared_key_path: '/etc/wireguard/keys/private/preshared-desktop.key',
|
||||
preshared_key_source_path: 'files/wireguard/preshared-desktop.key',
|
||||
}
|
||||
- {
|
||||
name: 'laptop',
|
||||
ip: '10.0.0.2',
|
||||
public_key: 'EbWLf2+7x/RymeeiVuX72nZOBqPvdhu2V9pYhszpQEw=',
|
||||
preshared_key_path: '/etc/wireguard/keys/private/preshared-laptop.key',
|
||||
preshared_key_source_path: 'files/wireguard/preshared-laptop.key',
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue