From f03b42c38b1690e93fd3b3b13311b1c53004b0ec Mon Sep 17 00:00:00 2001
From: elreydetoda <unc741@gmail.com>
Date: Sun, 2 Jun 2019 05:49:49 -0400
Subject: [PATCH] making sure private preshared is right

---
 roles/wireguard/tasks/keys.yml | 62 ++++++++++++++++++++--------------
 1 file changed, 36 insertions(+), 26 deletions(-)

diff --git a/roles/wireguard/tasks/keys.yml b/roles/wireguard/tasks/keys.yml
index a92f847b..58694ee1 100644
--- a/roles/wireguard/tasks/keys.yml
+++ b/roles/wireguard/tasks/keys.yml
@@ -1,5 +1,5 @@
 ---
-- name: Delete the private lock files
+- name: Delete the lock files
   file:
     dest: "{{ config_prefix|default('/') }}etc/wireguard/private_{{ item }}.lock"
     state: absent
@@ -7,15 +7,6 @@
   with_items:
     - "{{ users }}"
     - "{{ IP_subject_alt_name }}"
-    
-- name: Delete the preshared lock files
-  file:
-    dest: "{{ config_prefix|default('/') }}etc/wireguard/preshared_{{ item }}.lock"
-    state: absent
-  when: keys_clean_all|bool
-  with_items:
-    - "{{ users }}"
-    - "{{ IP_subject_alt_name }}"
 
 - name: Generate private keys
   command: wg genkey
@@ -25,27 +16,16 @@
   with_items:
     - "{{ users }}"
     - "{{ IP_subject_alt_name }}"
-    
-- name: Generate preshared keys
-  command: wg genpsk
-  register: wg_genpsk
-  args:
-    creates: "{{ config_prefix|default('/') }}etc/wireguard/preshared_{{ item }}.lock"
-  with_items:
-    - "{{ users }}"
-    - "{{ IP_subject_alt_name }}"
 
 - block:
-  - name: Save keys
+  - name: Save private keys
     copy:
       dest: "{{ wireguard_pki_path }}/private/{{ item['item'] }}"
       content: "{{ item['stdout'] }}"
       mode: "0600"
     no_log: true
     when: item.changed
-    with_items:
-      - "{{ wg_genkey['results'] }}"
-      - "{{ wg_genpsk['results'] }}"
+    with_items: "{{ wg_genkey['results'] }}"
     delegate_to: localhost
     become: false
 
@@ -57,15 +37,45 @@
       - "{{ users }}"
       - "{{ IP_subject_alt_name }}"
   when: wg_genkey.changed
-  
-  - name: Touch the lock file
+
+- name: Delete the preshared lock files
+  file:
+    dest: "{{ config_prefix|default('/') }}etc/wireguard/preshared_{{ item }}.lock"
+    state: absent
+  when: keys_clean_all|bool
+  with_items:
+    - "{{ users }}"
+    - "{{ IP_subject_alt_name }}"
+
+- name: Generate preshared keys
+  command: wg genpsk
+  register: wg_genpsk
+  args:
+    creates: "{{ config_prefix|default('/') }}etc/wireguard/preshared_{{ item }}.lock"
+  with_items:
+    - "{{ users }}"
+    - "{{ IP_subject_alt_name }}"
+
+- block:
+  - name: Save private keys
+    copy:
+      dest: "{{ wireguard_pki_path }}/preshared/{{ item['item'] }}"
+      content: "{{ item['stdout'] }}"
+      mode: "0600"
+    no_log: true
+    when: item.changed
+    with_items: "{{ wg_genpsk['results'] }}"
+    delegate_to: localhost
+    become: false
+
+  - name: Touch the preshared lock file
     file:
       dest: "{{ config_prefix|default('/') }}etc/wireguard/preshared_{{ item }}.lock"
       state: touch
     with_items:
       - "{{ users }}"
       - "{{ IP_subject_alt_name }}"
-  when: wg_preshared.changed
+  when: wg_genpsk.changed
 
 - name: Generate public keys
   shell: |