1
0
Fork 0

remove all local keys priv and public

This commit is contained in:
Frédéric Bourqui 2019-10-18 19:27:55 +02:00
parent 7007fddf88
commit 847dd3a903
2 changed files with 17 additions and 62 deletions

View file

@ -28,28 +28,10 @@
tags: tags:
- wg-install - wg-install
- name: Create WireGuard public key directory locally
file:
dest: "{{ wireguard_cert_directory }}"
state: directory
owner: "{{ wireguard_cert_owner }}"
group: "{{ wireguard_cert_group }}"
mode: 0755
run_once: true
delegate_to: localhost
tags:
wg-generate-keys
- name: Set WireGuard IP (without mask) - name: Set WireGuard IP (without mask)
set_fact: set_fact:
wireguard_ip: "{{ wireguard_address.split('/')[0] }}" wireguard_ip: "{{ wireguard_address.split('/')[0] }}"
- name: Set path to public key file
set_fact:
public_key_file_path: "{{ wireguard_cert_directory }}/{{ inventory_hostname }}.public.key"
tags:
wg-generate-keys
- name: Register if config/private key already exists on target host - name: Register if config/private key already exists on target host
stat: stat:
path: "{{ wireguard_remote_directory }}/{{ wireguard_interface }}.conf" path: "{{ wireguard_remote_directory }}/{{ wireguard_interface }}.conf"
@ -57,36 +39,12 @@
tags: tags:
- wg-generate-keys - wg-generate-keys
- block: - name: Generate WireGuard private key
- name: Generate WireGuard private key
shell: "wg genkey" shell: "wg genkey"
register: wg_private_key_result register: wg_private_key_result
tags: tags:
- wg-generate-keys - wg-generate-keys
- skip_ansible_lint - skip_ansible_lint
- name: Generate WireGuard public key
shell: "echo '{{ wg_private_key }}' | wg pubkey"
register: wg_public_key_result
tags:
- wg-generate-keys
- name: Set public key fact
set_fact:
wg_public_key: "{{ wg_public_key_result.results[0].stdout }}"
tags:
- wg-generate-keys
- name: Store hosts public key locally
template:
src: "wg-publickey.j2"
dest: "{{ public_key_file_path }}"
owner: "{{ wireguard_cert_owner }}"
group: "{{ wireguard_cert_group }}"
mode: 0644
delegate_to: localhost
tags:
- wg-generate-keys
when: not config_file_stat.stat.exists when: not config_file_stat.stat.exists
- name: Read WireGuard config file - name: Read WireGuard config file
@ -100,9 +58,16 @@
tags: tags:
wg-config wg-config
- name: Read public key - name: Derive WireGuard public key
shell: "echo '{{ private_key }}' | wg pubkey"
register: wg_public_key_result
changed_when: false
tags:
- wg-config
- name: Set public key fact
set_fact: set_fact:
public_key: "{{ lookup('file', public_key_file_path) }}" public_key: "{{ wg_public_key_result.stdout }}"
tags: tags:
wg-config wg-config
@ -143,18 +108,9 @@
state: started state: started
enabled: yes enabled: yes
- name: Look for local private key - name: Delete local cert directory
find:
paths: "{{ wireguard_cert_directory }}"
patterns: "*.private.key"
register: local_private_key_to_delete
delegate_to: localhost
run_once: true
- name: Delete local private key
file: file:
path: "{{ item.path }}" path: "{{ wireguard_cert_directory }}"
state: absent state: absent
with_items: "{{ local_private_key_to_delete.files }}"
delegate_to: localhost delegate_to: localhost
run_once: true run_once: true

View file

@ -1 +0,0 @@
{{hostvars[inventory_hostname]['wg_public_key']}}